7206 VXR NPE-G1 throughput

Tue Feb 11 21:03:34 UTC 2014

We run 7206 NPE-G1s on some GigE peering points.  At about 800Mbps of
aggregate Internet traffic (inbound + outbound, as measured from Cacti)
the CPU sits around 70%.

- inbound and outbound Internet-facing ACLs (50 lines and 25 lines
respectively, turbo ACL)
- Inbound Internet-facing policy-map to remark DSCP (references 7-line ACL)
- minimal routes via BGP (approx 1500)
- 15.1 SP train

YMMV, but they work well for us in this scenario.  With
downstream-to-upstream traffic patterns of approx 7-to-1 the GigE and CPU
will peak out at about the same time.

Side note - our G2s at that same 800Mbps traffic rate run at approx 60%

On 2/11/14 2:10 AM, "Geraint Jones" <geraint at koding.com> wrote:

>Or assuming your using an Ethernet of some sort as your upstream
>connections you could grab something like a CCR from mikrotik for < $1k
>and sleep easy knowing you're only using 6% of it's capacity.
>> On 11/02/2014, at 3:52 pm, Octavio Alvarez <alvarezp at alvarezp.ods.org>
>>> On 02/10/2014 06:05 PM, Vlade Ristevski wrote:
>>> Are you suggesting getting the default gateway from both providers or
>>> getting the full table from one and using the default as a backup on
>>> other (7206)?
>> Whatever suits you best. Test and see. I'd just receive the full table
>> anyway but filter them out, letting only the default routes go into the
>> RIB. This should streamline your FIB. As I say, you lose outbound load
>> balancing and your redundancy becomes all-or-nothing, but you save a few
>> cycles.
>> Again, I wouldn't recommend any of this because of the drawbacks, but
>> along with other recommendations that others have made, like Turbo ACLs,
>> it may buy you some time.

