Factors may cause “Cisco High CPU”

From we have been through for years, High CPU may caused by :

a. IP Input
b. BGP Router
c. BGP Scanner
d. Virtual Exec

as they seen in below captured realtime cpu process :

CPU utilization for five seconds: 18%/18%; one minute: 20%; five minutes: 21%
47 2297526152-2139485143 0 0.07% 0.08% 0.11% 0 IP Input
126 12 1483 8 0.00% 0.00% 0.00% 2 Virtual Exec
133 15002844 84059163 178 0.15% 0.01% 0.00% 0 BGP Router
136 688579928 4168349 165198 0.00% 1.98% 2.61% 0 BGP Scanner

Suggestion :

1. IP Input
- Check Number of & Move IP Secondaries on one interfaces, simplify !
- Enable “ip cef” in global config
- Enable “ip route-cache same interface” on interface
- Enable “ip route-cache cef” on interface
- Check “ip nbar protocol discovery” on interface, disabled if it’s not needed !
- Check number of access-list rows
- Remove “log” sufix in access-list if it’s not needed
- Simplify your access-list by aggregating or use null 0 to block specific IP/Prefix
- Check service policy and how it matches the conditions (acl, prefix, ect), simplify !
- Check policy map and how it matches the conditions (acl, prefix, ect), simplify !

2. BGP Routing & Scanning
- Enable Fast switching [CEF]
- Filter more routes or internet routing table size (not full route)
- Check your Memory & Upgrade if needed
- Simplify your BGP config
- Simplify neighbors (peer-group).

3. Virtual Exec
- Check & Limit VTY
- Restrict VTY idle time login
- Check logging console > disabled
- Check Logging monitor > disabled

Other thing, simplify your config by removing any unused :

- access-list
- policy-map
- route-map
- prefix-list
- as-path access-list
- static routes
- BackUp your config periodically or even in shortime, should changes always made to this engine.

a. rahman isnaini r.sutan
2404:170:253::10