12-02-2014 07:48 AM - edited 03-05-2019 12:16 AM
I can see constant ESP traffic coming from WAN and going to a VPN box connected on LAN which is causing high CPU the traffic flow is almost one way seems a replication and its around 80Mb. I check CEF and interface switching and not able to find any abnormality all traffic is taking proper switching path i am failed to find any punted and process switch traffic. The culprit is ESP traffic when i deny the ESP traffic with access-list CPU drop down to normal. I am trying to find the actual traffic in tunnel which is causing this issue
12-02-2014 08:59 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
ESP traffic, that's just transit, shouldn't normally have any more impact than any other transit traffic.
If the VPN is passing high traffic volume, could your CPU just be related to the additional volume?
12-02-2014 09:43 PM
Its only 80Mb and as per document its capable to handle more than 200 Mb. Do you think it can related to huge fragments?
12-03-2014 02:39 AM
What model router?
12-03-2014 06:29 AM
3845
12-03-2014 09:09 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Ok, yes a 3845 is rated at about 500 Kpps, for minimum size packets, but that's also for "ideal" traffic. The same device is also rated at 35 Kpps for process switching, which provides a hint of the CPU hit for anything less than ideal traffic might cause. (Yes, I noted you don't see high process switching, but interrupt switch is still CPU processed, it's just, in theory, very optimal at what it does.)
Again, if your VPN traffic is just transit, I wouldn't expect it to normally have any more impact than any other similar sized transit traffic.
What you might try is some traffic generator. Shoot an additional 80 Mbps through your router, and see what's the CPU impact. (On Windows clients, I've used PCATTCP with UDP packets for such testing.)
12-05-2014 09:38 AM
ACL, QOS and netflow is configured and ESP packets are not less than 1500 bytes and this router handle ACL, QOS and and netflow in software mean interrupts and as per documents if we enable these services than this router can handle upto T3/E3 traffic
12-09-2014 08:00 AM
I opened the TAC and got the same reply
12-02-2014 11:01 PM
Q. What is the performance of the 3800 series?
A. The 3800 Series routers are designed to deliver multiple concurrent services at wire-speed performance of up to T3/E3 rates. The T3/E3 value represents IMIX packet sizes in higher than typical 3800 services configurations. In less service-intense environments, actual WAN throughput will be higher. In light service environments with 64 byte packets, the 3800 series can achieve between 350-500 Kpps
http://www.cisco.com/c/en/us/products/collateral/routers/3800-series-integrated-services-routers-isr/prod_qas0900aecd8016a953.html.
===========================================================================
See the performance chart here by Miercom
http://www.miercom.com/pdf/reports/20090710.pdf
===========================================================================
As per following document it can handle 256 Mbs but
Numbers are given with 64 byte packet size, IP only, and are only an indication of raw switching performance. These are testing numbers, usually with FE to FE or POS to POS, no services enabled. As you add ACL's, encryption, compression, etc - performance will decline significantly from the given numbers, unless it is a hardware-assisted platform, such as the 7600 or 12000, which process QoS, ACL's, and other features in hardware.
https://supportforums.cisco.com/sites/default/files/legacy/8/0/6/18608-routerperformance.pdf
It seems router is overloaded with traffic of full size packets and ACL and QOS applied to it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide