cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
623
Views
8
Helpful
11
Replies

Cisco 7206 Drops in traffic every 30sec

gskhanna
Level 1
Level 1

Hi. I finally got bgp setup nicely on 3 routers on our network, but now I am noticing drops in traffic according to my snmp gauges and graphs.

Here is a picture of one of the routers:

http://poor.j3w.com/~tzulo/yipes-graph.jpg

The network topology is quite simple.

3 routers, each with it's own provider, yipes(500mbs over gigabit fiber), cogent 100mbs ethernet, xo 100mbs ethernet.

each are plugged into a coreswitch, which is plugged into 5 other switches in a serial fashion with gigabit fiber uplinks.

R R R

\ | /

Core Switch

|

Switch

|

Switch

According to the picture, it's about every 30seconds.

Anyone have any ideas what it could be? or what I can check?

Next post is the configuration for the Yipes router.

-GK

11 Replies 11

gskhanna
Level 1
Level 1

Cisco Internetwork Operating System Software

IOS (tm) 7200 Software (C7200-JK9O3S-M), Version 12.3(1a), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2003 by cisco Systems, Inc.

Compiled Thu 05-Jun-03 20:57 by dchih

Image text-base: 0x60008954, data-base: 0x621BC000

ROM: System Bootstrap, Version 12.2(8r)B, RELEASE SOFTWARE (fc1)

BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.2(4)BW, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Yipes uptime is 1 week, 3 days, 19 hours, 40 minutes

System returned to ROM by power-on

System image file is "disk2:c7200-jk9o3s-mz.123-1a.bin"

cisco 7206VXR (NPE-G1) processor (revision A) with 245760K/16384K bytes of memory.

Processor board ID 18283191

SB-1 CPU at 700Mhz, Implementation 1, Rev 0.2, 512KB L2 Cache

6 slot VXR midplane, Version 2.0

Last reset from power-on

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

TN3270 Emulation software.

3 Gigabit Ethernet/IEEE 802.3 interface(s)

509K bytes of non-volatile configuration memory.

250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).

16384K bytes of Flash internal SIMM (Sector size 256K).

Configuration register is 0x2102

Yipes#sh run

Building configuration...

Current configuration : 12667 bytes

!

version 12.3

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname Yipes

!

boot system disk2:c7200-jk9o3s-mz.123-1a.bin

logging buffered informational

logging console informational

enable secret 5

!

username map privilege 15 nopassword

clock timezone GMT 0

no ip subnet-zero

no ip rcmd domain-lookup

!

!

ip nbar port-map custom-01 tcp 3389

ip name-server x.x.214.166

ip name-server x.x.214.162

!

ip cef

ip audit notify log

ip audit po max-events 100

ip accounting-threshold 400

ip accounting-list 0.0.0.0 255.255.255.255

mpls ldp logging neighbor-changes

no ftp-server write-enable

!

!

no crypto isakmp enable

!

!

!

!

!

!

!

!

!

!

no voice hpi capture buffer

no voice hpi capture destination

!

!

!

!

class-map match-any an1

match protocol icmp

match protocol ssh

match protocol custom-01

match protocol pcanywhere

!

!

policy-map niceping

description Reduced latency Pings by giving minimum bandwidth for ICMP and SSH.

class an1

priority 30000 40000

class class-default

!

!

!

