High CPU

Unanswered Question
Jan 21st, 2009

Hi ALL:

I see high cpu due to encrypt process on my router what could be the possible reasons.

Chao

Vishwa

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
patrickvanham Wed, 01/21/2009 - 01:18

An IPSec tunnel would be a likely cause. Is there one or more IPSec tunnel(s) configured?

vishwancc Wed, 01/21/2009 - 01:38

Hi Patrick ,

There is only one tunnel configured.

could you suggest any document informing about the encrypt procees,since i am using ipsec i am pretty sure it have to do something with that .

Chao

Vishwa

Joseph W. Doherty Wed, 01/21/2009 - 04:24

Software encryption will often consume much CPU with little encrypted traffic. If you don't have a hardware encryption, you'll want to consider obtaining it (if supported on you platform). If you have hardware encryption, insure it's being used (which is the default, I believe, but I also believe it can be configured to be not used).

vishwancc Wed, 01/21/2009 - 04:34

Hi Jose,

I am using 2651XM and some how i belive that it will use that much process.

My config for IPSEC is:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key xxxxxx address x.x.x.1

crypto isakmp identity hostname

!

!

crypto ipsec transform-set rtpset-3des esp-3des esp-md5-hmac

mode transport

crypto ipsec df-bit clear

!

crypto map VPN1 1 ipsec-isakmp

set peer x.x.x.1

set security-association lifetime seconds 1200

set transform-set rtpset-3des

match address VPN-Traffic

interface FastEthernet0/1

ip address x.x.x.2 255.255.255.252

speed 100

full-duplex

crypto map VPN1

How could i tell if it is hardware switched or software switched.

Chao

Vishwa

pauloroque Wed, 01/21/2009 - 05:23

Hi Chao,

I am using the same 2651XM for IPSec VPN. I had the same problem. The router hits 98% utilization with traffic as low as 200kbps. But it still support 1500kbps without causing further problems. I don't have a vpn hw and 2620XM is not sold anymore. Since this vpn traffic is the only traffic in this router, I've been using it without users' complaints.

Cisco used to sell an VPN AIM for this router. Look at the 'sh version' output to see if you have a VPN Module, if not, check if you can get one.

PRoque

Actions

This Discussion