Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

utl
New Member

High CPU Utilisation - Routers

Hi All,

I have a setup of nearly 25 and odd 3640 routers and some 7206 routers. on 3640 router i have two ethernet interfaces. user's LAN is connected to only one interface and other one is redundant.

Problem is that when the user LAN is connected to interface CPU utilisation is more than 90% and there are lot of collisions in LAN. when i disconnect the LAN from router, it is ok.

I suspect propagation of some virus such as Nimda and Bug bear. is it Correct? if not can any of u educate me the solution for this

WBR

Manoj Reddy

5 REPLIES
Silver

Re: High CPU Utilisation - Routers

When you turn on the FE segment enable ip accounting , this will give source & dest pairs , look for 1 packet being sent to multiple locations usually in succession that are the same byte size , usually small like 76 bytes

Cisco Employee

Re: High CPU Utilisation - Routers

It definitely looks like the router is being killed by traffic, maybe an attack as you suspect.

Try to identify the packets using a sniffer or IP accounting though be careful with accounting not to kill the router as the CPU is quite high already.

utl
New Member

Re: High CPU Utilisation - Routers

yes some sort virus is propagating thru the network.

when checked the ip cache fo router with "sh ip cache", i found lot of invalid entries such as 10.37.112.1,10.37.112.2,10.37.112.3.....

the list goes on like that. but that 10.37.112.0 network not at all exists any where in our network.

seems like it is nimda virus .

any suggestions to restrict that at router level.

thank you

Manoj

Re: High CPU Utilisation - Routers

hi manoj

if u r sure thats due to Nimda virus then find out the extension of files thru which its affecting and creating unecessary traffic..

then u can create a class map ,policy map in which u can block the files with the extension used by Nimda.

bind the same map on u r FE.

I havent tried this yet but hope this may help u ..

Class-map match-any virus-files

match protocol http url "*xxxx.ext*"

policy-map mark-virus

class virus-files

set ip dscp 1

interface fastethernet 0

service-policy input mark-virus

but now a days we r seeing n number of viruses daily for which we cant block all of them...

regds

prem

utl
New Member

Re: High CPU Utilisation - Routers

i have even done that.

but the CPU uitilization is still high. its coming to normal position when i disconnect the particular hosts, broadcosting virus from the LAN.

able to find out the culprit systems in LAN using a packet sniffer.

thank u for ur reply prem

Manoj

118
Views
3
Helpful
5
Replies