Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

High CPU Utilization IP Input Process

I recently joined an organisation and started to monitor the network. I soon found that one of the routers had an average utilization of around 50% and often peaked into the high 90's. To confirm this I checked the router with a sh processes cpu which seemed to confirm the findings and indicated that the IP Input was the biggest cause with 30% utilization.

I would have downloaded the Output Interpreter but I did not have the necessary rights. I've downloaded the document on troubleshooting this problem but was hoping that somebody had already experienced this problem and could give me more direct information.

Many thanks.

Bill

4 REPLIES
New Member

Re: High CPU Utilization IP Input Process

Perform ip accounting to get the top talker, then shut him off. Recheck utilization, if it goes down, you found the culprit

New Member

Re: High CPU Utilization IP Input Process

Verify if the interfaces works in process-switching mode (no ip route-cache) or in fast-switching mode.

You can execute a "show int stat" or a "show interface switching" to check it that.

New Member

Re: High CPU Utilization IP Input Process

hi,

the first thing i would do is to configure "ip cef" in global-config command.

if pakets are process-switched and you configure

"ip cef" the util should decrease to the half of before.

New Member

Re: High CPU Utilization IP Input Process

this might be due to some DoS attack or some virus propagation.

enable flow switching (for a moment ) with the command "ip route-cache flow" in interface configuration mode. enable this on your ethernet interface.

the give the follwoing command

"sh ip cahe flow"

this will show you the active conversation through that interface.

so u can find out the source and destination port numbers(will be in Hexadecimal format) of the active traffic flow.

investigate whether all the traffic is genuine.i.e it is being initiated by the end user explicitly.

block any suspectable flow after confirmation from the end user.

plz let me know the result.

remeber this is also a processor intensive and use it for few moments only. it may casue router to stop responding, if you enabled it for a long time with CPUs utilization already being above 60%.

plz update us the results.

manoj

6913
Views
5
Helpful
4
Replies
CreatePlease to create content