Greetings,

Strange thing happend with our 7206VXR. It starts to utilize 40% CPU but there is no processes which loads cpu. Total router's throughput comes short of satisfactory.

router#sh processes cpu sorted

CPU utilization for five seconds: 40%/32%; one minute: 36%; five minutes: 36%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

39 504392 886343 569 6.96% 5.63% 5.42% 0 IP Input

66 3488 1164 2996 0.65% 0.05% 0.01% 3 SSH Process

136 1668 272 6132 0.40% 0.04% 0.00% 0 BGP Scanner

61 7780 6004 1295 0.24% 0.14% 0.09% 0 CEF process

5 56 304 184 0.00% 0.00% 0.00% 0 Pool Manager

6 0 2 0 0.00% 0.00% 0.00% 0 Timers

7 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun

. . . . .

Experimentally, I've found that CPU load become 6-7% when I shutdown interface Serial2/5 (our link to provider, bandwidth 2Mbit/s).

What can be cause of this strange behavior?

How can I fix this?

Thanks in advance.

Best regards,

Dmitry N. Hramtsov

--

Part of my config:

!

interface Serial2/5

description Leased line to Provider

bandwidth 2048

ip address x.y.189.130 255.255.255.252

ip access-group 113 in

ip access-group 104 out

ip nat outside

rate-limit input access-group 117 1000000 1500 2000 conform-action transmit exceed-action drop

ip route-cache flow

no ip mroute-cache

serial restart-delay 0

no cdp enable

end

!

access-list 113 deny udp any any eq 1434

access-list 113 deny ip 10.0.0.0 0.255.255.255 any

access-list 113 deny ip 172.16.0.0 0.15.255.255 any

access-list 113 deny ip 192.168.0.0 0.0.255.255 any

access-list 113 deny ip any 10.0.0.0 0.255.255.255

access-list 113 deny ip any 172.16.0.0 0.15.255.255

access-list 113 deny ip any 192.168.0.0 0.0.255.255

access-list 113 deny udp any any eq 135

access-list 113 deny udp any any eq netbios-ns

access-list 113 deny udp any any eq netbios-dgm

access-list 113 deny udp any any eq netbios-ss

access-list 113 deny udp any any eq 445

access-list 113 deny tcp any any eq 135

access-list 113 deny tcp any any eq 137

access-list 113 deny tcp any any eq 138

access-list 113 deny tcp any any eq 139

access-list 113 deny tcp any any eq 445

access-list 113 permit ip any any

!

access-list 104 deny ip 10.0.0.0 0.255.255.255 any

access-list 104 deny ip 172.16.0.0 0.15.255.255 any

access-list 104 deny ip 192.168.0.0 0.0.255.255 any

access-list 104 deny ip any 10.0.0.0 0.255.255.255

access-list 104 deny ip any 172.16.0.0 0.15.255.255

access-list 104 deny ip any 192.168.0.0 0.0.255.255

access-list 104 deny udp any any eq 135

access-list 104 deny udp any any eq netbios-ns

access-list 104 deny udp any any eq netbios-dgm

access-list 104 deny udp any any eq netbios-ss

access-list 104 deny udp any any eq 445

access-list 104 deny tcp any any eq 135

access-list 104 deny tcp any any eq 137

access-list 104 deny tcp any any eq 138

. . . .

totally 174 lines in access-list 104

. . . .

access-list 104 deny ip x.y.218.160 0.0.0.31 any

access-list 104 deny ip x.y.214.96 0.0.0.31 any

access-list 104 deny ip x.y.221.96 0.0.0.31 any

access-list 104 deny ip x.y.221.128 0.0.0.31 any

access-list 104 deny ip x.y.222.64 0.0.0.31 any

access-list 104 permit ip any any

!

access-list 117 deny ip any x.y.164.0 0.0.0.255

access-list 117 deny ip any host x.y.209.65

access-list 117 permit ip any any