!

interface GigabitEthernet0/1

description Yipes Link

ip address

no ip redirects

no ip proxy-arp

ip accounting access-violations

duplex full

speed 1000

media-type gbic

no negotiation auto

no mop enabled

!

interface GigabitEthernet0/2

ip address LAN IP

and about 50 gateway ips secondary

ip access-group 151 in

ip access-group 151 out

no ip proxy-arp

ip accounting output-packets

no ip mroute-cache

ip policy route-map yipes-only

duplex full

speed 1000

media-type gbic

no negotiation auto

!

interface GigabitEthernet0/3

no ip address

no ip mroute-cache

shutdown

duplex full

speed 1000

media-type gbic

negotiation auto

!

interface Group-Async0

physical-layer async

no ip address

!

interface Group-Async1

physical-layer async

no ip address

!

router bgp

bgp log-neighbor-changes

neighbor remote-as

neighbor remote-as

neighbor remote-as 6517

!

address-family ipv4

neighbor activate

neighbor next-hop-self

neighbor activate

neighbor next-hop-self

neighbor activate

neighbor soft-reconfiguration inbound

neighbor distribute-list 110 out

no auto-summary

no synchronization

network mask 255.255.224.0

exit-address-family

!

ip classless

ip route 0.0.0.0 0.0.0.0 ebgp neighbor (next hop)

ip route x.x.224.0 Null0 250

no ip http server

no ip http secure-server

ip access-list extended icmp

deny icmp any any

permit ip any any

remark Blocks ICMP in/out

logging trap debugging

logging

access-list compiled

access-list 102 permit icmp any any echo

access-list 102 permit icmp any any echo-reply

access-list 102 permit icmp any any unreachable

access-list 110 permit ip host host 255.255.224.0

access-list 120 permit ip any

access-list 120 remark Outbound traffic shaping.

access-list 151 deny udp any any range 135 netbios-ss

access-list 151 deny tcp any any range 135 139

access-list 151 deny tcp any any eq 445

access-list 151 deny tcp any any eq 593

access-list 151 deny tcp any any eq 4444

access-list 151 permit tcp any any

access-list 151 permit udp any any

access-list 151 permit ip any any

access-list 151 remark MS-Blast-Netbios blocking

priority-list 1 protocol ip high tcp www

priority-list 1 protocol ip high list 199

priority-list 1 protocol ip high tcp 22

priority-list 1 protocol ip normal tcp ftp

priority-list 1 protocol ip low tcp smtp

priority-list 2 protocol ip low tcp smtp

!

route-map yipes-only permit 5

match ip address 120

set ip next-hop

!

snmp-server community 123321 RW

snmp-server enable traps tty

snmp-server enable traps stun

snmp-server enable traps bstun

!

!

!

!

!

!

gatekeeper

shutdown

!

alias exec ct conf t

alias exec sib show ip inter brief

!

line con 0

exec-timeout 0 0

password

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 0 0

password

login

!

!

!

end

Also:

