Thank you for your answer.

I will do this in the morning.

Hello,

I haven't got topology change on the network.

Regards.

do you have BGP running on the router&

Could you describe your router, what services are running?

Hello,

Thank you for your answer.

There is no BGP on the router.

I have opened a case and the engineer resolve my problem (very quickly!)

I insert the important informations, without named IP.

Action 1

From current show tech I can see that no interface is dropping traffic and also that lots of traffic is sent to the CPU to be software switched.

First of all we need to understand the nature of the traffic sent to the CPU.

About the trigger can you confirm that also this time High CPU occurred after having disabled mls qos?

Action Plan:

Please get me the following outputs:

Show clock

Show mls qos

Show process cpu sorted | e 0.00%

Sh ibc

Sh ip traffic (taken 3 times with ~30 seconds interval)

Show interface switching (taken 3 times with ~30 seconds interval)

Show interfaces

If during these captures CPU was still high (ONLY IF CPU WAS HIGH) please also perform a Debug netdr

Debug netdr capture rx

After 30 seconds undebug netdr capture

show netdr captured-packets - Please send me all the packets you captures this way.

Action 2

It seems that some traffic in vlan 5 (quite a bit) is being routed to the same interface it was received from.

Before giving you a possible solution I would like to verify my findings.

Please send me following outputs:

Sh ip route A.B.C.D

Sh ip cef A.B.C.D det

Sho mls cef lookup A.B.C.D

Sh ip route A.B.C.D

Sh ip cef A.B.C.D det

Sho mls cef lookup A.B.C.D

Sh ip route A.B.C.D

Sh ip cef A.B.C.D det

Sho mls cef lookup A.B.C.D

In any case traffic is always either sourced or destined from/to subnet A.B.C.D/24.

It would be great if you could also get me another CPU capture, this time in the other direction (previous capture was taken for traffic going TO the CPU now I would like to see the traffic coming back FROM the CPU).

deb netdr clear-capture (to clear the capture buffer)

Debug netdr capture tx

And again after a few seconds “show netdr captured-packets”

NOTE: Please perform the previous netdr capture only after you verify that CPU is still high. So you run again a

SWITCH6513#Show process cpu sorted | e 0.00%

Action3

Actually all the prefixes are in the routing table.

You have a static route for X.Y.Z.A/24 and a default routes for the other prefixes.

All of them point to next hop A.B.C.D in same vlan.

Therefore packets enter the router in vlan5 through GiX/Y and exit in vlan5 though Gi5/16 > high CPU expected under this condition.

All the captures you sent me confirmed my findings.

You can lower CPU by issuing the command: mls rate-limit unicast ip icmp redirect 0.

That should solve this High CPU condition.

Anyway the question would be “why does the traffic follow this path”? Is this expected? Is it your design that requires that?

As you can see this kind of routing is not optimal.

Action plan:

Configure “mls rate-limit unicast ip icmp redirect 0” and check CPU utilization afterwards.

I want to congratulate the Cisco engineer which have found a solution.

Best regards.

Hello rpratapa,

thank you wor your answer. You will find the solution on the previous answer.

Best regards.