Factors may cause “Cisco High CPU”

Posted on April 15, 2008. Filed under: BGP, Cisco |

From we have been through for years, High CPU may caused by :

a. IP Input
b. BGP Router
c. BGP Scanner
d. Virtual Exec

as they seen in below captured realtime cpu process :

CPU utilization for five seconds: 18%/18%; one minute: 20%; five minutes: 21%
47 2297526152-2139485143 0 0.07% 0.08% 0.11% 0 IP Input
126 12 1483 8 0.00% 0.00% 0.00% 2 Virtual Exec
133 15002844 84059163 178 0.15% 0.01% 0.00% 0 BGP Router
136 688579928 4168349 165198 0.00% 1.98% 2.61% 0 BGP Scanner

Suggestion :

1. IP Input
– Check Number of & Move IP Secondaries on one interfaces, simplify !
– Enable “ip cef” in global config
– Enable “ip route-cache same interface” on interface
– Enable “ip route-cache cef” on interface
– Check “ip nbar protocol discovery” on interface, disabled if it’s not needed !
– Check number of access-list rows
– Remove “log” sufix in access-list if it’s not needed
– Simplify your access-list by aggregating or use null 0 to block specific IP/Prefix
– Check service policy and how it matches the conditions (acl, prefix, ect), simplify !
– Check policy map and how it matches the conditions (acl, prefix, ect), simplify !

2. BGP Routing & Scanning
– Enable Fast switching [CEF]
– Filter more routes or internet routing table size (not full route)
– Check your Memory & Upgrade if needed
– Simplify your BGP config
– Simplify neighbors (peer-group).

3. Virtual Exec
– Check & Limit VTY
– Restrict VTY idle time login
– Check logging console > disabled
– Check Logging monitor > disabled

Other thing, simplify your config by removing any unused :

– access-list
– policy-map
– route-map
– prefix-list
– as-path access-list
– static routes
– BackUp your config periodically or even in shortime, should changes always made to this engine.

a. rahman isnaini r.sutan
2404:170:253::10

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

One Response to “Factors may cause “Cisco High CPU””

RSS Feed for tukang-tukang oprek Comments RSS Feed

Thanks for the tips,
Gabriel


Where's The Comment Form?

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: