High CPU utilization due to high ARP Input process
One of the Cat 6500 VSS switches have been experiencing high cpu peaks for sometime. On analysis it was observed that it was due to high 'ARP Input' process. There are no static routes configured in this switch, no incomplete ARP entries or any inferences of DoS attack.
DIST_SW>sh proc cpu
CPU utilization for five seconds: 98%/31%; one minute: 79%; five minutes: 37%
PID Runtime(ms)InvokeduSecs5Sec1Min5Min TTY Process
I suspect it could be due to "proxy-arp" turned on by default under the interfaces and arranging to disable it. I've also started engaging server teams to verify if the subnet mask & default-gateway are configured correctly in all the servers along with any static routes configured pointing to a NIC as next-hop.
UK_PR_DIST_02>sh ip traffic | b ARP
Rcvd: 1752882295 requests, 30808911 replies, 3228 reverse, 0 other
Hi, thanks for your reply. I had already sniffed the traffic and shared ip /mac addr of hosts innolved in ARP broadcasts. However server admin didnt find any anamoly with the NIC settings. Disabling proxy ARP is more of protecting switches from being hit by ARP storm.
After my first publication of the book OSPF Demystified With RFC in 2014 which goes beyond the CCIE level which explores OSPF from the RFC's perspective. Since one year I had the idea : why not write a book for CCIE Enterprise and Infrastructure to be an ...
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...