Re: Router CPU load suddenly increases to over 90 Percent

CCIE Aspirant · ‎08-24-2020

Hi all,

i have 2911 router, the problem is that since few months we are noticing that the cpu load increases suddenly from 40-50 percent to 90-99 percent. we have around 120 ipsec tunnels from the branches to this router and one by one many tunnels starts flapping during that time. i have checked also that there is no outstanding traffic from the branches and if i count that it does hardly reaches to 2Mbps, but the uplink between our router and ISP shows traffic more then 11Mbps, so during that time what i usually do i put limit on that link and the things settle for sometime and cpu load decreases. but after applying limits the cpu load decreases but still randomly branches start flapping. so who is consuming that extra 7-8Mbps of bandwidth during that time? how we can trace that which link is causing problem for us? and is there any permanent solution for that? do we have to upgrade our hardware as there are many tunnels?

the following two process are consuming cpu but it does not sums upto 90 percents as others are in .01

174 181960280 152713972 1191 13.59% 12.51% 10.69% 0 IP Input
325 63963084 56403152 1134 4.63% 4.72% 4.60% 0 Crypto IKEv2

Leo Laohoo · ‎08-24-2020

What is the exact firmware version the router is running on and what is the uptime?

CCIE Aspirant · ‎08-24-2020

Hi Leo

the uptime is 1 week, 3 days, 18 hours, 36 minutes

and the version is Version 15.0(1r)M16

Leo Laohoo · ‎08-24-2020

@CCIE Aspirant wrote:

15.0(1r)M16

That is the version of the ROMMON.
The IOS version is found in the first line of the "sh version" command. It is hard to miss it.

CCIE Aspirant · ‎08-24-2020

@leo
thanks for reply
we are using Version 15.7(3)M2

Leo Laohoo · ‎08-24-2020

The next time the CPU shoots up, post the complete output to the following commands:

sh logs
sh proc cpu sort | ex 0.00
sh interface <WAN LINK>
sh interface <LAN LINK>

I also want to know the time the CPU started to spike.

CCIE Aspirant · ‎08-24-2020

@ Leo
it can not be predicted when the next spike can happens, it did happend last friday and before that may be two weeks ago, sure i will keep an eye on it and as soon as it spikes i will post these outputs here

Georg Pauwen · ‎08-24-2020

Hello,

post the running configuration (sh run) of your router...

CCIE Aspirant · ‎08-24-2020

@Georg Pauwen
thanks for your reply
can u be please more specific about what u need to check as the current running config will be too long
thanks

Georg Pauwen · ‎08-24-2020

Hello,

I am looking for anything that can tax the CPU, such as access list logging etc.

Save the config to a .txt file and attach it to your post.

CCIE Aspirant · ‎08-24-2020

@Georg Pauwen

is there any way i can send that file privately to you? as i do not want our configuration can be seen by all, i hope u understand
thanks

Leo Laohoo · ‎08-24-2020

@CCIE Aspirant wrote:
as i do not want our configuration can be seen by all

Take away the passwords, keys, SNMP community strings and IP address and the config is "sanitized".

Otherwise, raise a TAC Case.

Georg Pauwen · ‎08-24-2020

If you click on a username, the profile page opens, and you can send a private message...