cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1846
Views
0
Helpful
2
Replies

High CPU - hostflapping - Checkpoint

ckeithjones
Level 1
Level 1

I am seeing high CPU usage on a Cat 4507. I have run the following:

show logg

Nov 16 14:08:27.154 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:01 in vlan 1 is flapping between port Gi5/10 and port Gi5/30

Nov 16 14:08:42.150 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:01 in vlan 1 is flapping between port Gi5/10 and port Gi5/30

Nov 16 14:08:57.138 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:01 in vlan 1 is flapping between port Gi5/30 and port Gi5/10

show process cpu sort

CPU utilization for five seconds: 81%/1%; one minute: 83%; five minutes: 83%

PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process

  46  40109659921826789115       2195 64.16% 64.07% 64.57%   0 Cat4k Mgmt LoPri

  45  30200456881129227993       2674 11.65% 12.01% 11.94%   0 Cat4k Mgmt HiPri

show platform health (snipped to show high process)

                    %CPU   %CPU    RunTimeMax   Priority  Average %CPU  Total

                     Target Actual Target Actual   Fg   Bg 5Sec Min Hour  CPU

K2L2 Address Table R   2.00  65.03     12      6  100  500   82  78   60  327274:28

I assume the hostflapping is causing a spike in CPU since the packets are not being processed by CEF. A checkpoint firewall is on the other side of the two ports. Has anyone run across this problem in general or with Checkpoint firewall using the same mac on two different ports? How could I solve this?

Keith

2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

Is spanning tree configured on your switch?

Error Message when the Host Address is a Source Address on Multiple Ports

Problem

The %C4K_EBM-4-HOSTFLAPPING:Host [mac-addr] in vlan       [dec] is flapping between port [char] and port [char] error       message appears.

This error message appears on the switch when the switch detects the       specified host address as a source address on multiple ports.

Cause

The issue can occur due to Spanning Tree Protocol (STP) loops in the       network that cause packet drops from the specific host. In addition to packet       drops, STP loops lead to several other symptoms, which are listed here:

  • Loss of connectivity to, from, and through affected network           regions.

  • High link utilization (often 100 percent).

  • High switch backplane utilization (compared to the baseline           utilization).

  • Syslog messages that indicate packet looping in the network (for           example, HSRP duplicate IP address messages).

  • Syslog messages that indicate constant address relearning or MAC           address flapping messages.

  • An increase in the number of output drops on many           interfaces.

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a008063c36f.shtml

HTH

Yes.

Keith

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco