07-26-2019 08:06 AM
We have a TAC case open but Cisco is having a hard time pinpointing what the issue could be. So hopefully you guys can shed some light on a potential cause or solution.
The issue we are experiencing with one of our sites is that when bandwidth utilization comes close to 90% utilization, the CPU utilization spikes to 99% which causes tunnel flapping and causes console access or remote access to be incredibly sluggish. During these events I ran a show process cpu sort and history, we see that the process NHRP is main cause for the extremely high CPU utilization.
We use DMVPN for our connections back to our 2 data-centers, we made sure that there wasn't any issues on our hub devices (if we did we would also see several other sites have issues with their tunnels) and had the circuit providers troubleshoot any potential issues on their end. One thing to note is that we are running code version 15.7(3)M4a on the device and we had another site that had similar issues during high bandwidth utilization run the same version of code as well, I brought this up to the attention of our TAC engineer, but he doesn't think its a bug or related.
Any help would be greatly appreciated.
interface Tunnel100
description DMVPN Tunnel to x
bandwidth 20000
ip address x
no ip redirects
ip mtu 1400
ip nbar protocol-discovery
ip nhrp authentication x
ip nhrp map x
ip nhrp map multicast x
ip nhrp network-id 101
ip nhrp nhs x
ip nhrp max-send 200 every 10
ip virtual-reassembly in
ip tcp adjust-mss 1360
load-interval 30
tunnel source GigabitEthernet0/2
tunnel mode gre multipoint
tunnel vrf FD_DMVPN
tunnel protection ipsec profile DMVPN
end
interface Tunnel101
description DMVPN Tunnel to x
bandwidth 20000
ip address x
no ip redirects
ip mtu 1400
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nhrp authentication x
ip nhrp map x
ip nhrp map multicast x
ip nhrp network-id 101
ip nhrp nhs x
ip nhrp max-send 200 every 10
ip virtual-reassembly in
ip tcp adjust-mss 1360
load-interval 30
tunnel source Loopback100
tunnel mode gre multipoint
tunnel vrf FD_DMVPN2
tunnel protection ipsec profile DMVPN
end
07-26-2019 08:50 AM - edited 07-26-2019 08:51 AM
Suggestion :
CEF switching is enabled on all interfaces
check this link for possible causes of high interrupts..
http://www.cisco.com/c/en/us/support/docs/routers/7500-series-routers/41120-highcpu-interrupts.html
How many spokes on this HUB ?
07-26-2019 09:02 AM
I'm reading over the CEF information.
This device is one of many spokes for our 2 data-center hubs. Around 30+ spokes on each Hub (2).
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide