Re: High Utilization of the Router CPU

walee · ‎05-29-2003

Hi,

We encounter a high CPU utilization problem when users run the multi-thread download program. It seems that the program will generate thousands of connections to the server with different client ports. However, some servers cannot accept too many connections. Thousands of requests are rejected or ignored but the program seems continuously sending these requests and trying to occupy all available sessions on the server.

As the router need to handle thousands of useless requests or flows, the effect is just like the DOS attacks which use up all available resources on the network, such as the machine CPU time, bandwidth and network equipment processing power. Although most of routers can handle a large volume of traffic, it is quite sensitive to the number of PPS. You can imagine that if there are four to five users simultaneously running these programs, the border router may be overloaded.

Do you have any suggestion on this issue?

Thanks in advance.

Walter

hbaerten · ‎05-30-2003

I must admit I have no praticial experience with regard to this subject, but I would look into rate-limiting the SYN packets (on the router closes to the user).

Have a look at http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html#rate_limit_tcp_syn

If you know the port number(s) the download program uses, you can modify the accesslist to only ratelimit syn packets to these ports.

Hope this helps

Herbert

sachin · ‎05-30-2003

First of all, to get the CPU utilization back to normal , clear all NAT translations.

As this multithreaded pgm doesnot use fixed port number ,blocking of port will not help.But to get rid of this problem use the feature NBAR.

Regard,

sachin