cpu usage goes high on cisco 7606 router while applying PBR.

Unanswered Question
Feb 6th, 2009
User Badges:

Hi

Please help me for the following case. We need to resolve it ASAP.

While applying pbr on the isp router for diverting a traffic to other isp cpu usage goes very high.


s72033-ipservicesk9_wan-mz.122-18.SXF7.bin

------------------------

CPU UTILIZATION ANALYSIS

------------------------

INFO: Total CPU Utilization is comprised of process and interrupt percentages.

Total CPU Utilization: 99%

Process Utilization: 34%

Interrupt Utilization: 65%

These values are found on the first line of the output:

CPU utilization for five seconds: x%/y%; one minute: a%; five minutes: b%

Total CPU Utilization: x%

Process Utilization: (x - y)%

Interrupt Utilization: y%

Process Utilization is the difference between the Total and Interrupt; x minus

y. The one and five minute utilizations are exponentially decayed averages (rather

than an arithmetic average), therefore recent values have more influence on the

calculated average.

ERROR: Total CPU Utilization is at 99% for the past 5 seconds, which is very

high (>90%).

This can cause the following symptoms:

- Input queue drops

- Slow performance

- Slow response in Telnet or unable to Telnet to the router

- Slow response on the console

- Slow or no response to ping

- Router doesn't send routing updates

The following processes are causing excessive CPU usage:

PID CPU Time Process

117 29.97 IP Input

TRY THIS: If IP Input is consuming the CPU, one of the following might be the

cause:

- Traffic that can't be fast switched is arriving. This could be any of the

following types of traffic:

* Packet for which there is no entry yet in the switching cache.

INFO: If there is a device in the network which is generating lots

of packets at an extremely high rate for devices reachable through the

router and is using different source or destination ip addresses, there

won't be a match for these packets in the switching cache, so they will

be processed by the IP Input process. This source device can be a

malfunctioning device or a device attempting a Denial-of-Service (DOS)

attack.

* Packets destined for the router (ie. Routing Updates or a Spoof Attack)

* IP packets with options

* Compressed traffic. If there's no Compression Service Adapter (CSA) in

the router, compressed packets must be process-switched.

* Encrypted traffic. If there's no Encryption Service Adapter (ESA) in the

router, encrypted packets must be process-switched.

- A lot of packets, arriving at an extremely high rate, for a destination in

a directly attached subnet, for which there is no entry in the ARP table.

This shouldn't happen with TCP traffic, because of the windowing mechanism,

but it can happen with UDP traffic.

- A lot of multicast traffic going through the router. Unfortunately, there's

no easy way to examine the amount of multicast traffic. The 'show

interfaces' output reflects the amount of multicast traffic received and

does not include the amount sent.

Enable fast switching of multicast packets using the 'ip mroute-cache'

interface configuration command (fast switching of multicast packets is off

by default).

- Too much traffic is passing through the router. Try distributing the

load among other routers or consider purchasing a high-end router.

- Check who's logged on to the router and what they are doing. If someone is

logged on and is issuing commands that produce long output, the high CPU

utilization by the IP input process will be followed by a much higher CPU

utilization by the virtual EXEC process. Be sure that debugs are off by

issuing the 'show debug' command.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 02/06/2009 - 02:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Amit,

post your PBR configration not all options are supported on PFC you are probably causing traffic to be process switched and so the high cpu usage caused by IP input


Also I wonder if tuning BGP configuration could make you achieve the desired result without using PBR.


Hope to help

Giuseppe


Actions

This Discussion