08-24-2020 01:38 AM
Hi all,
i have 2911 router, the problem is that since few months we are noticing that the cpu load increases suddenly from 40-50 percent to 90-99 percent. we have around 120 ipsec tunnels from the branches to this router and one by one many tunnels starts flapping during that time. i have checked also that there is no outstanding traffic from the branches and if i count that it does hardly reaches to 2Mbps, but the uplink between our router and ISP shows traffic more then 11Mbps, so during that time what i usually do i put limit on that link and the things settle for sometime and cpu load decreases. but after applying limits the cpu load decreases but still randomly branches start flapping. so who is consuming that extra 7-8Mbps of bandwidth during that time? how we can trace that which link is causing problem for us? and is there any permanent solution for that? do we have to upgrade our hardware as there are many tunnels?
the following two process are consuming cpu but it does not sums upto 90 percents as others are in .01
174 181960280 152713972 1191 13.59% 12.51% 10.69% 0 IP Input
325 63963084 56403152 1134 4.63% 4.72% 4.60% 0 Crypto IKEv2
08-24-2020 01:45 AM
08-24-2020 02:06 AM
Hi Leo
the uptime is 1 week, 3 days, 18 hours, 36 minutes
and the version is Version 15.0(1r)M16
08-24-2020 02:38 AM
@CCIE Aspirant wrote:
15.0(1r)M16
That is the version of the ROMMON.
The IOS version is found in the first line of the "sh version" command. It is hard to miss it.
08-24-2020 02:45 AM
08-24-2020 02:53 AM - edited 08-24-2020 02:54 AM
The next time the CPU shoots up, post the complete output to the following commands:
sh logs sh proc cpu sort | ex 0.00 sh interface <WAN LINK> sh interface <LAN LINK>
I also want to know the time the CPU started to spike.
08-24-2020 03:22 AM
08-24-2020 02:41 AM
Hello,
post the running configuration (sh run) of your router...
08-24-2020 02:48 AM
08-24-2020 02:49 AM
Hello,
I am looking for anything that can tax the CPU, such as access list logging etc.
Save the config to a .txt file and attach it to your post.
08-24-2020 03:27 AM
08-24-2020 03:43 AM - edited 08-24-2020 04:09 AM
@CCIE Aspirant wrote:
as i do not want our configuration can be seen by all
Take away the passwords, keys, SNMP community strings and IP address and the config is "sanitized".
Otherwise, raise a TAC Case.
08-24-2020 04:34 AM
If you click on a username, the profile page opens, and you can send a private message...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide