4507R IOS Catalyst - High CPU Utilization due to PBR

Unanswered Question
May 2nd, 2007


i am in a bit of trouble - CPU utilization for a 4507r is around 90% and show platform health, shows

K2FibFlowCache flow 2.00 44.91 10 8 100 500 66 55 32 576:09

it means something wrong with PBR Cache Management, i tried removing route-map and it fixed the issue ; but i need to have that route-map for production and there are not much big ACL for route-map. Traffic for route-map is also in megs instead of gigs.

please help me if someone can. IOS is 12.2.25(SG)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
eofelt Wed, 05/02/2007 - 07:54

Steady-state CPU usage for this box is 32-38 percent.

Is it 90% consistantly or spikes?

K2FibFlowCache is PBR cache management as you already know.

can you post the output of:

#sh platform cpu packet driver

#sh platform cpu packet statistics

#sh proc cpu sorted

I read your statement as not have a large number of ACL's. Is that correct?

shakeelahmadch Wed, 05/02/2007 - 09:51

90% i like constant between (85-99% variation). i have attached the said output.

also ACL is meant for squid (caching) like:

Extended IP access list SQUID

10 deny ip any (3760 matches)

20 deny ip any (1381 matches)

30 deny ip any (4022 matches)

40 deny ip any (578 matches)

50 deny ip any (433856 matches)

60 deny ip any (190 matches)

70 deny ip any (1 match)

80 deny ip any (5 matches)

90 deny ip host any (62957 matches)

100 deny tcp host any eq 443 (883 matches)

110 permit tcp any any eq www (67618 matches)

120 permit tcp any any eq 443 (1591 matches)

130 permit tcp any any eq ftp (8 matches)

140 permit tcp any any eq ftp-data

150 deny ip any any (341 matches)

eofelt Wed, 05/02/2007 - 11:45

Is there a problem? Sure, the 90% is high but CPU usage is not necessarily indicative of a sups forwarding performance.

I assume CEF is on (by default), correct?

If you have not previously Baselined CPU usage at idle, it might be more difficult to determine.

It also seems you have QoS running correct?

(L3 Fwd Low 146597028 11606 7712 5222 4460) - DSCP

Not a problem, but a contributor.

From your first post, you said you actually

removed the route-map correct? Did the cpu usage drop significantly?

If so, it's the route-map with ACL's forcing process switching.

31 53520956 23227972 2304 78.09% 60.56% 42.55% 0 Cat4k Mgmt LoPri

Cat4k Mgmt LoPri process is using the CPU. This indicates that the packets are being process switched.

I don't have a solution at this time, but hopefully this is in the right direction.



This Discussion