cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1190
Views
0
Helpful
6
Replies

3560 cpu utilization

danletkeman
Level 1
Level 1

For some reason I have one switch that has very high utilization. Average is about 25% but i has gone as high as 60%. I'm not sure why this switch is doing this? It was a replacement for a 3550EMI and is doing nothing different. I have attached the sh process cpu from the switch. Are the numbers supposed to add up? I can't seem to find anything over 0.28%

6 Replies 6

cpembleton
Level 4
Level 4

Anywhere between 20%-50% is considered normal. Attached output looks fine. What your seeing won't have any effect on it's switching ability. Would not worry unless it is causing an issue.

The new switch may have more services running then your old one. Disabled un-used services.

If you start seing high IP input see the link below.

http://www.cisco.com/en/US/customer/products/hw/routers/ps359/products_tech_note09186a00801c2af3.shtml

Hope this helps.

Chad

Please rate if this helps!

I have never seen high utilization on the IP Input. I can always recreate the high utilization by doing a file transfer from one port to another. I have two vlan's configured on the switch (500, 250) and i'm transfering from a workstation(vlan 500) to a server(vlan 250).

Here is my config for the vlan's, route-map's and the access lists for the route-maps. The reason for the route-maps is to route certain subnets and hosts to different internet connections. The access-lists are setup in such a way that if any ip is trying to access any of my internal networks (10.50.0.0/16, 10.51.0.0/16, 192.168.0.0/16) its deny'd from the access-list. I'm wondering if this could be the cause of the problem because each and every packet has to be checked by the route-map/access-lists? If so is there a better way to configure this type of a setup? I have 5 dsl lines connected to this switch and there are more access-lists and route-maps for those as well.

interface Vlan250

ip address 192.168.25.5 255.255.255.0

ip policy route-map dsl01

!

interface Vlan500

ip address 192.168.50.5 255.255.255.0

ip policy route-map dsl01

!

!

!

route-map dsl01 permit 6

match ip address inet-wiband

set ip next-hop 10.51.5.2

!

route-map dsl01 permit 7

match ip address techws

set ip next-hop 10.51.5.2

!

route-map dsl01 permit 8

match ip address techncmail

set ip next-hop 10.51.4.2

!

route-map dsl01 permit 9

match ip address servers

set ip next-hop 10.51.5.2

!

route-map dsl01 permit 10

match ip address inet

set ip next-hop 10.51.1.2

!

!

!

ip access-list extended inet

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

deny ip any 10.90.0.0 0.0.255.255

permit ip any any

ip access-list extended servers

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

permit ip host 192.168.25.10 any

permit ip host 192.168.25.11 any

ip access-list extended techncmail

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

permit ip host 192.168.25.25 any

ip access-list extended techws

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

permit ip host 192.168.50.52 any

*********see attachment for sh process cpu command**********

Hope this makes sense. Any ideas or help would be appreciated!

Thanks,

Dan.

Hello Dan

Please find the output intepreter results.. This can give you some good insight of the problem, if any....

Let us know if you need any more help on this..

Raj

Hi,

As mentioned by the output interpretor results posted by Rajagopal, it appears that the cpu is spending lot of time on handling interrupts.

By any chance do you have a debug running on the switch/console. Try the "show debug" command to see if you have turned on anything. If so, turn the debug off.( undebug all)

Try to follow this document and collect the outputs from your switch, to examine the reason for the high cpu utilisation spend for interrupts

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_tech_note09186a00800a65d1.shtml#spurious_interrupts

You can check the output gathered with the command mentioned in the above document with the cisco output interpretor which may assist you to troubleshoot further.

Hope this helps.

-VJ

sachinraja,

Thank you for the document, it makes more sense now what is happening. Also I do not have access to the output intepreter on cisco's site. Is the tool able to tell me what might be going on with the switch? How would I access it?

vijayasankar,

There is no debugging turn on. I have look at this page, but the "show alignment" command does not seem to be available on this switch. Unless something else needs to be enabled first?

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_tech_note09186a00800a65d1.shtml#spurious_interrupts

This is the first time i've had a problem with a switch. Thanks for helping.

Dan.

I have determined that it is definitely the PBR routing that is causing the problem. I setup two different vlan's both didn't have any pbr routing happening and when I did a file copy between those two vlan's the sh process cpu command never displayed over 10% utilization.

Here is my config.

I'm pbr routing traffic thats not destined for any internal network to one of the 5 dsl Linux dsl router that are connected to this switch. Is there a more simple way to accomplish the same output and use less cpu power? I would prefer not to have to buy any hardware but if I had to I could put in a router or something of that nature.

Any ideas would be greatly appreciated!

Thanks,

Dan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: