Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
0
Helpful
4
Replies

4507R IOS Catalyst - High CPU Utilization due to PBR

shakeelahmadch
Level 1
Level 1

‎05-02-2007 06:57 AM - edited ‎03-05-2019 03:48 PM

Guys,

i am in a bit of trouble - CPU utilization for a 4507r is around 90% and show platform health, shows

K2FibFlowCache flow 2.00 44.91 10 8 100 500 66 55 32 576:09

it means something wrong with PBR Cache Management, i tried removing route-map and it fixed the issue ; but i need to have that route-map for production and there are not much big ACL for route-map. Traffic for route-map is also in megs instead of gigs.

please help me if someone can. IOS is 12.2.25(SG)

Labels:
0 Helpful
4 Replies 4

bjornarsb
Level 4
Level 4

‎05-02-2007 07:27 AM

Hi,

Have you tried some of the troubleshooting Tools to Analyze the Traffic Destined to the CPU

Please have a look at this URL:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml#tools

Regards

Bjornarsb

0 Helpful

eofelt
Level 1
Level 1

‎05-02-2007 07:54 AM

Steady-state CPU usage for this box is 32-38 percent.

Is it 90% consistantly or spikes?

K2FibFlowCache is PBR cache management as you already know.

can you post the output of:

#sh platform cpu packet driver

#sh platform cpu packet statistics

#sh proc cpu sorted

I read your statement as not have a large number of ACL's. Is that correct?

0 Helpful

shakeelahmadch
Level 1
Level 1
In response to eofelt

‎05-02-2007 09:51 AM

90% i like constant between (85-99% variation). i have attached the said output.

also ACL is meant for squid (caching) like:

Extended IP access list SQUID

10 deny ip any 10.0.0.0 0.255.255.255 (3760 matches)

20 deny ip any 128.100.0.0 0.0.255.255 (1381 matches)

30 deny ip any 172.0.0.0 0.255.255.255 (4022 matches)

40 deny ip any 192.0.0.0 0.255.255.255 (578 matches)

50 deny ip any 197.0.0.0 0.255.255.255 (433856 matches)

60 deny ip any 201.0.0.0 0.255.255.255 (190 matches)

70 deny ip any 128.101.0.0 0.0.255.255 (1 match)

80 deny ip any 150.235.0.0 0.0.255.255 (5 matches)

90 deny ip host 197.7.75.55 any (62957 matches)

100 deny tcp host 197.7.75.117 any eq 443 (883 matches)

110 permit tcp any any eq www (67618 matches)

120 permit tcp any any eq 443 (1591 matches)

130 permit tcp any any eq ftp (8 matches)

140 permit tcp any any eq ftp-data

150 deny ip any any (341 matches)

Preview file
31 KB
0 Helpful

eofelt
Level 1
Level 1
In response to shakeelahmadch

‎05-02-2007 11:45 AM

Is there a problem? Sure, the 90% is high but CPU usage is not necessarily indicative of a sups forwarding performance.

I assume CEF is on (by default), correct?

If you have not previously Baselined CPU usage at idle, it might be more difficult to determine.

It also seems you have QoS running correct?

(L3 Fwd Low 146597028 11606 7712 5222 4460) - DSCP

Not a problem, but a contributor.

From your first post, you said you actually

removed the route-map correct? Did the cpu usage drop significantly?

If so, it's the route-map with ACL's forcing process switching.

31 53520956 23227972 2304 78.09% 60.56% 42.55% 0 Cat4k Mgmt LoPri

Cat4k Mgmt LoPri process is using the CPU. This indicates that the packets are being process switched.

I don't have a solution at this time, but hopefully this is in the right direction.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card