We have 15 small branches with cisco 881w in every office, they use VPN site-to-site to vpn-concentrator on Vyatta.
I launched cacti monitoring of cisco 881's CPUs Errors, Traffics, NOn-unicast, Unicast.
I see that on 10.00 pm in one brunch when nobody works there, CPU load reaches 50% and traffic rizes up to 9mb\s
How can I see what's going on there? Is there any session monitor or some service for this?
Please try and use netflow ip top-talkers to see the ip protocols utilization :
2. configure terminal
3. ip flow-top-talkers
4. top number
5. sort-by [bytes | packets
6. cache-timeout milliseconds
I started top-talkers, it shows statistics.
Is it possible to see what packets did go through cisco, for example, at 6.00 pm on 19.01.2013?
I turned on ip flow, i launched ManageEngine Netflow but it shows average statistics:(
Please sne me the outpout of following when you see high CPU
show ip traffic
show proc cpu sorted
show proc cpu history
show ip cef switching statistics feature
And let me know if you see this issue on a specific time of a day or is it random? do you have any bacth updates going on in you netwrok.
On netflow analyzer there should be an option to fetch data quickly and show instantaneou flows instead of average .
thank you for your answer!
the issue goes at random time, vpn tunnels go down, and clients loose internet connection but ip sla show that it's ok with echo icmp pakets to our vpn concentrator, our AD and next-hop....
Can you please suugest and good netflow analyzers? Is there any popular or "best practice" software?
There are plenty of them.
For example: Scrutinizer (limited free edition also, Plixer), NetFlow Traffic analyzer (Solarwinds), WhatsUp Gold NetFlow Monitor...
ntop is good open source solution (GPL license).
i've tried for a few days ManageEngine Netflow Analyzer, yes, it can draw nice graphs for directors but, for example, i have a call that lost connectivity in one our branch with 1941 in the edge, i see that snmp can monitor it, cpu up to 20-30%, taffic about 30mb\s of ISP's 50mb\s channel, ip sla echo icmp on cisco to next-hop, to our vpn-concentrator and to google dns shows no errors and I can't get it, why tunnels go down and thin clients turn off and all voip telephony which uses external asterisk server.
I go to ManageEngine Netflow analyzer but it just shows statiscis and i can't see in it sessions at the moment of this problem and I dont actually know what to do...
NetFlow data can give you only bandwidth information on a per interface basis. I believe you need to monitor each VPN sessions when the CPU goes high as well as the bandwidth and try to drill down to the root cause. My suggestion will be adding an SNMP based monitor like ManageEngine OpManager to your NetFlow Analyzer or use SolarWinds NPM and NetFlow. Here is some info I found, though it talks about Cisco ASA.
Don Thomas Jacob
NOTE: Please rate posts and close questions if you have got the answer.