Re: Router CPU maxed

flippedmedia1 · ‎08-05-2005

Hi,

Our CPU is always at 99%. I managed to log into the router to kill some of the NAT and got it down a bit.

Is there something wrong with our config that will cuase it to lag?

Here are the big % CPU processes

CPU utilization for five seconds: 71%/18%; one minute: 90%; five minutes: 90%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

3 29620 3061 9676 0.00% 0.23% 1.31% 130 SSH Process

47 86859516 7937769 10942 46.31% 59.85% 60.68% 0 IP Input

136 167140 143215312 1 0.39% 0.23% 0.17% 0 SAA Event Proces

142 9980864 3091245 3228 4.92% 7.97% 8.65% 0 IP NAT Ager

148 256884 1307197 196 0.47% 0.24% 0.20% 0 NAT MIB Helper

configuration:

interface FastEthernet1/1

ip address 192.168.101.1 255.255.255.0 secondary

ip address 192.168.100.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip policy route-map internet

speed 100

full-duplex

no cdp enable

!

ip nat inside source static 192.168.100.205 61.17.47.205 route-map internet

ip nat inside source static 192.168.101.21 61.15.252.6 route-map internet

ip nat inside source static 192.168.101.31 61.15.252.11 route-map internet

ip nat inside source static 192.168.101.41 61.15.252.16 route-map internet

ip nat inside source static 192.168.101.51 61.15.252.21 route-map internet

ip nat inside source static 192.168.100.216 61.17.47.216 route-map internet

ip nat inside source static 192.168.100.121 61.15.252.29 route-map internet

ip nat inside source static 192.168.100.200 61.15.252.30 route-map internet

ip nat inside source static 192.168.100.201 61.15.252.27 route-map internet

ip nat inside source static 192.168.100.151 61.15.252.28 route-map internet

ip nat inside source static 192.168.101.22 61.15.252.7 route-map internet

ip nat inside source static 192.168.101.23 61.15.252.8 route-map internet

ip nat inside source static 192.168.101.24 61.15.252.9 route-map internet

ip nat inside source static 192.168.101.25 61.15.252.10 route-map internet

ip nat inside source static 192.168.101.11 61.15.252.1 route-map internet

ip nat inside source static 192.168.101.12 61.15.252.2 route-map internet

ip nat inside source static 192.168.101.13 61.15.252.3 route-map internet

no ip http server

no ip http secure-server

ip classless

no ip route static inter-vrf

ip route 0.0.0.0 0.0.0.0 61.17.47.1

!

access-list 110 permit ip 192.168.100.0 0.0.0.255 any

access-list 111 permit ip 192.168.101.0 0.0.0.255 any

!

route-map internet permit 10

match ip address 110

set ip next-hop 61.191.202.165

!

route-map internet permit 20

match ip address 111

set ip next-hop 61.17.47.1

!

Thanks in advance.

paddyxdoyle · ‎08-05-2005

Hi,

What happens if you remove the route map from FastEthernet1/1.

You could try enabling fast switching for route-maps which i believe is a feature from IOS v12.0 onwards.

Try adding "ip route-cache policy" to interface FastEthernet1/1

HTH

PJD

paddyxdoyle · ‎08-05-2005

Actually i've just read that CEF switched policy based routing is faster than fast switched PBR so if you are happy that this issue is down to your route-map then make sure CEF is running on your router and by default your route-map will be CEF switched.

I think the following will determine whether cef is running

# show ip cef

To enable CEF its

# ip cef

PBR:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d2.html#wp1000980

CEF:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_tech_note09186a00801e1e46.shtml

Let me know how you get on?

Rgds

PJD

shijogeorge · ‎08-08-2005

Hi,

I believe you are using route-maps here for source IP based routing, not for policy NAT.

It this is the case try removing the route-maps from all the nat statements (only).

eg: ip nat inside source static 192.168.100.205 61.17.47.205

Regards,

Shijo George.