Hello,
We had an issue on a working day where Cisco 7609 as WAN Core routers dropped PIM/BGP/ISIS due to high CPU peaking 99%-100%; also downstrean distribution routers (Cisco 6500 MSFC) reached high CPU as well resulting in creating multicast entries in Partial SC state. We found that one of the WAAS device (WAE-7371-K9) had rebooted twice that morning due to hardware issue and software was corrupted; WAAS is directly connected on Cisco 7609. We isolated the WAAS device which again knocked down all protocols. We could not establish whether high CPU on Cisco 7609 caused by WAAS crash though the timings of WAAS crash and high CPU was almost at the same time.
Also, on Cisco documentation, it mentioned as below; we do have ACLs on Cisco 7609 with port ranges configured.
Catalyst 6500 Series Switches and Cisco 7600 Series Routers Access Control Lists
When WCCP is using mask assignment, any redirect list is merged with the mask information from the appliance and the resulting merged ACL is passed down to the Catalyst 6500 series switch or Cisco 7600 series router hardware. Only Permit or Deny ACL entries from the redirect list in which the protocol is IP or exactly matches the service group protocol are merged with the mask information from the appliance.
The following restrictions apply to the redirect-list ACL:
- The ACL must be an IPv4 simple or extended ACL.
- Only individual source or destination port numbers may be specified; port ranges cannot be specified.
- The only valid matching criteria in addition to individual source or destination port numbers are dscp or tos.
- The use of fragments, time-range, or options keywords, or any TCP flags is not permitted.
If the redirect ACL does not meet the restrictions shown, the system will log the following error message:
WCCP-3-BADACE: Service <service group>, invalid access-list entry (seq:<sequence>, reason:<reason>)
WCCP continues to redirect packets, but the redirection is carried out in software (NetFlow Switching) until the access list is adjusted.
Please help me understand the correlation of WAAS crash and high CPU on Cisco 7609.