Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4374
Views
5
Helpful
5
Replies

High cpu due to ARP input

haiyang xu
Level 1
Level 1

‎12-12-2012 12:24 AM - edited ‎03-07-2019 10:33 AM

1234567890.jpg                 

With the increase of users, ARP is also increasing, Ethereal by omniPeek, normally found inside the message, there is no any abnormal traffic, not through snooping and DAI effect, there are other better ways to limit ARP packets it?

Labels:
0 Helpful
5 Replies 5

bharat.rajwanshi
Level 1
Level 1

‎12-12-2012 01:35 AM

do you have any NIC teaming on network for servers? check if same IP learning on different MAC for teaming..

0 Helpful

haiyang xu
Level 1
Level 1
In response to bharat.rajwanshi

‎12-12-2012 06:34 PM

Thanks for your answer.

i have and i try to check found  no problem

0 Helpful

Arumugam Muthaiah
Cisco Employee
Cisco Employee

‎12-12-2012 04:58 AM

Hi,

High CPU utilization in the Address Resolution Protocol (ARP) Input process occurs if the router has to originate an excessive number of ARP requests. The router uses ARP for all hosts, not just those on the local subnet, and ARP requests are sent out as broadcasts, which causes more CPU utilization on every host in the network.

Make sure you dont have any default route pointing to interface instead IP address. If you still see the high cpu because of ARP inspection. Then an excessive amount of ARP requests can be caused by a malicious traffic stream which scans through locally attached subnets. An indication of such a stream is the presence of a very high number of incomplete ARP entries in the ARP table. Because incoming IP packets that trigger ARP requests have to be processed, troubleshooting this problem is essentially the same as troubleshooting high CPU utilization.

please see the below link for troubleshooting,

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af3.shtml

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af6.shtml#arp

Do you see any input drops incrementing on interfaces? what is the HW and SW version of this device.

Regards,

Aru

*** Please rate if the post is useful ***

Regards, Aru *** Please rate if the post useful ***
0 Helpful

haiyang xu
Level 1
Level 1
In response to Arumugam Muthaiah

‎12-12-2012 06:29 PM

Thanks for your answer

i don't see any input drops incrementing on interfaces;HW and SW:3.5  , 12.2(33)SXI3

after reading troubleshooting that i don't have to solve this problem

0 Helpful

Arumugam Muthaiah
Cisco Employee
Cisco Employee
In response to haiyang xu

‎12-12-2012 06:41 PM

Hi,

Thanks for your kind response. I can see some interrupts which causing the CPU and if you would like to which type of packet hitting the CPU, you could perform the netdr capture which will help to analyze the traffic which hits the CPU.

Note: This is cisco internal tool which doesnt cause any service impact on production.

# terminal length 0

# config t

# service internal

# debug netdr capture rx

# show netdr captured-packet

# un all

Refer:

https://supportforums.cisco.com/docs/DOC-15602

Regards,

Aru

*** Please rate if the post is useful ***

Regards, Aru *** Please rate if the post useful ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card