I need a help to "convert/translate" a very usefull command, that I normally use for C3850/C3750 switches, to an 2911 ISR G2...I know that SW uses asic/tcam and routers has a different way to process information and etc...but must exist a similar command...
I have a Cisco2911 ISR G2 (using QoS Marking policy on LAN interface, and priority/shapping/pre-classify policy on WAN (Giga+tunnel interface, GRE with no encryption, only setting source and destination). This router also have a VPN module (ISM-VPN-29), "offboard", but isn't in use yet...
So, my WAN circuit only hits 30Mbps (pps has a low number) and CPU goes to 70~80%...I "believe" that QoS (marking) is the responsible for these numbers...or both policies on the same equipment, unfortunatelly I can't mark the traffic before my router...there is no detailed CPU troubleshooting commands for this platform (for interrupts and etc), or I didn't find yet...
Anyway, I´d like to comprove these thresholds without/before remove the policy of interface...
See below the command and the output on switches....
#show platform tcam utilization asic all
CAM Utilization for ASIC# 0
Table Max Values Used Values
Unicast MAC addresses 32768/512 85/22
Directly or indirectly connected routes 32768/7680 125/127
IGMP and Multicast groups 8192/512 0/16
QoS Access Control Entries 3072 68
Security Access Control Entries 3072 1648
Netflow ACEs 1024 15
Input Microflow policer ACEs 256 7
Output Microflow policer ACEs 256 7
Flow SPAN ACEs 256 13
Control Plane Entries 512 195
Policy Based Routing ACEs 1024 9
Tunnels 256 12
Input Security Associations 256 4
Output Security Associations and Policies 256 9
SGT_DGT 4096/512 0/0
CLIENT_LE 4096/64 0/0
INPUT_GROUP_LE 6144 0
Let's start with the basics. What does show processes cpu sorted say when the CPU load is high? What is the total load and interrupt load? What are the processes occupying the most CPU time? And finally, do you experience any performance issues with your network? Even though having a CPU at 70% might not give off a comfortable impression, if there are not performance issues then I do not think it is that imperative to try to lower it.
Would it be possible for you to post the configuration of your router after obscuring sensitive information?
Thank you Peter.
There is no apparent feature causing high CPU (on show proc cpu)...the total and interrupts are high, almost the same number (85%/84%). I believe that "Licensing Auto Update" has the biggest runtime...(there is a bug on ISR G2 for this process - CSCuj27424, maybe...)
yes...there is a lot of VoIP traffic running over WAN, some users complain metallization...so it is question of time to everybody start reporting problems...pps and utilization are low, around 25Mbps
I attached two files, with show proc in 85%, show int (included drops/bits and etc)...and also a show running (I edited some confidencial informations).