Cisco Support Community
Community Member

High CPU utilization due to high ARP Input process


One of the Cat 6500 VSS switches have been experiencing high cpu peaks for sometime. On analysis it was observed that it was due to high 'ARP Input' process. There are no static routes configured in this switch, no incomplete ARP entries or any inferences of DoS attack.

DIST_SW>sh proc cpu

CPU utilization for five seconds: 98%/31%; one minute: 79%; five minutes: 37%

PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process

   5    39583544   2366177      16728  0.00%  0.24%  0.36%   0 Check heaps

   8   234378596 161314924       1452 61.43% 45.63% 17.09%   0 ARP Input

  20   1373772961296358745        105  0.00%  0.53%  0.53%   0 IPC Seat Manager

I suspect it could be due to "proxy-arp" turned on by default under the  interfaces and arranging to disable it. I've also started engaging server teams to verify if the subnet mask & default-gateway are configured correctly in all the servers along with any static routes configured pointing to a NIC as next-hop.

UK_PR_DIST_02>sh ip traffic | b ARP

ARP statistics:

  Rcvd: 1752882295 requests, 30808911 replies, 3228 reverse, 0 other

  Sent: 4517117 requests, 1450623731 replies (1437736195 proxy), 0 reverse

  Drop due to input queue full: 0

Apart from proxy-arp is there anything that I need to check?

Super Bronze

Re: High CPU utilization due to high ARP Input process


Maybe try a packet cap to see what is generating all the ARP packets...


Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Community Member

Re: High CPU utilization due to high ARP Input process

Hi, thanks for your reply. I had already sniffed the traffic and shared ip /mac addr of hosts innolved in ARP broadcasts. However server admin didnt find any anamoly with the NIC settings. Disabling proxy ARP is more of protecting switches from being hit by ARP storm.

CreatePlease to create content