Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

High Utilization

High utilization on the router interface facing the internet,MRTG shows bandwidth fully utilized
this could be attack or server malfunctioning. how to restrict the bandwidth for incoming and outgoing traffic
how to identify which internal resource utilizing how much bandwidth

New Member

Re: High Utilization

Hi Mathew ,

I will be good if you could share some output pointing towards high cpu.Is the high cpu due to process or interrupts.

Show process cpu will be helpful.



New Member

Re: High Utilization

CPU utilization is less than 20%

New Member

Re: High Utilization

Best tool to use to identify bandwidth utilization and hosts involved is NetFlow.  You can gather some stats directly from the router but it is best to actually use a NetFlow collector of some type.  See your IOS docs on configuring NetFlow.

New Member

Re: High Utilization

There are couple of options available depending on your location.

  1. Type of your location -  Data Centre (where servers located) accessed by multiple sites or Branch Office
  2. Type of your traffic  - Inbound and Outbound - MRTG graph will share this information
  3. ISP Router - Own by you (you can control ISP devices) / partner (you can advise your provider for configuration) / third party (you cannot control their device)
  4. What is the bandwidth utilization -- 10% ---100% and what is the trend -- occansional or permanant
  5. What is the impact of this

Possible action at the moment

  1. Measure traffic with the help of netflow or any other similar tool. This tool will provide you information on source IP, Destination IP, Source Protocol and Destination protocol. This will identify who is using or misusing the link. You can show the logs to user as evidences of use or misuse of internet link
  2. Once you identify then try to restrict the traffic at source only.  Either L-3 switch near to users or LAN interface of the router.

This will bring some smile to progress.

With regards,


CreatePlease to create content