Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

csr 1000v low throughput & high CPU usage

Serg_tsk
Level 1
Level 1

‎12-17-2019 11:03 PM

We have virtual router Cisco CSR 1000v in a cloud. There are 8 vCPU, based on Intel Xeon E5-2660 v3 (2,6 GHz). We have 1Gbit/sec license and heavy data-plane cpu template:

csr1000v#show platform software cpu alloc
CPU alloc information:

  Control plane cpu alloc: 0

  Data plane cpu alloc: 1-7

  Service plane cpu alloc: 0

  Template used: None

Our problem is low network throughput with DMVPN + IPSEC tunnels. I didn't saw network speed more than 650 mbit\sec and the CPU usage in that situation is full:

 

CPU utilization for five seconds: 77%, one minute: 77%, five minutes: 77%
Core 0: CPU utilization for five seconds:  1%, one minute:  1%, five minutes:  1%
Core 1: CPU utilization for five seconds: 100%, one minute: 99%, five minutes: 99%
Core 2: CPU utilization for five seconds: 100%, one minute: 99%, five minutes: 99%
Core 3: CPU utilization for five seconds: 100%, one minute: 99%, five minutes: 99%
Core 4: CPU utilization for five seconds: 100%, one minute: 99%, five minutes: 99%
Core 5: CPU utilization for five seconds: 100%, one minute: 99%, five minutes: 99%
Core 6: CPU utilization for five seconds: 17%, one minute: 18%, five minutes: 18%
Core 7: CPU utilization for five seconds: 99%, one minute: 99%, five minutes: 99%
   Pid    PPid    5Sec    1Min    5Min  Status        Size  Name                  
--------------------------------------------------------------------------------
 22424   21934    624%    624%    621%  R       1176592384  ucode_pkt_PPE0   
csr1000v#show platform hardware qfp active datapath utilization summary 
  CPP 0:                     5 secs        1 min        5 min       60 min
Input:     Total (pps)        68889        68538        52964        41879
                 (bps)    663208264    658867352    464399304    409978144
Output:    Total (pps)        68857        68538        52963        41880
                 (bps)    641941992    638171736    462007992    397564136
Processing: Load (pct)           99           99           72           63

Network speed become ~750 mbit/sec if I remove crypto and send packets with 1350 bytes length.

Tunnel and crypto configuration:

interface Tunnel200
  bandwidth 10000
 ip address 10.10.200.229 255.255.252.0
 no ip redirects
 ip mtu 1396
 ip bandwidth-percent eigrp 1 100
 ip nhrp authentication <secret>
 ip nhrp map 10.10.200.1 9.9.9.9
 ip nhrp map multicast 9.9.9.9
 ip nhrp network-id 200
 ip nhrp nhs 10.10.200.1
 ip tcp adjust-mss 1356
 delay 1050
 tunnel mode gre multipoint
 tunnel key 200
 tunnel path-mtu-discovery
 tunnel protection ipsec profile <profile-name> shared
crypto ipsec transform-set <ts-name> esp-3des esp-sha-hmac 
 mode transport

crypto ipsec profile <profile-name>
set transform-set <ts-name> 
set pfs group5

I tried to use AES-256 crypto,  but the result was the same as with 3des.

 

Our service provider cant offer any ways of elimination this problem. Can i obtaint 1 Gbit/sec throughput in this case ? Thank you.

 

With best regards,

Sergey Kanovskiy.

3 people had this problem
Labels:
0 Helpful
Who Me Too'd this topic