Cisco 3845 High CPU Utilization/SIP ALG Issue

Hamidsattarrana · ‎10-18-2019

Dear All,

I need some help regarding router configurations. I am using Cisco 3845 with Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(10), RELEASE SOFTWARE (fc1) & Cisco-3750-G-SW.

We have 3 ISPs terminating into Cisco-3750-G then we terminated these ISPs into router on sub-interfaces.

1st ISP is for VOIP >>>>>>>>>>>>>> Used for 2 VOIP servers on cloud on port 5050

2nd ISP is for all other data traffic

3rd is SIP Trunk from ISP >>>>>>> Used for 1 VOIP server on port 5060

We are doing PBR so that the VOIP traffic for server 1 and server 2 go via 1st ISP and all other data traffic is going via 2nd ISP.

Core-Router is enabled for PAT for all of these ISPs. We have only 1 LAN for all of these WAN connection.

Issue is with (IP NAT SERVICE SIP UDP PORT 5050). Should I have to enable it because we have 2 VOIP servers on cloud on port 5050.

When I enabled above command some voip packets start dropping.

Can someone help in this issue. What should I do with IP NAT sip service?

I am also posting the configurations, Kindly check these configuration if I am missing something.

Configurations of Cisco-3845

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption

!

hostname Core-Router

!

logging userinfo
logging buffered 4096 debugging
no logging console
no logging monitor
!
no aaa new-model
clock timezone UTC 5
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.32.1 192.168.32.100
ip dhcp excluded-address 192.168.33.1 192.168.33.100
!
ip dhcp pool dhcp
network 192.168.32.0 255.255.254.0
default-router 192.168.32.1
dns-server 8.8.8.8
lease 0 0 30

!

ip domain name routerips.com
ip name-server 8.8.8.8
ip ssh logging events
ip ssh version 2

!

login on-failure log
login on-success log

!

interface GigabitEthernet0/0
description WAN
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.100
description WAN-1stISP
encapsulation dot1Q 100
ip address 192.168.10.2 255.255.255.0
ip nat outside
ip virtual-reassembly max-reassemblies 64

!

interface GigabitEthernet0/0.200
description WAN-2ndISP
encapsulation dot1Q 200
ip address XXX.XX.XX.XXX 255.255.255.248
ip nat outside
ip virtual-reassembly max-reassemblies 64

!

interface GigabitEthernet0/0.3523
description WAN-SIPTrunk
encapsulation dot1Q 3523
ip address XX.XXX.XXX.XX 255.255.255.248
ip nat outside
ip virtual-reassembly

!

interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.300
description LAN-Network
encapsulation dot1Q 300
ip address 192.168.32.1 255.255.254.0
ip nat inside
ip virtual-reassembly max-reassemblies 64
ip policy route-map asterik

!

ip route 0.0.0.0 0.0.0.0 towards 2nd ISP

ip dns server

!

no ip http server
no ip http secure-server
ip nat service sip tcp port 5050
ip nat service sip udp port 5050
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060

!

ip nat inside source route-map 3rd-ISP interface GigabitEthernet0/0.3523 overload
ip nat inside source route-map 1st-ISP interface GigabitEthernet0/0.200 overload
ip nat inside source route-map 2nd-ISP interface GigabitEthernet0/0.100 overload

!

route-map 3rd-ISP permit 10
match ip address 100
match interface GigabitEthernet0/0.3523
!
route-map 2nd-ISP permit 10
match ip address 100
match interface GigabitEthernet0/0.100
!
route-map 1st-ISP permit 10
match ip address 100
match interface GigabitEthernet0/0.200
!
route-map asterik permit 10
match ip address 160
set ip next-hop 192.168.10.1 (2nd-ISP Next Hop which is using as default route)
!
route-map asterik permit 20
match ip address 150
set ip next-hop XXX.XX.XX.XXX ( Next-Hop Address for VOIP Servers traffic only) Destination based Policy routing

!

scheduler allocate 20000 1000
process cpu threshold type total rising 80 interval 5
ntp logging
ntp clock-period 17180097
ntp server 216.239.35.0
ntp server 216.239.35.4
ntp server 216.239.35.8
ntp server 216.239.35.12

balaji.bandi · ‎10-18-2019

Is the SIP issue due to high CPU

what is causing high CPU ?

can you post output

show process cpu sorted | ex 0.00%

show version

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hamidsattarrana · ‎10-22-2019

IP Input is causing high CPU. During the high CPU Utilization CPU Voice packet start dropping, distortion in calls.
And one thing when we restart the router it start working normal and if we do not restart it again within 24 hours. Then high CPU utilization started.

Hamidsattarrana · ‎10-22-2019

Core-Router#show processes cpu sorted | ex 0.00%
CPU utilization for five seconds: 18%/13%; one minute: 17%; five minutes: 18%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
85 236764 653789 362 4.42% 3.13% 2.06% 0 IP Input
222 148 2895684 0 0.49% 0.47% 0.48% 0 IP SLA Mon Event
91 5440 6642 819 0.32% 0.08% 0.02% 450 SSH Process
174 4324 5392 801 0.08% 0.49% 0.26% 451 SSH Process
17 7080 60319 117 0.08% 0.05% 0.06% 0 ARP Input
110 36 18176 1 0.08% 0.05% 0.06% 0 CEF process

It's working fine now. Because I restart it but tomorrow it will go again on high CPU if we don't restart it again.

Hamidsattarrana · ‎10-22-2019

I am using this IOS (C3845-ADVIPSERVICESK9-M), Version 12.4(10), RELEASE SOFTWARE (fc1)
Router RAM: 256
Flash: 1GB

Georg Pauwen · ‎10-22-2019

Hello,

you did not post the actual access lists. Are there any 'deny' statements in the access lists ?

Hamidsattarrana · ‎10-22-2019

These are the access list. This configuration was working fine since last 7 months.
Extended IP access list 100
10 permit ip 192.168.32.0 0.0.1.255 any (1317897 matches) >>>>>>> LAN Network on Sub-interface
Extended IP access list 150
10 permit ip 192.168.32.0 0.0.1.255 host VOIP Server 1 (2788039 matches)
20 permit ip 192.168.32.0 0.0.1.255 host VOIP Server 2 (6694728 matches)
Extended IP access list 160
10 permit tcp 192.168.32.0 0.0.1.255 host VOIP Server 1eq 2281 (543759 matches)

Hamidsattarrana · ‎10-22-2019

There is no deny statement in ACLs

Georg Pauwen · ‎10-22-2019

Hello,

your router is very old (end of sale date was 2011), and the IOS version you are running is extremely outdated. You might just be running into a hardware failure.

Hamidsattarrana · ‎10-22-2019

What about version 15?

Georg Pauwen · ‎10-22-2019

Try 15.1.4M12a MD, which is the latest and recommended release...

https://software.cisco.com/download/home/279042634/type/280805680/release/15.1.4M12a

balaji.bandi · ‎10-22-2019

what kind of WAN Utilisation, Hope all are static router or any dynamic routing here on router ?

what was the uptime of the router, before you rebooted last time ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hamidsattarrana · ‎10-22-2019

Around 24 hours

Hamidsattarrana · ‎10-22-2019

3 WAN Connection goes to Cisco-3750 and then goes to Router. 3 Sub-interfaces are configured. One for VOIP only, 2nd is SIP line and third one is for data traffic. ISP modems >>>> Cisco-3750 >>>> Router (Sub-Interfaces)
No dynamic routing protocol only some static routes.

balaji.bandi · ‎10-22-2019

what kind of bandwidth utilisation ? or internet pipe you have ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help