Does ARP request can flood the CPU of 6509E ?

Shlomy Maron · ‎11-12-2015

Hi,

I have Cisco 6509E in our campus.

I was wondering if ARP flood can be a reason for the 6509E CPU to be overloaded - the 6509E is configured with SVI on this VLAN.

I was wondering if there is a list which type of packets are being proccessed by the CPU ?

Mark Malone · ‎11-12-2015

Hey If theres an excessive amount of arp requests coming in it can flood cpu but you should see it under the show proc cpu sorted if you have high ip input its usually from arps or miss configuration

things that can cause this are default route pointing to interface instead of ip , an infected pc with worm,issues with cef packets being punted to cpu instead of being fast switched , log enabled every acl

These are just some causes have come across

Shlomy Maron · ‎11-12-2015

Hi Mark,

thanks for you help !

just to clarify - the 6509E switch didn't initiate any ARP request etc.

the is a cloud connected to it for development that sent all of the arp requests and it did affect the switch.

I was wondering why did it effect the switch ? after all the arp requests wasn't for the IP of the switch.

Mark Malone · ‎11-12-2015

Hey The 65 does not need to initiate them it just needs to be a layer 3 device on the network as thats where the arp is done, if was only l2 it wouldnt be resolving macs-ips so you wouldnt see an issue like that on it.If its set for L3 its going to do this by default as it has a routing table.L2 switch only has mac/cam table