Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1426
Views
0
Helpful
8
Replies

3750: High CPU Utilization...Causes?

w-sims
Level 1
Level 1

‎12-27-2006 09:11 AM - edited ‎03-05-2019 01:30 PM

I have a 2 switch stack of 3750-12S That have High CPU utilization primarily with the IP Input process. Any suggestions as to causes?

Labels:
0 Helpful
8 Replies 8

royalblues
Level 10
Level 10

‎12-27-2006 09:22 AM

can you please post the output of show version and sh processes CPU.

Narayan

0 Helpful

w-sims
Level 1
Level 1
In response to royalblues

‎12-27-2006 10:27 AM

Attached is the requested info.

Preview file
20 KB
0 Helpful

pjosefson
Level 1
Level 1

‎01-04-2007 09:06 PM

Did you ever resolve this? I have a customer with similar problems, and I *think* I've narrowed it down to worm-infected clients trying to infect random addresses (leading to LOTS of new flows having to be routed by the CPU).

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to pjosefson

‎01-05-2007 04:24 AM

That would certainly do it if you have infected clients . If this is the case I would find out why the antivirus isn't working on their machines .

0 Helpful

pjosefson
Level 1
Level 1
In response to glen.grant

‎01-08-2007 01:31 PM

As I would... unless they were CaTV broadband customers - I have no desire to instill into them the notion that I am available around the clock for support... or take any responsibility whatsoever for their antivirus solutions... :-)

Waving with my customer's AUP might do the trick, though, but as their staff is 1.5 people, I don't think they care much for spending time waving...

However... I DO suspect a middlebox (NetIntact PacketLogic) is doing some sending of gratuitous RST:s... meaning that even updated Windows machines maximum-connection-per-host is thwarted. I so do NOT like middleboxes (esp. since I didn't sell it in the first place)...

/Peter

0 Helpful

w-sims
Level 1
Level 1
In response to pjosefson

‎01-08-2007 08:54 AM

Is your client switch/routing Tivoli Service Manager (TSM) across this switch?

0 Helpful

pjosefson
Level 1
Level 1
In response to w-sims

‎01-08-2007 01:48 PM

Not that he knows of. Broadband customers - individuals/households as well as commercial (problems most severe at night, when the commercial customers don't do much, so it shouldn't be them). But you tickled my curiousity. Why?

More info: The network is a mini-MAN in a town with almost exactly 10000 residents. The 3750 cluster is the core L3 equipment, access layer is L2 switches.

We MAY be oversubscribing the TCAM, as we have almost a hundred VLAN:s running L3 (as opposed to the 8 in the example in the sdm template). On the other hand, 100 / 8 = 12.5 and we are nowhere near 12.5 times the numbers supported by the template. We more or less only have a default gateway (upstream ISP) and then each directly connected VLAN.

Also, I feel I would see interrupt load then (as CEF in CPU would show as CPU load), not IP Input. Right?

/Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card