Please help me for the following case. We need to resolve it ASAP.
While applying pbr on the isp router for diverting a traffic to other isp cpu usage goes very high.
CPU UTILIZATION ANALYSIS
INFO: Total CPU Utilization is comprised of process and interrupt percentages.
Total CPU Utilization: 99%
Process Utilization: 34%
Interrupt Utilization: 65%
These values are found on the first line of the output:
CPU utilization for five seconds: x%/y%; one minute: a%; five minutes: b%
Total CPU Utilization: x%
Process Utilization: (x - y)%
Interrupt Utilization: y%
Process Utilization is the difference between the Total and Interrupt; x minus
y. The one and five minute utilizations are exponentially decayed averages (rather
than an arithmetic average), therefore recent values have more influence on the
ERROR: Total CPU Utilization is at 99% for the past 5 seconds, which is very
This can cause the following symptoms:
- Input queue drops
- Slow performance
- Slow response in Telnet or unable to Telnet to the router
- Slow response on the console
- Slow or no response to ping
- Router doesn't send routing updates
The following processes are causing excessive CPU usage:
PID CPU Time Process
117 29.97 IP Input
TRY THIS: If IP Input is consuming the CPU, one of the following might be the
- Traffic that can't be fast switched is arriving. This could be any of the
following types of traffic:
* Packet for which there is no entry yet in the switching cache.
INFO: If there is a device in the network which is generating lots
of packets at an extremely high rate for devices reachable through the
router and is using different source or destination ip addresses, there
won't be a match for these packets in the switching cache, so they will
be processed by the IP Input process. This source device can be a
malfunctioning device or a device attempting a Denial-of-Service (DOS)
* Packets destined for the router (ie. Routing Updates or a Spoof Attack)
* IP packets with options
* Compressed traffic. If there's no Compression Service Adapter (CSA) in
the router, compressed packets must be process-switched.
* Encrypted traffic. If there's no Encryption Service Adapter (ESA) in the
router, encrypted packets must be process-switched.
- A lot of packets, arriving at an extremely high rate, for a destination in
a directly attached subnet, for which there is no entry in the ARP table.
This shouldn't happen with TCP traffic, because of the windowing mechanism,
but it can happen with UDP traffic.
- A lot of multicast traffic going through the router. Unfortunately, there's
no easy way to examine the amount of multicast traffic. The 'show
interfaces' output reflects the amount of multicast traffic received and
does not include the amount sent.
Enable fast switching of multicast packets using the 'ip mroute-cache'
interface configuration command (fast switching of multicast packets is off
- Too much traffic is passing through the router. Try distributing the
load among other routers or consider purchasing a high-end router.
- Check who's logged on to the router and what they are doing. If someone is
logged on and is issuing commands that produce long output, the high CPU
utilization by the IP input process will be followed by a much higher CPU
utilization by the virtual EXEC process. Be sure that debugs are off by
issuing the 'show debug' command.