Re: High cpu utilization in cisco 3900 wan qos router

soorajn2011 · ‎11-23-2017

Hello All,

I am facing high cpu utilization on my cisco wan qos router. I shared the load by 50:50 with another wan qos. But in frequent intervals, it showing 90 to 95 % CPU utilization. Attached the sh run, sh ver, sh proc cpu outputs. Please help

Georg Pauwen · ‎11-24-2017

Hello,

what is the WAN speed ?

Can you post the output of:

show policy-map interface GigabitEthernet0/0

show interface GigabitEthernet0/0

soorajn2011 · ‎11-26-2017

Please find the attachment.

soorajn2011 · ‎11-26-2017

Its a 1Gbps link.

soorajn2011 · ‎11-26-2017

1 Gbps link

soorajn2011 · ‎11-28-2017

Sorry. Its a 100 Mbps link.I can see that the CPU utilization becomes high during the time the bandwidth is utilized more like some downloads, windows update etc. Also the the cpu utilization due to interrupts also seems to be high like 65%/75%. The router is 3900 series. Please support whether this issue will resolve if router replaced with 4431 ISR router??

Also If I disable MTU and TCP-mss from my config, Is there any impact and whether it will reduce the CPU utilization?

Joseph W. Doherty · ‎11-27-2017

As you router is only a 3925, and your using a gig interface (correct?), I'm wondering whether your CPU spikes might just be related to the capacity of your router. (NB: Cisco only recommends a non-"E" model 3925 for up to 100 Mbps of bandwidth. [BTW, crypto can be most demanding.])

Looking at your later attachments, the one showing the config, unclear why your using the IP MTU and IP TCP adjust-MSS settings you're using. I'm wondering whether you might be fragmenting some packets, which will use even more CPU.

soorajn2011 · ‎11-27-2017

So what you suggest? If I am planning for a router upgrade which model you will suggest for my current configuration? Also regarding mtu and tcp mss what change I need to do to reduce high cpu utilization.

Joseph W. Doherty · ‎11-27-2017

You have a 1 gig hand-off (?), but do you have 1 gig for up/down too?

To your second question: https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html?dtid=osscdc000283

soorajn2011 · ‎11-28-2017

Sorry. Its a 100 Mbps link.I can see that the CPU utilization becomes high during the time the bandwidth is utilized more like some downloads, windows update etc. Also the the cpu utilization due to interrupts also seems to be high like 65%/75%. The router is 3900 series. Please support whether this issue will resolve if router replaced with 4431 ISR router??

Also If I disable MTU and TCP-mss from my config, Is there any impact and whether it will reduce the CPU utilization?

Joseph W. Doherty · ‎11-28-2017

Ok, if you have 100 Mbps, that's in-line with the capacity of your 3925. So, if your CPU doesn't spike much above 75%, you should be okay. It's to be expected that CPU will increase as you load up an ISR.

You can have the same with a 4K ISR. However, they tend to have more capacity for "like" models and unlike the earlier ISRs, their maximum bandwidth capacity is a "guaranteed" value. I.e. if a model says it will support up to 100 Mbps, that's almost always true. Understand, though, they will not support more than their maximum bandwidth capacity as this series enforces their performance limit.

As to disabling MTU and/or TCP mss-adjust, I wasn't suggesting that. I was just suggesting your current values might be suboptimal. Optimal values often tend to minimize the CPU you need for VPN traffic.

soorajn2011 · ‎11-28-2017

My CPU usage sometimes spike upto 95%. Its mostly because of the high bandwidth utilization. If I stopped the high downloads, its back to 30 to 40%. I hope if I replace 3900 series with an ISR 4431 model, my issue will solve to some extend. Please advice.

Joseph W. Doherty · ‎11-28-2017

Well if you're not loosing packets or having them unduly delays when your CPU spikes like that, it's still not really a problem.

If you do pursue a 4K, remember for duplex links, you need to double the bandwidth that the ISR will support. For example, if yours is a 100 Mbps duplex link, you would want a 4K that offers, at least, 200 Mbps bandwidth capacity.

soorajn2011 · ‎11-28-2017

High utilization in the sense it is hitting 85 to 90 percent while the traffic is high. In that case we are affecting by loosing packets and slowness in network. In that same time there is no router hang or router reload.
ISR 4431 will not work with 100 Mbps full duplex link?? I need to avoid the CPU spikes during high traffic and bandwidth utilization. Please advice.

Joseph W. Doherty · ‎11-29-2017

Again, if you get your deal with fragmentation optimally, you might bring your CPU.

If not, yes a 4431 (with a base performance license) should be suitable for a 100 Mbps duplex link. (BTW, so should a 4331 [with a performance upgrade license] or a 4351 [with a base performance license] should be suitable too. [NB: a 4351 with a base performance license, I suspect, is borderline if doing VPN.])