cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1792
Views
0
Helpful
4
Replies

CPU utilisation high 2811

AKIL HASAN
Level 1
Level 1

Hi,

We have Cisco 2811 router and facing high CPU utilisation as 70%/67%;

IOS Runing :c2800nm-advsecurityk9-mz.124-3f.bin

Also find attached show logging, show process cpu, show version, show ip traffic

regds

Akil

1 Accepted Solution

Accepted Solutions

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Since your interrupt CPU is within 3% of total CPU %, I would suspect this is due to overall traffic load passing through the router.  You didn't post load on your interfaces, but from my experience with this model, CPU will max out as you approach 20 Mbps (duplex).

PS:

Ah, DS3, rate-limited on output.  SLA tests.  NBAR with text packet inspection and protocol discovery.  Route-map, OSPF, longish ACLs, modified command mapping to privledge levels, and more.  Not often you see any router with so many features activated, especially a 2811.

If you can graph CPU load with total bandwidth passing through the router, you might find a correlation.

PPS:

I should have previously noted, since everything on the this series of routers is generally processed by the CPU, you can sometimes makes changes to minimize CPU load (leaving more for packet forwarding).  For instance: deactivation of unnecessary services (NBAR protocol discovery?); re-ordering, if logically possible, ACLs such that most frequently matched are matched first; combining ACLs, if possible, so fewer comparisons are required; policing, rate-limiting or ACL processing on ingress rather than egress, again if logically possible; using all pertinent caching methods, e.g. flow caching (should help with ACLs) and/or policy caching (for route maps); compiled ACLs (not an intended feature on these platforms, although was available on some early IOS versions); etc.

Doing all the above has the router work as optimally as possible for what's required from it, but you'll still need to match actual hardware performance for offered load.

View solution in original post

4 Replies 4

skarthic
Cisco Employee
Cisco Employee

Hi Akil,

When did you start seeing High CPU? Were any changes made prior to that.How did you notice that the CPU was high?

From the outputs, looks like High CPU is due to interrupts.

Please also attach the followin outputs

- show run

- show interfaces switching

- show cef not cef-switched

- show interfaces | inc up|Input|rate

- show ip cef switching statistics feature

- show ip cef switching statistics

- show cef drop

These outputs must give some idea abt why the traffic is getting punted to CPU.

Thanks.

Hi,

Find attached output commands,

show run

- show interfaces switching

- show cef not cef-switched

- show interfaces | inc up|Input|rate

- show ip cef switching statistics feature

- show ip cef switching statistics

- show cef drop

Also IOS is deferred hence confirm if this creating issue due to some bug.

Regds,

akil hasan

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Since your interrupt CPU is within 3% of total CPU %, I would suspect this is due to overall traffic load passing through the router.  You didn't post load on your interfaces, but from my experience with this model, CPU will max out as you approach 20 Mbps (duplex).

PS:

Ah, DS3, rate-limited on output.  SLA tests.  NBAR with text packet inspection and protocol discovery.  Route-map, OSPF, longish ACLs, modified command mapping to privledge levels, and more.  Not often you see any router with so many features activated, especially a 2811.

If you can graph CPU load with total bandwidth passing through the router, you might find a correlation.

PPS:

I should have previously noted, since everything on the this series of routers is generally processed by the CPU, you can sometimes makes changes to minimize CPU load (leaving more for packet forwarding).  For instance: deactivation of unnecessary services (NBAR protocol discovery?); re-ordering, if logically possible, ACLs such that most frequently matched are matched first; combining ACLs, if possible, so fewer comparisons are required; policing, rate-limiting or ACL processing on ingress rather than egress, again if logically possible; using all pertinent caching methods, e.g. flow caching (should help with ACLs) and/or policy caching (for route maps); compiled ACLs (not an intended feature on these platforms, although was available on some early IOS versions); etc.

Doing all the above has the router work as optimally as possible for what's required from it, but you'll still need to match actual hardware performance for offered load.

Hi Akil,

Can you post the "show interface" o/p too. This will give us an idea of the amount of traffic passing through the router.

Check this link for the router performance expected on the CEF path -

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

However with so many features enabled as Joseph pointed out , it might spike the CPU.

Regards

Review Cisco Networking for a $25 gift card