Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2539
Views
0
Helpful
2
Replies

WCCP and high CPU utilization on the Cisco 2851

cciesec2011
Level 3
Level 3

‎01-24-2010 05:48 PM - edited ‎03-06-2019 09:25 AM

I have a Head Quarter and a remote site running over a OC3 circuit.

On the HQ, I have a Cisco VXR7204 running IOS 12.4.15T(10) Advanced IP Service
and the remote site is a Cisco 2851 also running IOS 12.4.15T(10) Advanced Ip
Service.  The HQ has a Riverbed Steelhead 5050H capable of delivering 100Mbps
WCCP throughput.  The remote site has a Riverbed Steelhead 1050H which can
deliver 10Mbps WCCP throughput.  At the HQ, the LAN network is 192.168.251.0/24.
The Steelhead residing on the 192.168.251.0 network.
At the remote site, the LAN network is 192.168.103.0/24 and 192.168.211.0/24.
The Riverbed resides on the 192.168.103.0/24 network.


Here is the configuration on the HQ side:

ip wccp 90 redirect-list wccp

interface GigabitEthernet0/1
ip address 192.168.251.254 255.255.255.0
ip wccp 90 redirect out
ip wccp 90 redirect in
load-interval 30
duplex auto
speed auto
media-type rj45

ip access-list extended wccp
deny   tcp any any eq telnet
deny   tcp any eq telnet any
deny   tcp any any eq 22
deny   tcp any eq 22 any
deny   tcp any any eq 443
deny   tcp any eq 443 any
deny   tcp any any eq 3389
deny   tcp any eq 3389 any
deny   ip any host 192.168.251.88
deny   ip host 192.168.251.88 any
permit tcp any any

Here is the configuration is on the remote side:

ip wccp 90 redirect-list wccp

interface GigabitEthernet0/1.191
encapsulation dot1Q 191
ip address 192.168.103.253 255.255.255.0
ip wccp 90 redirect out
ip wccp 90 redirect in
standby 191 ip 192.168.103.254
standby 191 priority 105
standby 191 preempt
standby 191 name vlan191
standby 191 track GigabitEthernet0/0
!
interface GigabitEthernet0/1.211
encapsulation dot1Q 211
ip address 192.168.211.253 255.255.255.0
ip wccp 90 redirect out
ip wccp 90 redirect in
standby 191 track GigabitEthernet0/0
standby 211 ip 192.168.211.254
standby 211 priority 105
standby 211 preempt
standby 211 name vlan211

ip access-list extended wccp
deny   tcp any any eq telnet
deny   tcp any eq telnet any
deny   tcp any any eq 22
deny   tcp any eq 22 any
deny   tcp any any eq 443
deny   tcp any eq 443 any
deny   tcp any any eq 3389
deny   tcp any eq 3389 any
deny   ip any host 192.168.103.246
deny   ip host 192.168.103.246 any
deny   ip 192.168.103.0 0.0.0.255 192.168.211.0 0.0.0.255
deny   ip 192.168.211.0 0.0.0.255 192.168.103.0 0.0.0.255
permit tcp any any


When a host on network 192.168.211.0/24 download a file from network
192.168.251.0/24 network via http, the CPU on the Cisco 2851 goes
to 99% utilization and that it stays there for the duration of the
http session.  There is very little traffic goes across the WAN which
is the way it should be but the CPU on the 2851 stays at constant at
99% CPU utilization.

Why would WCCP consume so much CPU on the Cisco 2851?  By the way, I am
only getting about 5Mbps download instead of 90Mbps download, I think
because of the high CPU on the router?

Anyone know why?  Thanks

Labels:
0 Helpful
2 Replies 2

daiton.vovan
Level 1
Level 1

‎11-02-2011 05:43 AM

Do a show proc cpu and see what process is taking up the most cpu cycles. I'm betting it's because traffic is being redirected in and out of the same interface and the router has to use it's cpu to process each packet every time.

Try "ip route-cache same-interface" on your LAN interface on GigabitEthernet0/1.191 and GigabitEthernet0/1.211.

Command

Purpose

ip route-cache same-interface

Enables the fast switching of packets out of the same interface on which they arrived.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-02-2011 08:06 AM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

 

Could be because of your WCCP redirect outs.

If you can manage it, place the Riverbed Steelheads in line so that you don't need to run WCCP at all (as I believe it supports).

PS:

You might find this of interest too.

https://kb.bluecoat.com/index?page=content&id=KB3790&actp=RSS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card