Huge Boot Time on BD8800

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hi everybody,

We have some problems about our new BD88K boot time ≈ 40 min

We have 29 policys (1000 ACLs) on production, however with the same configuration on our previous BD10K, the boot time lasted 5 min.

We have the same problem with these versions:
Primary ver:                    
Secondary ver:   

During the boot, a show slot command display "ACL sync".

Furthermore, a show slot give:

Slots    Type                 Configured           State       Ports  Flags-------------------------------------------------------------------------------
Slot-1   8900-40G6X-xm        8900-40G6X-xm        Operational   24   MB
Slot-2   8900-10G24X-c        8900-10G24X-c        Operational   24   MB
Slot-3   8900-10G24X-c        8900-10G24X-c        Operational   24   MB
Slot-4                                             Empty          0
Slot-5                                             Empty          0
Slot-6                                             Empty          0
Slot-7   G48Tc                G48Tc                Operational   48   MB
Slot-8                                             Empty          0
Slot-9   8900-G48X-xl         8900-G48X-xl         Operational   48   MB
Slot-10  8900-G48X-xl         8900-G48X-xl         Operational   48   MB
MSM-A    8900-MSM128                               Operational    0
MSM-B    8900-MSM128                               Operational    0

Do you have any information about this problem?

Best Regards,

Network Engineer
Photo of Loic Pasquiet

Loic Pasquiet

  • 100 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Esa Kuusisto

Esa Kuusisto

  • 310 Points 250 badge 2x thumb
Are you using ACLs bind to port or VLAN. In VLAN it takes more time. Then if you are using counters and counters are per port installation takes long time.

XL module install is much quicker that non XL (I have 8900 with XL modules and 24X + 96p. Install time non XL and XL is about three to four times longer). I made feature request long time ago that switch should first boot up, start forwarding traffic and then start applying ACLs.

Solution for now is now to uninstall ACLs, reboot and then install ACLs.

This is not a problem. It works as designed :)
Photo of Chad Smith

Chad Smith, Senior Escalation Support Engineer

  • 5,536 Points 5k badge 2x thumb
Loic Pasquiet,

As Esa has stated, large policy files can increase the boot time of the 8800.  Rules that have counters can also increase the boot time.  Uninstalling and re-installing the ACLs is a potential workaround.

If you would like to open up a support case with the GTAC, we could investigate potential ways to improve the boot time on your BlackDiamond.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 11,968 Points 10k badge 2x thumb
Missed that thread :)

for further reference, we improved the boot time down to 6mn or so creating a single .pol instead of multiple separated files, and applied as any. We suspected TCAM shifting happening, explaining the long boot time.

Some other optimization have been made in the rules, as well.
Photo of Drew C.

Drew C., Community Manager

  • 36,004 Points 20k badge 2x thumb
Nice work!  Thanks for coming back with an update :)
Photo of Loic Pasquiet

Loic Pasquiet

  • 100 Points 100 badge 2x thumb
Yes, we now understand better the functioning of the new hardware. I regret that your partner has missed it. This forced us to completely rewrite our policy!
We are thus 300 lines instead of thousands. Remain positive. After losing a week, the migration could resume.