What is the baseline CPU utilization? Are you getting high CPU alerts intermittently? A one-off CPU spike doesn't mean much--if the condition persist over a period there can/will be a problem. From your original post, the "show proc cpu sort 5sec" output seems normal.
Your NPEG1 and memory load out should handle your BGP table without a problem. I check Cisco Bug Search Tool and couldn't find an open case.
What is the peak throughput your seeing on that box? Can you correlate the Hi CPU condition with peak traffic flows through the device? What other services are you running on that device?
Looking at your "show proc" confirms your original report, BGP Scanner runtime is very high. Here are some things you can try:
Reduce the routes you accept from your upstream ISP; you can filter on ASN or prefix
Insure CEF is enabled on all interfaces ( "ip cef" global config command )
Disable BGP Next-hop tracking ( in router bgp mode, "no bgp nexthop trigger enable"
If you have an OSPF adjacency with your iBGP peer, verify that its adjacency is not flapping.
Every 60s by default the BGP Scanner process walks the entire BGP table. Therefore, reducing the BGP table size makes sense to ease the load on the CPU.
The last two points are related. Next-hop tracking feature improves efficiency of the BGP Scanner process, namely by letting BGP Scanner know when the next-hop for a prefix changes--then BGP Scanner need only work on that prefix ( in practice, now BGP only needs to invalidate a subset ). If your iBGP peer is known via IGP, then flaps in the IGP will cause unnecessary BGP Scanner runs.
Your iBGP peer session has been up for sometime so IGP instability seems unlikely, but please check your OSPF peer table.
How many BGP Peers did you have at the time? How many routes in your table?
I noticed the attached output from the router. Have you read this article? https://supportforums.cisco.com/document/12202206/size-internet-global-routing-table-and-its-potential-side-effects
The internet may be periodically getting to big for your router. I recommend that you trim the routes you receive to only directly connected prefixes at each of your two upstream providers. Then in addition, put in place two default routes to each of your upstream peers. If there is one you prefer because it is faster or cheaper then set it as the preferred and the other as a more costlier route (metric).
We have done the above and extended the life of our router. However, if it is not the number of routes causing your issues, you may be putting too much throughput through your router. Cheers.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...