ERROR: Total CPU Utilization is at 99% for the past 5 seconds, which is very high
(>90%).
This can cause the following symptoms:
 - Input queue drops
 - Slow performance
 - Slow response in Telnet or unable to Telnet to the router
 - Slow response on the console
 - Slow or no response to ping
 - Router doesn't send routing updates
The following processes are causing excessive CPU usage:
 PID	CPU Time	Process
  28	37.83%		IP Input
TRY THIS: If IP Input is consuming the CPU, one of the following might be
the cause:
 - Fast switching is disabled on an interface (or interfaces) that has a lot of
   outgoing traffic. Examine the output of the 'show interfaces switching'
   command to see which interface is burdened with traffic. Re-enable fast
   switching on that interface.
 - TCP Intercept is enabled. TCP Intercept requires process switching for all
   packets during session set-up.
 - Fast switching is disabled on an interface which supports more than one
   network and is routing traffic between them. This can occur when an interface
   has one or more secondary network addresses configured.
   INFO: The router will process switch all packets sourced from the interface
   and destined to host(s) off the same interface which is a CPU-intensive task.
   Use the 'ip route-cache same-interface' interface configuration command to
   allow packets to be fast switched on the same interface.
 - Traffic that can't be fast switched is arriving. This could be any of the
   following types of traffic:
    * Packet for which there is no entry yet in the switching cache.
      INFO: If there is a device in the network which is generating lots of
      packets at an extremely high rate for devices reachable through the
      router and is using different source or destination ip addresses, there
      won't be a match for these packets in the switching cache, so they will
      be processed by the IP Input process. This source device can be a
      malfunctioning device or a device attempting a Denial-of-Service (DOS)
      attack.
    * Packets destined for the router (ie. Routing Updates or a Spoof Attack)
    * IP packets with options
    * Packets that require protocol translation
    * Multilink PPP
    * Packets that require policy routing.
      INFO: IOS versions 11.3 and higher allow policy-routed packets to be
      fast switched.
      Use the 'ip route-cache policy' interface configuration command to allow
      policy-routed packets to be fast switched.
    * Packets going through serial interfaces with X.25 encapsulation. In the
      X.25 protocol suite, flow control is implemented in layer 2 of the OSI model.
    * Compressed traffic. If there's no Compression Service Adapter (CSA) in the
      router, compressed packets must be process-switched.
    * Encrypted traffic. If there's no Encryption Service Adapter (ESA) in the
      router, encrypted packets must be process-switched.
 - A lot of packets, arriving at an extremely high rate, for a destination in a
   directly attached subnet, for which there is no entry in the ARP table. This
   shouldn't happen with TCP traffic, because of the windowing mechanism, but it
   can happen with UDP traffic.
 - A lot of multicast traffic going through the router. Unfortunately, there's
   no easy way to examine the amount of multicast traffic. If you've configured
   multicast routing on the router, you can enable fast switching of multicast
   packets using the 'ip mroute-cache' interface configuration command (fast
   switching of multicast packets is off by default).
 - A lot of broadcast traffic. Check the number of broadcast packets in the
   'show interfaces' command output.
 - Too much traffic is passing through the router. If the router is over-used
   and is incapable of handling this amount of traffic, try distributing the
   load among other routers or consider purchasing a high-end router.
 - IP NAT is configured on the router and there are lots of DNS packets going
   through the router. UDP or TCP packets with source and/or destination port
   53 (DNS) are always punted to process level by NAT.
 - Check who's logged on to the router and what they are doing. If someone is
   logged on and is issuing commands that produce long output, the high CPU
   utilization by the IP input process will be followed by a much higher CPU
   utilization by the virtual EXEC process.