3825 High CPU Problem

Unanswered Question
Mar 19th, 2008
User Badges:

Hi everyone

I'm battling with a high CPU problem on a Cisco 3825 router (C3825-ADVIPSERVICESK9-M, Version 12.3(14)T7). I have identified packet marking (rate-limit with set-prec-transmit) as the culprit.

When the rate-limiting is enabled, it is marking only about 8mbit of the input traffic. In this configuration, the router's CPU hits 100% at about 140Mbps of combined in/out traffic, and it is unable to handle any more.

When I switch off the rate-limiting, the router passes the required load of about 200mbit/sec with under 30% CPU utilisation.

Should rate-limits be causing such high CPU usage, considering that only a small amount of input traffic is being marked? If so, is there a better strategy to mark packets which will use less CPU? There are about 25 rate-limits marking 25 different ACLs.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Thu, 03/20/2008 - 00:52
User Badges:
  • Blue, 1500 points or more


There might be overlapping ip address between 25 ACLs. Can you post your config?



osiristrading123 Thu, 03/20/2008 - 01:18
User Badges:

Unfortunately I cannot post the config because the addresses are all public. Would overlapping ACLs cause this problem?

Danilo Dy Thu, 03/20/2008 - 03:17
User Badges:
  • Blue, 1500 points or more

Most likely, try to remove rate-limit with overlapping ACL (or amend your ACL) and re-apply it to the interface.

paolo bevilacqua Thu, 03/20/2008 - 14:33
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Could "access-list compiled" possibly help in this situation ?

osiristrading123 Fri, 03/21/2008 - 04:05
User Badges:

Thanks! That has reduced the CPU significantly. What are the drawbacks to using this command?

Joseph W. Doherty Fri, 03/21/2008 - 04:32
User Badges:
  • Super Bronze, 10000 points or more

One might be that this feature possibly isn't supposed to be on that platform.

At least on the 28xx series, it existed on the early 12.4 mainline releases but was later "fixed" (pulled). Queried TAC about this "fix", and was told it was pulled because the feature isn't supported on the lower end router platforms.

Otherwise, the only "negative" I've seen with it on any platform is its usage of some additional RAM.


From http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dttacl.html

"Supported Platforms

•Cisco 7200 series routers

•Cisco 7500 series routers



This Discussion