Re: CPU spikes with CPUHOG error - ARP input

d.anthony.hadley_2 · ‎03-18-2005

I have a 2610 running 122-11.T2 code. It has an ethernet module in it NM-4E. I have three segments with about 30 users total including 8 VOIP Vonage phones. One ethernet interface connects to the ISP via a cable modem. Exactly every minute there is a 5 second cpu spike (80-99%) with an error in the log shown below. The problem would happen once in a while but now it is every minute. Anyone have an idea what's causing this and what I can do about it? Is there a bug in this code? Thanks.

dgahm · ‎03-19-2005

You are probably getting hit with broadcasts and scans from the cable modem. You should be running ACLs (or CBAC)to protect your network. You should also disable proxy ARP, which may be what is causing your spikes.

interface X/X

no ip proxy-arp

d.anthony.hadley_2 · ‎03-21-2005

Thanks for the response. I did put that command on the interface to disable proxy arp. Unfortunately, there was a slight change in the CPU usage. Instead of going to 99 %, it goes to 60-70% and I still get the CPU HOG errors in the log every minute. My CLI freezes for a few seconds every minute. I put an access list on the outside interface to deny ICMP but it destroyed my dynanic NAT (I posted that issue). Now, I have no connectivity to the internet. The errors in the log have stopped, however. I can only statically map one PC to the internet. Any other ideas?

jlzfeeney · ‎03-19-2005

One word "VIRUS" this is common with viruses such as NACHI and other variants that run ICMP scans and TCP 135 scans.