10-13-2013 08:17 AM - edited 03-07-2019 04:00 PM
Hi,
I have some issue with high cpu usage on my cisco Catalyst 4500 L3 Switch.
After I configured Policy Base Routing(PBR), cpu utilization was about 97% when the high traffic was passing through to this policy.
Please kindly let me know how to solve this issue.
Thanks.
Regards,
Min
10-16-2013 12:31 PM
Hello Minko
The Catalyst 4500 switching engine supports matching a "set next-hop" route-map action with a packet on a permit ACL. All other route-map actions, as well as matches of deny ACLs, are supported by a flow switching model. In this model, the first packet on a flow that matches a route-map will be delivered to the software for forwarding. Software determines the correct destination for the packet and installs an entry into the TCAM so that future packets on that flow are switched in hardware. The Catalyst 4500 switching engine supports a maximum of 4096 flows.
In order to resolve this problem following this step:
When route-maps are used in conjunction with access-lists then you should only permit in the acls to match traffic and then use permit/deny as needed in the route-map. For example if you wanted to deny network 10.5.5.0/24 and permit network 10.6.6.0/24 you would do the following:
access-list 1 permit 10.5.5.0 0.0.0.255
access-list 2 permit 10.6.6.0 0.0.0.255
route-map cisco deny 5
match ip address 1
route-map cisco permit 10
match ip address 2
Regards.
Wilson B
Please rate useful post!!
10-17-2013 08:43 AM
Hi Wilson,
Thanks for your reply.
Please let me tell about my configuration details.
I have three internet lines(LineA, LineB and LineC).
LineA for default gateway and LineB and LineC used for another purpose.
I have three subnet (172.16.1.0/26, 172.16.1.64/26, 172.16.1.128/25) that are used in Policy Based Routing.
I used internet LineB for subnet 172.16.1.0/26 and internet lineC for subnet (172.16.1.64/26 and 172.16.1.128/25).
So, my configuration for policy base routing is -
ip access-list extended LineB
permit ip 172.16.1.0 0.0.0.63 any
ip access-list extended LineC
permit ip 172.16.1.128 0.0.0.127 any
permit ip 172.16.1.64 0.0.0.63 any
route-map PBR permit 100
match ip address LineB
set ip default next-hop 10.10.10.1
route-map PBR permit 101
match ip address LineC
set ip default next-hop 10.10.20.1
These two lines(LineB and LineC) have high bandwidth usage everyday.
Whenever the LineB used the high bandwidth(about 16 to 20 Mbps), the cpu utilization was ok and just a little bit high.
But for LineC, whenever it used the high bandwidth(about 16 to 20 Mbps), the cpu utilization was quite bad and over 90% usage.
I used "set ip default next-hop" because I have to use local routing table of core switch for other vlan and intranet network connectivity.
In this case, how can I solve this high cpu utilization issue?
Great thanks for your reply.
Regards,
Min Ko
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide