cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3324
Views
0
Helpful
7
Replies

CPU utilization 6500

adilhayat
Level 1
Level 1

Dear All

My 6513 max cpu utilization reaches around 60 % however, avg CPU remains around 10%. What is the ideal maximum cpu and memory utilization percentage? Can someone explain.

     6111114444411111444441111122222444443333344444     3333311

100

90

80

70

60

50

40

30

20

10  *

    0....5....1....1....2....2....3....3....4....4....5....5....

              0    5    0    5    0    5    0    5    0    5

               CPU% per second (last 60 seconds)

           2    1          5 2    11        5 2  2 4 1     4

     8876571766626885555566673666620757766580936766272756660564

100

90

80

70

60                        *

50                        *                *

40                        *                *      *       *

30                        *                *    * *       *

20        *               * *              * *  * *       *

10  ***********#**********#*#****#*********#*#**#*#*#*****#**

    0....5....1....1....2....2....3....3....4....4....5....5....

              0    5    0    5    0    5    0    5    0    5

               CPU% per minute (last 60 minutes)

              * = maximum CPU%   # = average CPU%

     4111111111111111154154111111111111111111111111111111111111111111111111

     0332234226323223366364222235320113212322202233101232122221353312122221

100

90

3 Accepted Solutions

Accepted Solutions

Eduardo Aliaga
Level 4
Level 4

The ideal CPU and memory are the lowest ones .

The real CPU and memory usage is totally different in every device, because it depends on the configuration and on the traffic that is traversing the device.

For example I once saw a firewall going to 100% CPU because it was configured to log every single packet denied (and they were denying lots and lots of packets per second), when they removed the "logging" config then the CPU usage dropped down dramatically.

Another example, if you issue the "debug ip packet" command and at that very moment you have lots and lots of packets going to your device, then CPU will raise maybe to 100%.

I would start to worry if average CPU usage is 60% or more.

Kind regards

View solution in original post

ACLs should be handled in hardware on the 6500 switches so you should be fine. Be careful of logging which can mean the packet is sent to the main CPU ie. software switched. If you need to log then look at Optimised logging on the 6500.

Jon

View solution in original post

Hello,

on 6500 - sup 720 or 32, as long as you have PFC3 or higher there should be an engine to do ACE (Access control entry) counters in hardware, without the need to use the log parameter.

Regards,

Bruno Silva.

View solution in original post

7 Replies 7

Eduardo Aliaga
Level 4
Level 4

The ideal CPU and memory are the lowest ones .

The real CPU and memory usage is totally different in every device, because it depends on the configuration and on the traffic that is traversing the device.

For example I once saw a firewall going to 100% CPU because it was configured to log every single packet denied (and they were denying lots and lots of packets per second), when they removed the "logging" config then the CPU usage dropped down dramatically.

Another example, if you issue the "debug ip packet" command and at that very moment you have lots and lots of packets going to your device, then CPU will raise maybe to 100%.

I would start to worry if average CPU usage is 60% or more.

Kind regards

Dear eduardoaliaga

Thanks for your reply, but dont u think that if a dos attack happens during peak time or legitimate traffic increases suddently then having 60% max could be very risky.

Thanks

Dear all

I need to apply 15 ACLs on SVIs, each ACL is having around 30 lines, based on the cpu utilization of 6500 mentioned (max 60 %) is it recommended ?

ACLs should be handled in hardware on the 6500 switches so you should be fine. Be careful of logging which can mean the packet is sent to the main CPU ie. software switched. If you need to log then look at Optimised logging on the 6500.

Jon

Hello,

on 6500 - sup 720 or 32, as long as you have PFC3 or higher there should be an engine to do ACE (Access control entry) counters in hardware, without the need to use the log parameter.

Regards,

Bruno Silva.

first try to identify what is causing the high cpu,

run a "sh proc cpu sorted" during the event and look for the proc that causes that .

if you have monitoring system monitoring your cat6x then look for correlation between events like bgp scanner proc/traffic changes etc . and the high cpu . also look if you have a specific time gaps between each event . that would give you a clue and perhaps narrow options .

you can also monitor the packets going to the RP for further analysis with monitor session rp in , or something like that . but be cautious .

about the ACLs , check for the PFC type you'r having , like Bruno Silva  said above , you can use these commands to view it :

6500#sh platform hardware pfc mode

PFC operating mode : PFC3C

6500#sh module 

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  5    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G        xxxxx

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

  5  Policy Feature Card 3       VS-F6K-PFC3C       xxxx  1.1    Ok

  5  MSFC3 Daughterboard         VS-F6K-MSFC3       xxxx  2.1    Ok

WILLIAM STEGMAN
Level 4
Level 4

There might be intermittent host flapping, possibly due to a misconfigured etherchannel to a multihomed host.

Try enabling the following command and look in the logs for any host flapping.

mac address-table notification mac-move

Review Cisco Networking for a $25 gift card