Yipes#sh processes

CPU utilization for five seconds: 45%/42%; one minute: 52%; five minutes: 51%

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

1 Cwe 606FF9B8 0 1 0 5604/6000 0 Chunk Manager

2 Csp 6072B6C0 1580 186752 8 2612/3000 0 Load Meter

3 ME 606568C4 13816 5714 2417 8924/12000 0 Exec

4 M* 0 924 729 1267 8924/12000 2 Virtual Exec

5 Mwe 617F91E4 0 1 023504/24000 0 EDDRI_MAIN

6 Lst 6070C298 5803712 304456 19062 5624/6000 0 Check heaps

7 Cwe 60712234 192 964 199 5568/6000 0 Pool Manager

8 Lwe 60627C58 0 1 0 5764/6000 0 AAA_SERVER_DEADT

9 Mst 6064D15C 0 2 0 5564/6000 0 Timers

10 Mwe 60010900 0 2 0 5560/6000 0 Serial Backgroun

11 Mwe 60230ADC 0 2 0 5564/6000 0 ATM Idle Timer

12 Mwe 602B2074 0 2 0 8560/9000 0 ATM AutoVC Perio

13 Mwe 602B1AD8 0 2 0 5564/6000 0 ATM VC Auto Crea

14 Mwe 60623204 0 2 0 5552/6000 0 AAA high-capacit

15 Msi 607BF9E4 68184 927452 73 5280/6000 0 EnvMon

16 Mwe 607C4D94 0 1 0 8604/9000 0 OIR Handler

17 Mwe 607D8C7C 88 15577 5 5672/6000 0 IPC Dynamic Cach

18 Mwe 607D1DF8 0 1 0 5632/6000 0 IPC Zone Manager

19 Mwe 607D1B3C 1168 927265 1 5708/6000 0 IPC Periodic Tim

20 Mwe 607D1AE0 744 927265 0 5704/6000 0 IPC Deferred Por

21 Mwe 607D1BE8 0 1 0 5596/6000 0 IPC Seat Manager

22 Mwe 607D3FCC 0 1 0 5632/6000 0 IPC BackPressure

23 Lwe 6082889C 6905912 39402935 175 4044/6000 0 ARP Input

24 Mwe 60A8F748 1632 186650 8 5656/6000 0 HC Counter Timer

25 Mwe 60B094D0 0 2 0 5552/6000 0 DDR Timers

26 Lwe 60D6DB84 0 2 0 5536/6000 0 Entity MIB API

27 Mwe 60016424 0 1 0 5628/6000 0 SERIAL A'detect

28 Msp 60686920 1136 927263 1 5612/6000 0 GraphIt

29 Mwe 60B23A58 0 2 011568/12000 0 Dialer event

30 Cwe 607146E8 0 1 0 5624/6000 0 Critical Bkgnd

31 Mwe 606B1EB8 1024040 191921 533510420/12000 0 Net Background

32 Lwe 6063FD84 24 750 3210088/12000 0 Logger

33 Mwe 606623F0 1900 927260 2 4972/6000 0 TTY Background

34 Msp 606C2094 5652 927989 6 8328/9000 0 Per-Second Jobs

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

35 Mwe 6080B550 0 1 0 2592/3000 0 Inode Table Dest

36 Mwe 6080B5D4 0 1 0 2652/3000 0 OIR Refresh Proc

37 Hwe 601813CC 0 1 0 5768/6000 0 CSP Timer

38 Hst 604FB718 0 1 0 5788/6000 0 SONET alarm time

39 Mwe 6133CB18 0 2 0 5572/6000 0 VSI Master

40 Hwe 61AE019C 0 2 0 5576/6000 0 VNM DSPRM MAIN

41 Msp 61FF04F8 644 927268 0 8744/9000 0 ISA Common Helpe

42 Mwe 61FF5F10 0 1 0 5632/6000 0 Multi-ISA Event

43 Mwe 61FF5E94 0 1 0 5644/6000 0 Multi-ISA Cleanu

44 Mwe 603BE7B4 0 1 0 5600/6000 0 CES Line Conditi

45 Mwe 607C8FF0 0 2 0 5640/6000 0 Flash MIB Update

46 Hwe 6020BF00 0 2 011552/12000 0 ATM OAM Input

47 Hwe 6020A07C 0 2 010972/12000 0 ATM OAM TIMER

48 Mwe 605C07D0 140 9 15555 5252/6000 0 TurboACL

49 Mwe 606E55E0 0 2 0 5556/6000 0 AAA Server

50 Mwe 606E7788 0 1 0 5732/6000 0 AAA ACCT Proc

