06-06-2013 12:41 AM - edited 03-07-2019 01:45 PM
Hello. i have dynamic access list with 1812 acl's in. When i try to add or remove some acl cpu load grows. with old SXH3 not have this problem.
was this s72033-ipservices_wan-mz.122-33.SXH3.bin
now use this s72033-adventerprisek9_wan-mz.122-33.sxj5.bin
normal state
CPU utilization for five seconds: 21%/14%; one minute: 22%; five minutes: 23%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
12 73875376 150434948 491 2.31% 2.68% 2.70% 0 ARP Input
277 21812836 150170576 145 0.87% 0.87% 0.89% 0 IP Input
358 11509600 4908226 2344 0.79% 0.72% 0.72% 0 CEF: IPv4 proces
506 6156772 36103431 170 0.47% 0.26% 0.24% 0 Port manager per
279 8185028 85535737 95 0.39% 0.43% 0.45% 0 ADJ resolve proc
346 4873036 945044 5156 0.31% 0.21% 0.20% 0 IPC LC Message H
52 794712 2638180 301 0.23% 0.20% 0.18% 0 Per-Second Jobs
284 15048 12808 1174 0.15% 0.02% 0.04% 1 Virtual Exec
220 4241920 919405 4613 0.15% 0.22% 0.23% 0 Compute load avg
371 85988912 10168841 8456 0.15% 0.11% 0.69% 0 FM core
after addind new acl to dynamic access-list
CPU utilization for five seconds: 99%/14%; one minute: 29%; five minutes: 24%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
371 85996508 10169567 8456 76.47% 7.34% 2.04% 0 FM core
12 73878040 150440065 491 2.47% 2.70% 2.70% 0 ARP Input
577 2101652 230541 9116 1.19% 0.14% 0.08% 0 BGP Scanner
53 1720780 85543 20115 0.87% 0.10% 0.06% 0 Per-minute Jobs
333 1469216 159560 9207 0.79% 0.09% 0.06% 0 IP Background
277 21813836 150176162 145 0.71% 0.86% 0.89% 0 IP Input
Extended IP access list 198
10 Dynamic BADBOYS deny ip any any
10 deny ip host xxx.xxx.xxx.xxx any (994 matches)
10 deny ip host xxx.xxx.xxx.yyy any
10 deny ip host xxx.xxx.xxx.zzz any (92 matches)
10 deny ip host xxx.xxx.xxx.xyz any (253 matches)
......
Help please. Show how to decrease cpu usage. With old ios all was fine.
#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 1 1 port 10-Gigabit Ethernet Module WS-X6502-10GE SAD063102CJ
2 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 SAL0605HBEM
3 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAD05060THH
4 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0540CS1A
5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD080403YE
7 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL09253EJB
9 1 1 port 10-Gigabit Ethernet Module WS-X6502-10GE SAD073201N7
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 0060.2f30.9296 to 0060.2f30.9296 1.1 6.3(1) 12.2(33)SXJ5 Ok
2 0008.207c.671c to 0008.207c.674b 6.0 5.4(2) 12.2(33)SXJ5 Ok
3 0002.fc44.c010 to 0002.fc44.c01f 1.2 5.4(2) 12.2(33)SXJ5 Ok
4 0007.4f6a.d5e8 to 0007.4f6a.d5f7 1.0 5.4(2) 12.2(33)SXJ5 Ok
5 0011.5cab.51d0 to 0011.5cab.51d3 3.3 7.7(1) 12.2(33)SXJ5 Ok
7 0014.6a96.fab8 to 0014.6a96.fac7 4.2 7.2(1) 12.2(33)SXJ5 Ok
9 000d.29c1.41c6 to 000d.29c1.41c6 1.3 6.3(1) 12.2(33)SXJ5 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
1 10GBASE-LR Serial 1310nm lo WS-G6488 SAD0631017B 1.1 Ok
2 Inline Power Module WS-F6K-VPWR 1.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B SAD0914053A 2.1 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD072504WS 1.5 Ok
9 10GBASE-LR Serial 1310nm lo WS-G6488 SAD063802JH 1.1 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
3 Pass
4 Pass
5 Pass
7 Pass
9 Pass
show version
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXJ5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 31-Jan-13 14:30 by prod_rel_team
ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)
cisco6509 uptime is 3 weeks, 5 days, 8 hours, 35 minutes
Uptime for this control processor is 3 weeks, 5 days, 8 hours, 30 minutes
Time since cisco6509 switched to active is 3 weeks, 5 days, 8 hours, 29 minutes
System returned to ROM by power cycle (SP by power on)
System image file is "disk0:s72033-adventerprisek9_wan-mz.122-33.sxj5.bin"
Last reload reason: Unknown reason
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
cisco WS-C6509 (R7000) processor (revision 2.0) with 458720K/65536K bytes of memory.
Processor board ID SCA0333009W
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
434 Virtual Ethernet interfaces
48 FastEthernet interfaces
50 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
07-02-2013 09:55 PM
Hi Guys
I am also thinking about to upgrade to this version (s72033-adventerprisek9_wan-mz.122-33.sxj5.bin) to solve the high cpu usage. I know there could be multiple reason for high CPU usage but hope this version won't increase the problem.
Hope some one will jump in and talk about this version.
Thank you all in advance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: