Core issue
Cisco software-based routers use software in order to process and route packets. The CPU utilization on a Cisco router tends to increase as the router processes and routes more packets. The show processes cpu command is issued on switches in order to show the CPU utilization for the Supervisor Engine processor of the switch. This command can provide a fairly accurate indication of the traffic processing load on the router.
The Cisco Catalyst 6500 and 6000 series switches do not use the CPU in the same way. These switches make forwarding decisions in hardware, not in software. When the switches make forwarding or switching decisions for frames that pass through the switch, the process does not involve the CPU of the Supervisor Engine.
Due to the differences in architecture and forwarding mechanisms between Cisco routers and switches, the typical output and significance of the show processes cpu command differs greatly.
Resolution
These situations can contribute to high CPU utilization:
- High CPU due to a broadcast storm
A LAN broadcast storm occurs when broadcast or multicast packets flood the LAN, which creates excessive traffic and degrades network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm.
Broadcast suppression prevents the disruption of LAN interfaces by a broadcast storm. Broadcast suppression uses a filter that measures broadcast activity on a LAN over a one-second time period, and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration of a specified time period. Broadcast suppression is disabled by default.
Refer to these documents for more information about broadcast suppression:
- High CPU due to BGP scanner
High CPU due to the Border Gateway Protocol (BGP) scanner process can be expected for short durations on a router that carries a large Internet routing table. Once a minute, the BGP scanner walks the BGP Routing Information Base (RIB) table and performs important maintenance tasks. These tasks include examination of the next-hop referenced in the router BGP table and verification that the next-hop devices can be reached. Thus, a large BGP table takes an equivalently large amount of time to be walked and validated.
Because the BGP scanner process runs through the entire BGP table, the duration of the high CPU condition varies with the number of neighbors and the number of routes learned for each neighbor.
Refer to the High CPU due to BGP Scanner section of Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process for more information.
The Exec process in Cisco IOS software is responsible for the communication on the TTY lines of the router, which includes console, auxiliary, and asynchronous. The Virtual Exec process is responsible for the VTY lines, known as Telnet sessions. If a lot of data is transferred through these sessions, the CPU utilization for the Exec process increases.
The Exec and Virtual Exec processes are Medium-priority processes, so if there are other processes that have a High or Critical priority, the higher priority processes obtain the CPU resources.
It is recommended to configure no exec on the console or VTY lines that are connected to the console of the other devices.
Refer to the section of High CPU Utilization in Exec and Virtual Exec Processes for more information.
- High CPU due to Non-Reverse Path Forwarding (RPF) traffic
The Multicast Multilayer Switching (MMLS) process, defined as M-MLS_stats, checks the non-RPF traffic and helps the MFD (Mulitcast Fast Drop), which is a process to drop multicast packets rather than send all of them to the Route Processor (RP) Multilayer Switch Feature Card (MSFC). It leaks some non-RPF packets to the MSFC so that the mroute and oil list are contained.
All Cisco routers do not handle non-RPF traffic for Sparse Mode groups efficiently in certain topologies. For non-RPF traffic, there is usually no (*,G) or (S,G) state in the redundant router and therefore no hardware or software shortcuts can be created in order to drop the packet. Each multicast packet must be examined by the processor individually. This can cause the CPU on these routers to run very high.
Refer to Redundant Router Issues with IP Multicast in Stub Networks for more information.
- High CPU due to Multicast.
Any packet with TTL = 1 is punt to the routing engine. If you have a router connect to the VLAN, that router has high CPU due to processing the TTL=1 packet. If the router is MSFC and it is connected through SVI. It does not matter if the multicast routing is enabled or not, or what kind of router is in the VLAN. The packet is processed by the RP CPU because the switch cannot forward packet with TTL=1. The switch process does not deal with the TTL=1 packet and it does not cause high CPU to SP.
In order to avoid high CPU, check if proper RP is defined for the groups and TTL for the multicast applications are set to higher value.
