Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16915
Views
9
Helpful
4
Replies

CSCvk32439 - IPv6 - SISF main thread consumes high CPU DHCPv6/ICMPv6 SOLICIT - 3

thomas.hager
Level 1
Level 1

‎01-14-2019 02:40 AM

Hello!

 

This is just for information for anybody who has the problem on Cat3850 platform.

We had the same issue on WS-C3850-24XS-E, Version 16.6.4

The CPU was quiet high (peaks) -> after removing "ip dhcp snooping vlan 1-4094" the CPU decreased significant.

Those two processes generated that high CPU:

 

 478  1071381667   153333886       6987 37.51% 19.57% 19.45%   0 SISF Switcher Th 
 479   763884804   142905654       5345 24.55% 14.02% 13.90%   0 SISF Main Thread

SISF = Switch Integrated Security Features

 

Removing the feature "ip dhcp snooping trust" on the interfaces had no improvement.

removing the global config "ip dhcp snooping vlan 1-4094" solved the high CPU

btw: "ip dhcp snooping" was not applied -> DHCP snooping was disabled.

 

BEFORE:

      755555222228888844444333337777766666777779999999999444445555
      711111555551111199999111115555588888222222222255555888885555
  100                                               *****
   90                                          **********
   80 *          *****          *****          **********
   70 *          *****          *************************
   60 *          *****          *************************     **
   50 ******     **********     ********************************
   40 ******     **********     ********************************
   30 **********************************************************
   20 **********************************************************
   10 **********************************************************
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)

 

AFTER: (no ip dhcp snooping vlan 1-4094)

               1111111111111111111122222555555555577777222225555577777222
      991111100000111115555522222333338888855555666669999922222666
  100
   90
   80                                      *****
   70                                      *****          *****
   60                                 **********     **********
   50                            ***************     **********
   40                            ***************     **********
   30                            *******************************
   20                  *****************************************
   10 **********************************************************
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)

               
               
               
                1111111111     111111111111111     111111111111111
      888889999900000000009999900000000001111199999111110000011111
  100
   90
   80
   70
   60
   50
   40
   30
   20
   10 **********************************************************
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)

 

 

 

We need to do further investigation on why this is happening. We just can say, that this has to do with IPv6-Packets (wireshark capture)

I will update this discussion as soon as we have results.

 

 

Thomas

12 people had this problem
Labels:
4 Replies 4

headwaygroup
Level 1
Level 1

‎01-22-2019 01:07 AM - edited ‎01-22-2019 01:08 AM

Also the issue still occurs on WS-C2960X-48FPD-L/FPS-L/LPS-L, WS-C2960X-24TD-L  Version 15.2(6)E2.
#sh proc cpu mon

CPU utilization for five seconds: 99%/1%; one minute: 98%; five minutes: 94%

After removing "ip dhcp snooping vlan 1-4094" the CPU decreased significant to about 40%

0 Helpful

markus.forrer
Level 4
Level 4

‎01-22-2019 01:11 PM

Hi

 

Had the same issue on the Cat3650 with 16.6.4a. We just removed some Vlans from DHCP Snooping where we suspect some ipv6 Traffic (public wlan vlan). After removing those Vlan's cpu is going down from 97% to 14%.

0 Helpful

Defututus
Level 1
Level 1

‎11-05-2022 02:04 PM

I fixed the same issue on the same platform today. The root cause was this bug: https://bst.cisco.com/bugsearch/bug/CSCvd51480.Thanks to this the switch was sending IPv6 neighbor discovery to all trunks. You need to disable device-tracking by modification of policies as described. If you don't need IPv6 and you want to have still device tracking active, these policies seem to work for me for other bloody 3850's

Policy for trunks:

device-tracking policy DISABLE-IP-TRACKING
tracking disable
trusted-port
device-role switch

Policy for access ports:

device-tracking policy IP-TRACKING
limit address-count 2
security-level glean
no protocol ndp
no protocol dhcp6
tracking enable reachable-lifetime 30

I  was also experiencing another issue where the spanning-tree loopguard blocked some vlans sporadically. I think that it might be related. Here is similar issue with the device tracking and UDLD: https://www.zero-day.com/single-post/cisco-3850-dhcp-snooping-issue

My IOS version is: 16.12.05b

 

Hope it helps

CoreyH
Level 1
Level 1

‎06-29-2023 01:07 PM

Yep removing snooping did it

0 Helpful
Customers Also Viewed These Support Documents