cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

2899
Views
10
Helpful
2
Replies
Highlighted
Beginner

crypto sw pk pro

For what "crypto sw pk pro" process is used?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: crypto sw pk pro

HI,

As per my knowledge:

may be this u have seen while high cpu utlization :

High CPU due to Software Encryption

When there is no hardware encryption module installed in the device, then all encrypted traffic coming through the device will have to be encrypted by the software. This is very CPU intensive. It is not recommend to use software encryption for any encryption deployment with a reasonable throughput requirement. One option to resolve this issue is to reduce the volume of encrypted traffic (re-route traffic or limit the flows that are encrypted). However, the best way to address this issue is to get a Hardware Encryption module installed for this device which eliminates the need for encryption to take place through the software.

Note: The enabling of crypto maps on Tunnel/Physical interfaces is a memory consumption process and can cause an increase in CPU.

If you are using SSH as a transport protocol for Telnet (VTY) lines, the RSA key will be generated every hour and you can experience hourly cpu spikes for the process 'crypto sw pk pro'.

Reagrds

Please rate if it helps.

View solution in original post

2 REPLIES 2
VIP Mentor

Re: crypto sw pk pro

HI,

As per my knowledge:

may be this u have seen while high cpu utlization :

High CPU due to Software Encryption

When there is no hardware encryption module installed in the device, then all encrypted traffic coming through the device will have to be encrypted by the software. This is very CPU intensive. It is not recommend to use software encryption for any encryption deployment with a reasonable throughput requirement. One option to resolve this issue is to reduce the volume of encrypted traffic (re-route traffic or limit the flows that are encrypted). However, the best way to address this issue is to get a Hardware Encryption module installed for this device which eliminates the need for encryption to take place through the software.

Note: The enabling of crypto maps on Tunnel/Physical interfaces is a memory consumption process and can cause an increase in CPU.

If you are using SSH as a transport protocol for Telnet (VTY) lines, the RSA key will be generated every hour and you can experience hourly cpu spikes for the process 'crypto sw pk pro'.

Reagrds

Please rate if it helps.

View solution in original post

I have no any encryption in

I have no any encryption in my network.

How should I do?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here