cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
496
Views
0
Helpful
3
Replies

High CPU load on 2811

kasper123
Level 4
Level 4

Hi,

We have a 2811 router and we are facing high CPU load but show proc cpu does not show processes with high CPU utilisation.

RT#show proc cpu sorted | exclude 0.00%
CPU utilization for five seconds: 99%/94%; one minute: 99%; five minutes: 98%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
  95     2157484   1814314       1189  3.29%  4.76%  4.68%   0 IP Input        
   2       14624     44123        331  0.94%  0.64%  0.63%   0 Load Meter      
   5      154552      2451      63056  0.37%  0.97%  0.91%   0 Pool Manager    
  38      126116    682626        184  0.18%  0.23%  0.24%   0 Net Background  
 185      142660    545202        261  0.09%  0.08%  0.08%   0 Crypto PAS Proc 
  88       58804   6821262          8  0.09%  0.01%  0.01%   0 ACCT Periodic Pr
 102        4548       395      11513  0.09%  0.11%  0.03% 514 SSH Process     
  42       12480    220592         56  0.09%  0.03%  0.02%   0 Per-Second Jobs 
 

This does not happed outside working hours. The router is used only for VPN's (No NATing). It terminates around 25 tunnels but there is not a lot of traffic through the tunnels.

The extremly high load started mondat morning and continues this morning. During the weekend it was fine. Earlier we would have situations when the CPU would spike but it would soon be down to normal values.

From what I read the above output means that the CPU load is caused by interrupts. What is the best way to troubleshoot this?

Regards.

3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

It's difficult to "debug" interrupt CPU because it normally deals with optimal packet forwarding through the router.

Please define "not a lot of traffic".

What kind of tunnels?

Any chance your tunnels are fragmenting traffic?

>Please define "not a lot of traffic".

There are several computers at each of the 25 subsidiaries and they are not using a lot of services from the central location.

 

>What kind of tunnels?

The remote locations have dynamic IP addresses and are building site to site VPN with tunnel interfaces.

 

>Any chance your tunnels are fragmenting traffic?

Not sure. How can I check this?

 

Regards.

 

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sorry I wasn't clear, but when I was asking about "not a lot of traffic", I was wondering about actual  volume passing through the 2811.

When I asked about "kind of tunnels", I was wondering about how they are configured.  E.g. GRE or IPSec/GRE or VTI, encryption options, other tunnel interface options.

Perhaps the easiest way to check for fragmentation, is packet analyze the traffic passing through the 2811.