I'm battling with a high CPU problem on a Cisco 3825 router (C3825-ADVIPSERVICESK9-M, Version 12.3(14)T7). I have identified packet marking (rate-limit with set-prec-transmit) as the culprit.
When the rate-limiting is enabled, it is marking only about 8mbit of the input traffic. In this configuration, the router's CPU hits 100% at about 140Mbps of combined in/out traffic, and it is unable to handle any more.
When I switch off the rate-limiting, the router passes the required load of about 200mbit/sec with under 30% CPU utilisation.
Should rate-limits be causing such high CPU usage, considering that only a small amount of input traffic is being marked? If so, is there a better strategy to mark packets which will use less CPU? There are about 25 rate-limits marking 25 different ACLs.