This document disucsses on high CPU condition seen in Catalyst 6500 platforms due to IOS Server Load Balancing (SLB) feature.
Catalyst 6500 reporting high CPU due to interrupts and "IP Input" process.
C6K-A#show process cpu sorted | exclude 0.00
CPU utilization for five seconds: 98%/57%; one minute: 99%; five minutes: 97%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
227 816331652 12632718 4266 32.10% 31.69% 31.07% 0 IP Input
Troubleshooting and Symptoms:
The IOS SLB is configured with "nat server""
ip slb serverfarm TEST-FARM1
nat client POOL1
Switch do NOT have any sw-installed Netflow entries:
C6K-A#show mls netflow ip sw-installed
Displaying Netflow entries in Active Supervisor EARL in module 5
C6K-A#show mls netflow ip sw-installed module 1 <<=== Ingress DFC module Displaying Netflow entries in Active Supervisor EARL in module 1
SLB has active connections:
C6K-A#show ip slb connections
vserver prot client real state nat
------------------------------------------------------------------------------- VSERVER-NAME TCP <client-ip>:<port> <real-ip>:<port> <TCP-State> S,C <snip>
Root-Cause and Resolution:
When the client sends the traffic to virtual IP address, the load-balancer (in this case, IOS SLB) will NAT the traffic, as the real/physical severs are NOT aware of the virtual IP address.
Cat6500 with "nat server" configuration, the switch is NOT capable of creating hardware shortcuts. As a result, the traffic will be process/software switched. This is done by punting the traffic to the CPU and it can be verified by: (Here, 10.50.50.2 is IP address of a virtual server)
C6K-A#show tcam int vlan <client-vlan> acl in ip | inc 10.50.50.2 punt udp any host 10.50.50.2
redirect tcp any host 10.50.50.2 fragments
policy-route tcp any host 10.50.50.2 eq <port#> <snip>
To resolve this issue, it is recommended to configure IOS SLB in "Dispatched" mode.
Hello.Need: Cisco 881 with c880data-universalk9-mz.154-3.M8.bin and Advanced IPservice licenseHave: C881 with c800-universalk9-mz.SPA.154-3.M1.bin and Advanced IPservice license Is it equal?Thank YouPS: Feature Navicator not show c800-universalk9-mz....
Hi,I'm needing help to First, I installed successfully an FileZilla FTP server into a windows workstation connected to my network provider equipment. All worked properly from external side to connect to my FTP server. Then, because I need ...
I thought I'd best be able to illustrate my issue with a collection of ping commands:MY_SWITCH#ping XX.YY0.41.131 source XX.YY0.48.1Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 msMY_SWITCH#ping XX.YY0.48.10 source XX.YY0.41.1Success r...
Hi, My concern is regarding BGP load-sharing using loop-back and maximum path. In single homed (two link between two routers in different AS) environment if I am doing load-sharing using loopback or maximum path, What exact difference is in bet...
Hello, I'm using a Cisco Prime Infra 3.6 (Patch 2). I have the same problem with two "WS-C2960S-24TS-L" version 12.2(53)SE2 for the first and 15.2(2)E9 for the second one. I am using SNMP v3 (MD5/AES128 and try at first with AES25...