If anyone can help explain how the CPU usage on ISRG2 routers works I would greatly appreciate it. Normally when I see a CPU usage spike you can use the show proc cpu sorted command to see what process is using that CPU and then troubleshoot from there. But occasionally I have seen sustained CPU usage without any process showing its using the CPU.
CPU spike to %99 for 1 hour
show proc cpu sorted shows no process using the cpu more than %1
My only guess is the router has ZBF configured and there is a file transfer or backup being software switched and is using all of the CPU it can get its hands on. I just don't understand why that wouldn't show in the show process cpu output as a process using the CPU.
ATLRTR-1941#show proc cpu sorted
CPU utilization for five seconds: 95%/94%; one minute: 97%; five minutes: 98%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
121 3545996 16326613 217 0.15% 0.07% 0.03% 0 IP Input
Hi, Memory utilization does not change. I have SNMP configured and can see the graphs so i know memory isnt changing. Will post some graphs in a second. I think disabling the internet facing interface would solve the issue but thats not the point. The point is, why is the CPU going to 100% without a process showing me its using the CPU. What is the point of the show process CPU command if it doesnt accuratly display processes that are using the CPU?
I think my guess of it being the zone based firewall inspecting traffic is the best answer here. I just dont understand how ZBF can use the CPU without it displaying in the "show proc cpu sorted" command. Might open a TAC case to verify how this could possibly make sense.
Pretty clear that incoming traffic is causing the CPU spike based on the graphs.
I am very familiar with how to pipe the show proc cpu command and exclude lines that have all 0 and i did this during the event but i did not save the output. The issue has not happened since so i cannot post output again but i assure you there were no processes that were using more than 1% of the CPU. This is what makes no sense to me.
I am very sure it is the zone based firewall portion of the config that is causing the high CPU because that process is stateful but i still dont understand how the cpu can be at %99 without any command to verify whats using the CPU.
Still playing around in the lab to test this but might open a TAC case if i cant figure it out. Thanks though!
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...