51 Mwe 606E7880 0 1 0 5744/6000 0 ACCT Periodic Pr

52 Mwe 6078E21C 0 2 0 5580/6000 0 AAA Dictionary R

53 Mwe 6085CE04 31311400 117161092 26710032/12000 0 IP Input

54 Mwe 60880BE0 0 1 0 5748/6000 0 ICMP event handl

55 Mwe 60983EE8 6876 112409 61 5252/6000 0 CDP Protocol

56 Mwe 60A4B06C 0 1 011740/12000 0 SSS Manager

57 Mwe 60A4DDEC 772 124451 611644/12000 0 SSS Test Client

58 Mwe 60ABDCD4 0 3 011584/12000 0 PPP Hooks

59 Mwe 60B4AB18 72 4663 15 5484/6000 0 MOP Protocols

60 Lwe 60F1EF34 0 1 0 5300/6000 0 X.25 Encaps Mana

61 Mwe 60FC6658 0 2 011588/12000 0 KRB5 AAA

62 Mwe 613C0F98 0 1 0 5736/6000 0 AC Mgr

63 Mwe 61628B84 0 1 011704/12000 0 VPDN call manage

64 Mwe 6090C5FC 1935400 15760 122804 7456/9000 0 IP Background

65 Hwe 609125B8 418100 464582 899 8036/9000 0 IP RIB Update

66 Mwe 60D6469C 0 2 0 5740/6000 0 SNMP Timers

67 Mwe 60ABDCD4 0 2 011588/12000 0 PPP IP Route

68 Mwe 60ABDCD4 0 2 011584/12000 0 PPP IPCP

69 Mrd 60840BC4 7976 673385 1110184/12000 0 TCP Timer

70 Lwe 60845B50 160 537 29710860/12000 0 TCP Protocols

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

71 Hwe 608F1970 0 1 0 5760/6000 0 Socket Timers

72 Mwe 608CA2A8 4 3120 1 8536/9000 0 HTTP CORE

73 Mwe 608A6B74 0 1 0 5628/6000 0 RARP Input

74 Mwe 60833458 2316 10688 216 5352/6000 0 DHCPD Receive

75 Lsi 6097ACA0 360 15558 23 5264/6000 0 IP Cache Ager

76 Mwe 60D0FF5C 0 1 023612/24000 0 COPS

77 Mwe 60A541E4 0 2 0 5548/6000 0 PPP SSS

78 Mwe 60ABDCD4 0 2 0 5584/6000 0 PPP Bind

79 Hwe 60F2C178 0 1 0 5612/6000 0 PAD InCall

80 Mwe 60EF1478 0 2 011560/12000 0 X.25 Background

81 Mwe 611E14A0 196160 16411 11952 4744/6000 0 Adj Manager

82 Lwe 611D0E78 7536840 1518079 4964 5088/6000 0 CEF process

83 Mwe 6128E6F0 0 2 0 5584/6000 0 Tag Input

84 Mwe 6128E6F0 0 2 0 5588/6000 0 Tag Input

85 Mwe 6135EBBC 0 1 0 5724/6000 0 AToM manager

86 Mwe 61366D14 0 3 0 5580/6000 0 AToM switching m

87 Mwe 61361D58 0 1 0 5736/6000 0 AToM LDP manager

88 Mwe 613DB604 0 1 0 5768/6000 0 Inspect Timer

89 Mwe 614030B8 0 2 0 5568/6000 0 URL filter proc

90 Mwe 61410888 4 3119 1 5672/6000 0 Authentication P

91 Mwe 6141A28C 0 1 0 5732/6000 0 Auth-proxy AAA B

92 Mwe 6141AFF0 0 1 0 5772/6000 0 IDS Timer

93 Mwe 6161C898 0 2 0 5564/6000 0 Dialer Forwarder

94 Mwe 61D9B650 1872 927452 2 5576/6000 0 RUDPV1 Main Proc

95 Mwe 61D933BC 0 1 0 5748/6000 0 bsm_timers

96 Msi 61D903A0 584 927267 0 5720/6000 0 bsm_xmt_proc

97 Hwe 61DC7F24 0 2 0 5584/6000 0 RLM groups Proce

98 Mwe 61EB81EC 0 3 023516/24000 0 gk process

99 Mwe 61F4FBE0 0 1 023560/24000 0 Border Element p

100 Hwe 61FBE9E4 0 1 0 5468/6000 0 Crypto HW Proc

101 Lwe 6217A86C 0 1 0 5620/6000 0 XSM_EVENT_ENGINE

102 Lsi 62178328 320 93320 311740/12000 0 XSM_ENQUEUER

103 Lsi 6217B590 156 93320 111748/12000 0 XSM Historian

