03-26-2013 06:57 AM
We have two routers, a Brocade FESX6 FULL Layer 3 and a SuperX Full Layer 3 both firmware 7.202h. We've installed 12 ip cameras in a Vlan manage by the FESX6. There is a Ve with no ACL. Traffic is routed to camera server and security PC in a vlan manage by the SuperX elsewhere ont the campus. There are 2 videos Streams per camera for recording and viewing. We're not using Multicast as we don't need it as this point. each stream is going to 1 server or 1 PC. Traffic is configured in unicast UDP for all cameras. The problem is that CPU on the FESX6 is running about 50% all the time. If I disable the virtual interface, cpu goes down to 1-2%. "dm raw" show many packets going to the CPU from the cameras to the ve. "show process cpu" command show about 10% to IP Process and 1% for other processes. Can someone explain to me why those 12 cams use as much as cpu on this router and in wich process thos cpu cycle are used. On the SuperX, CPU is quite calm to 1%.
03-26-2013 06:00 PM
Have you disabled MAC learning or are they jumbo sized frames? Both of these would cause the packets to be forwarded to the CPU.
Also if this is the PoE model you can try "no legacy -inline-power"
03-27-2013 07:04 AM
thanks for replying to me. We didn't disable mac learning. There are no jumbo frames configuration on any of our router/switch/IPcams and the MTU value are 1500 on the router and on the IP camera (where options is available). I discover something playing with "dm raw" yesterday. As traffic from 4 of the IP cams that are connected through port 24 on the FESX6 router don't go to CPU (nothing at all) and that all the rest of IP Cams connected through port 2 or 3 goes trough CPU, I suspect maybe something with my configuration for those ports triggers something that lead traffic to CPU. We use DHCP snooping for some Vlans and ethe 1 to 3 are trusted ports. We didn't enable snooping for the camera vlan but it is the only difference for those two groups of port so maybe I could disable enable-ACL-per-port-per-vlan to see if it change something. Cams are the same models, same configuration and same firmware.
I'll post if there are new development.
Thanks a lot.
03-28-2013 10:38 AM
According to some tests I did this morning, it seems to be related to the FESX6. I disable the virtual interface of the IP cams and use the secondary gateway (another FESX6) with VRRP to route the cams traffic in another building before going to servers. On that router, all the cams but maybe not all traffic where going to cpu and it goes up from 5% to 70%. Previously, 4 cams were'nt going to CPU at all. Using "dm raw", I saw traffic from some clients to active directory servers or to Internet too (dport 445 and 80). I check with a third FESX6 router, and saw the same pattern with some traffic. On our SuperX router, our main router, there was no traffic of that kind . I saw vrrp, broadcast traffic only.
Did I miss something ? Why some known traffic are going to CPU and some not ?