Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3750x high cpu hulk and crypto

Dear All,

 

We have a stack of two 3750x switches.

IOS 15.0.2SE02

 

Looking at the CPU usage I found the following:

 

      578757975788577757767778668976766875799875699986676777676887766766795086
      655962145612706544336550879201862386685399919920809060899282596444499009
  100                                      **     **                     * *
   90   *   *                   **         **    ***            *        * *
   80  ***  *  ***  **    ****  **  *  ** *****  ****     *  * ** *      * *
   70  *** *** *** *** ** ********* ** ** ***** ***** ****************  ** *
   60 **************** *****************************************************
   50 **********************************************************************
   40 **********************************************************************
   30 ######################################################################
   20 ######################################################################
   10 ######################################################################
     0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
               0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)

 

In order to find the spikes origin I configured a simple event monitor and found the following:

 

 

CPU utilization for five seconds: 75%/0%; one minute: 35%; five minutes: 33%

 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process

  40     4570503      276760      16514 45.28%  3.62%  0.75%   0 crypto sw pk pro

 178  1232406781   146765075       8397 19.20% 19.84% 19.83%   0 Hulc LED Process

 

For what I know the Hulk process is normal on stacks. When I insert a simple "show run" or a "write" the CPU spikes but I read that it is normal and do not affect the switching process.

"crypto sw pk pro" looks to be related to ssh but on our configuration there is nothing related to encryption and ssh access to vty is disabled:

 

line vty 0 4
 logging synchronous
 login local
 transport input telnet
line vty 5 15
 logging synchronous
 login local
 transport input telnet
!

 

Have you any idea?

 

thanks,

Paolo

 

Everyone's tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Gold

Kindly try IOS version 15.0(2

Kindly try IOS version 15.0(2)SE4.

Hall of Fame Super Gold

I wouldn't touch 15.0(2)SE6

I wouldn't touch 15.0(2)SE6 even if my life depended on it.  It's as buggy as he11.  

 

The MOST STABLE IOS for the 3750-series of switches is 12.2(55)SE8 or SE9.  This is closely followed by 15.0(2)SE4. 

 

The rest of the IOS published ... let's just say I tested them all ... only for a few minutes before I had to quickly and urgently roll back.  wink

6 REPLIES
Hall of Fame Super Gold

Kindly try IOS version 15.0(2

Kindly try IOS version 15.0(2)SE4.

New Member

What about SE6 ?

What about SE6 ?

Hall of Fame Super Gold

I wouldn't touch 15.0(2)SE6

I wouldn't touch 15.0(2)SE6 even if my life depended on it.  It's as buggy as he11.  

 

The MOST STABLE IOS for the 3750-series of switches is 12.2(55)SE8 or SE9.  This is closely followed by 15.0(2)SE4. 

 

The rest of the IOS published ... let's just say I tested them all ... only for a few minutes before I had to quickly and urgently roll back.  wink

New Member

One more question.Checking on

One more question.

Checking on the download area the SE6 has a "star". The star means that this release is suggested by Cisco for its quality, stability and longevity.

For your experience, why should Cisco suggest this IOS if it's buggy?

The bug toolkit doesn't if you don't have a quality system used to test it... We have just the production stack.

 

Paolo

Hall of Fame Super Gold

Because Cisco cannot test all

Because Cisco cannot test all their IOS versions with all scenarios.  The factors are just overwhelming. 

 

They just pick an IOS and test it and make changes until it's "stable".  Might be stable in one network scenario but could by a psychopath in another.

Hall of Fame Super Gold

Thanks for taking the time to

Thanks for taking the time to rate our posts.  :)

432
Views
5
Helpful
6
Replies
CreatePlease login to create content