104 Mwe 606F2070 0 2 0 5584/6000 0 LOCAL AAA

105 Mwe 606F3F9C 0 2 0 5588/6000 0 ENABLE AAA

106 Mwe 606F43A8 0 2 0 5584/6000 0 LINE AAA

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

107 Mwe 60C186FC 0 2 0 5576/6000 0 TPLUS

109 Mwe 61A34A6C 0 2 0 5324/6000 0 ASNL

110 Mwe 61B37988 0 2 0 5588/6000 0 VSP_MGR

111 Mwe 61FAD888 0 2 0 5564/6000 0 Crypto Support

112 Mwe 60161D9C 100 37428 2 5572/6000 0 CRM_CALL_UPDATE_

113 Mwe 6199F39C 0 1 023732/24000 0 VoIP AAA

114 Mwe 61A25524 0 1 0 5600/6000 0 QOS_MODULE_MAIN

115 Mwe 61A34360 0 1 023588/24000 0 RPMS_PROC_MAIN

116 Hwe 61A5AAD8 4 1 4000 8424/9000 0 CCVPM_HTSP

117 Mwe 61A762A0 0 1 0 5604/6000 0 CCVPM_R2

118 Mwe 61B16134 0 1 0 5640/6000 0 CCSWVOICE

119 Mwe 61B55A2C 0 1 0 5484/6000 0 sssapp

120 Mwe 61D0FC1C 0 1 0 5552/6000 0 http client proc

121 ME 606568C4 2332 669 3485 8972/12000 4 Virtual Exec

122 Mwe 61F4E4AC 0 2 0 3368/6000 0 Proxy Session Ap

123 Mwe 61FA82BC 0 1 011628/12000 0 Encrypt Proc

124 Mwe 61FA91A4 0 1 0 7600/8000 0 Key Proc

125 Mwe 62081604 0 4 0 6852/8000 0 Crypto CA

126 Mwe 620D98B8 0 1 0 7632/8000 0 Crypto SSL

127 Mwe 62039E9C 0 11 018460/24000 0 Crypto ACL

128 Mwe 62032808 0 2 011596/12000 0 Crypto Delete Ma

129 Mwe 620030FC 956 62228 1511216/12000 0 Crypto IKMP

130 Mwe 61FF81CC 656 46674 14 3360/6000 0 IPSEC key engine

131 Mwe 61FF8A40 0 1 0 5684/6000 0 IPSEC manual key

132 Mwe 61FB2798 0 1 0 5728/6000 0 CRYPTO QoS proce

133 Msi 6037DB3C 256 93336 2 5600/6000 0 RMON Recycle Pro

134 Mwe 60387FB0 0 2 0 5588/6000 0 RMON Deferred Se

135 Mwe 603FFF9C 0 1 0 5496/6000 0 SYSMGT Events

136 Mwe 6061C418 0 2 0 5556/6000 0 AAA SEND STOP EV

137 Mwe 610204D4 0 1 0 5648/6000 0 Syslog Traps

138 Lwe 62167F88 0 2 0 5524/6000 0 IpSecMibTopN

139 Mwe 60372448 0 1 0 5476/6000 0 RMON Packets

140 Mwe 61075C10 180 15577 11 5560/6000 0 SAA Event Proces

141 Mwe 6165F89C 0 1 0 5596/6000 0 VPDN Scal

142 Lsi 61A8B268 1148 926597 1 5736/6000 0 trunk conditioni

143 Hwe 61A8C654 0 1 0 5628/6000 0 trunk conditioni

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

144 Hwe 606C1C04 100312 3651528 27 5612/6000 0 Net Input

145 Csp 606B7464 1136 186754 6 5592/6000 0 Compute load avg

146 Msp 606C20F4 336604 17109 19674 5564/6000 0 Per-minute Jobs

147 Mwe 6183EF58 68 7798 8 4704/6000 0 CC-API_VCM

148 Mwe 61F46348 18340 8993201 258620/60000 0 CCPROXY_CT

149 Lwe 611D06AC 424 32359 13 5440/6000 0 CEF Scanner

151 Lwe 608448E0 8 72 111 5436/6000 0 TCP Listener

152 Lwe 6089C934 740460 4634324 15910624/12000 0 IP SNMP

153 Mwe 60D68BE4 223312 2363343 9411400/12000 0 PDU DISPATCHER

154 Mwe 60D687D4 1758180 2369185 74210516/12000 0 SNMP ENGINE

155 Lwe 60A83044 0 1 011640/12000 0 SNMP ConfCopyPro

156 Mwe 60D64E74 0 1 011612/12000 0 SNMP Traps

157 Mwe 603E7068 0 1 0 5652/6000 0 xcpa-driver

