[RE: [nsp] High CPU on 2600]

joshua sahala joshua.ej.smith at usa.net
Thu Oct 23 11:23:06 EDT 2003 

"Voll, Scott" <Scott.Voll at wesd.org> wrote:

> Have you looked at how much ICMP traffic your getting on the box?  We
> had routers dieing with all the ICMP traffic the viruses were putting
> out.
> 
> On the Sh Proccess CPU see what your  IP Input looks like.  If it seems
> really high block ICMP and log it and see if that's your problem.

if your cpu is already high, DO NOT log, you might kill the router...that
being said, block/police icmp and see if that helps (you will see your
acl counters incrementing at a crazy rate if you have worms).  turn off
any services you don't need, make sure cef is on, try getting some small
netflow samples (or a 'sho ip traf' to get an idea of what is moving
through the router - netflow also helps identify which users have worms),
acl traffic to the router.

of course, do these things one at a time, and watch your traffic/cpu
carefully

/joshua

ps - joel, are you coming to the sflnog meeting on the 5th?
 
> Scott
> 
> -----Original Message-----
> From: Joel Perez [mailto:jperez at numind.net] 
> Sent: Thursday, October 23, 2003 7:20 AM
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] High CPU on 2600
> 
> Hey guys,
>  
> I have a small problem. I have a 2600 in a remote office doing NAT'ing
> serving about 20-25 people. Everything works fine except that the cpu on
> the 2600 is thru the roof.
> They aren't generating much traffic, probably about 1.5 megs. The 2600
> is only using the FastEth for the internal and external interaces. Can
> the NAT'ing be making my CPU that high?
> Here is the config I have now:
>  
>  
> ip subnet-zero
> ip cef
> !
> interface FastEthernet0/0
>  description ---------------"Gateway to Internet"---------------
>  ip address 1.2.3.4 255.255.255.0
>  ip nat outside
>  duplex auto
>  speed auto
> !
> interface Serial0/0
>  no ip address
>  shutdown
>  no fair-queue
> !
> interface FastEthernet0/1
>  description ---------------"Gateway To Etrade"---------------
>  ip address 5.6.7.8 255.255.255.0
>  ip nat inside
>  duplex auto
>  speed auto
> !
> ip nat pool Traders 1.2.3.4 1.2.3.4 prefix-length 24
> ip nat inside source list 1 pool Traders overload
> no ip http server
> ip classless
> ip route 0.0.0.0 0.0.0.0 1.2.3.1
> !
> !
> access-list 1 permit 10.64.14.0 0.0.0.255
>  
> Regards,
>  
> ----------------------------------------------
> Joel Perez <jperez at ntera.net>  | IP Engineer
> http://www.ntera.net/                 | Ntera
> 305.914.3412
>  
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



"Walk with me through the Universe,
 And along the way see how all of us are Connected.
 Feast the eyes of your Soul,
 On the Love that abounds.
 In all places at once, seemingly endless,
 Like your own existence."
     - Stephen Hawking -

More information about the cisco-nsp mailing list