158 Mwe 608FAA88 32 7797 4 5672/6000 0 DHCPD Timer

159 Msi 6090761C 968 264437 3 5056/6000 0 DHCPD Database

160 ME 60B5FC50 1419284 3991711 355 6280/9000 0 BGP Router

161 ME 60B50CC4 120808 3055361 39 4516/6000 0 BGP I/O

162 Lsi 60B5947C 44510460 208370 213614 6576/9000 0 BGP Scanner

I'm not sure why I get this. I do know some people that run game servers see udp drop out during that time.

This is really frustrating cause it's happening on all 3 routers. And I finally got all 3 setup quite nicely with bgp inbound and outgoing policing/shaping and proper advertisements etc.. :(

Thanks,

-GK

I also noticed this under

show process cpu sorted

CPU utilization for five seconds: 47%/44%; one minute: 52%; five minutes: 52%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

53 31331176 117235492 267 2.12% 1.63% 1.61% 0 IP Input

-GK

I would, first, check a show alignment, and see what it reports. If this comes up clean, then I would suspect some process is running periodically which might be cause a cpu spike, and possibly dropped traffic. One thing that makes me suspicious on this count is that the average cpu utilization is just a bit higher than your current average--52% vs 47%--so it looks like you have something periodically driving the cpu up, then letting it go, making the average a bit higher than what you see when you look at it.

I would try watching the cpu more closely, and trying to catch the process that's causing the spike. show proc cpu sorted is your friend here, run once every 7 or 8 seconds (not on even intervals). When you see the cpu util jump to something much higher, I'd guess 70 or 80%, then the top process should be the one you're after.

Now, beyond this, it might not be cpu util at all. Check all of your interfaces to make certain you're not seeing a lot of drops, etc., as well.

Russ.W

show alignment is clean on all the routers.

The biggest cpu loads i see are:

162 45905800 214635 213889 30.72% 3.82% 2.73% 0 BGP Scanner

53 32404396 120935409 267 2.21% 1.77% 1.87% 0 IP Input

6 5993828 314441 19061 3.35% 0.45% 0.34% 0 Check heaps

odd tho, on another router that has more drops I see:

CPU utilization for five seconds: 50%/48%; one minute: 49%; five minutes: 49%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

47 10757504 67115 160291 2.03% 0.34% 0.20% 0 IP Background

62 33901344 3520100 9630 0.81% 0.52% 0.51% 0 CEF process

16 37254792 159270178 233 1.22% 0.73% 0.74% 0 ARP Input

3 156 128 1218 0.65% 0.10% 0.02% 2 Virtual Exec

116 127045532 659656 192595 13.73% 2.78% 2.80% 0 BGP Scanner

114 9457636 29632245 319 1.72% 0.19% 0.09% 0 BGP Router

Note. The processes pasted above are not all from the same time, but different times when each were at their highest over a 1 minute period.

BGP scanner does seem to drive it up for about 3-5 seconds. But i'd figure that's normal. But the drops I'm seeing is just horrible.

on our Yipes main interface i see:

Input queue: 0/75/1/14 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 66894000 bits/sec, 50636 packets/sec

5 minute output rate 397254000 bits/sec, 64690 packets/sec

no drops.

on our yipes lan interface i see

Input queue: 0/75/130/1 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 490604000 bits/sec, 86424 packets/sec

5 minute output rate 162302000 bits/sec, 70790 packets/sec

Another odd thing is, during the drops in the graph, their is no real change in the process cpu. even when BGP Scanner is high , 30%, speed/latency is fine.

What else can it be? I notice all 3 seem to be doing it around the same time too.

BGP Scanner is one of the "usual suspects" here. See this URL:

http://www.cisco.com/warp/public/459/highcpu-bgp.html

That said, your router is running fairly close to the edge of recommended max CPU utilization (60%) even without BGP scanner adding to your woes. Some notes on possible ways to reduce CPU usage:

1) You appear to by trying to force selected subnets to be routed out of Yipes. Try to use BGP localpref to influence your choice of gateway rather than policy routing. This shifts the cost of implementing your policy to once during occasional BGP route recalculation rather than 71,000 times a second in the IP output path. It would also notify your iBGP peers of your policy override with no additional configuration, ensuring that traffic to those routes would flow out of Yipes no matter which of your routers it arrived at.

2) Your Yipes router appears to be having to "turn around" a fair amount of traffic which needs to go to the other routers, which might be a waste of its time. If your "core switch" is layer 3 capable and has a fair amount of RAM, you might consider having it play traffic cop between the three routers.

3) Increasing the input queue size moderately might smooth out some of the packet loss but isn't really a fix for the root cause, high CPU utilization. Try this:

Router(config)# interface GigabitEthernet0/2

Router(config-if)# hold-queue 150 in

4) Do you really need 'ip accounting output-packets' on Gig0/2? Try removing it.

1) never used bgp local preference, do you have an example I can base my config off of?

2) no layer3 core switch yet.. :(

3) input queue is usually 0/0 tho.

4) only reason that's there is for us to lookup ips to see what's getting a DOS attack. Else what are some other ways to find out what ip is being attacked? Kind of new at this, but it's a major pain at my employment to find the victim ip. Most are Distributed DOS ICMP attacks. some tcp floods tho.

Thanks for your help..

-GK

1) There are some docs on CCO which explain localpref and a couple of ways of setting it. See:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm#4957

For your case, instead of using AS-path, you want to set up an ACL or prefix-list to match specific routes. You need to match an existing BGP route in your route-map and then 'set local-preference 200' or whatever. Then your router will prefer that route over any other received route unless it has a better local-preference, regardless of AS-path length. It will also advertise that local-preference to its iBGP neighbors and they will act on the updated local-preference as well. Be sure to apply that route map to your Yipes BGP neighbor.

3) Usually 0/0 and always 0/0 are different things. You are dropping during very short bursts of high CPU usage. Really you want to drop your CPU utilization somehow to make this less necessary, but the input queue is there to keep you from dropping packets on the floor if you're too busy to service the queue right that instant. As speed goes up, and 500Mb/s is pretty speedy, that input queue can fill up really damn fast if there's some process hanging onto the CPU too long.

4) Try disabling it at least to take a benchmark to see if it's causing the problem. If it is, try to use it only while you're troubleshooting problems.

We actually diagnoised that it was a core switch that the main router was connecting to that was causing the problems (Yipes 500mbs was okay). However, the other two seem to still be dropping low during: BGP Scanner as it goes up 31% every 30 seconds. Is their a way to reduce the load that BGP Scanner puts on the router? It's only happening on our two 7206 300mhz routers, our main one is a 700mhz one and it handles it okay.

-GK

This happened to us also:

We had recently started accepting the full BGP routing table from one of our upstreams.

BGP scanner was causing high-cpu once a minute.

Enabling cef appears to have fixed the issue.

Regards,

MB

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco