[nsp] 7200 "ARP Input" CPU utilization
Brian Wallingford
brian at meganet.net
Thu Sep 11 01:07:22 EDT 2003
Enable flow switching if you haven't already, and use "sh ip cache flow |
in [regex]" to narrow down the culprits. Your ARP storms are most likely
due to a rash of unreachables related to worm traffic.
Then, filter as necessary (to preserve your own network integrity) & break
out the cluebat.
On Wed, 10 Sep 2003, Michael Loftis wrote:
:Get your neighbors to clean the worms off their boxen? Seems like that is
:the culprit, lots and lots of excess ARP traffic....You doing proxy arp?
:or one of your ethernet neighbors doing proxy arp? Causing it spew ARP
:packets for hosts it shouldn't?
:
:Actually acidentally ran into this configuration less than a week ago on my
:Linux based firewall. Gave a 7206VXR a bit of a hangover until I figured
:out my mistake.
:
:--On Wednesday, September 10, 2003 8:18 PM -0700 Jay Stewart
:<jacob at stewarts.us> wrote:
:
:> Hello,
:>
:> I'm having some trouble with a 7206 that has been running pretty
:> flawlessly for almost a year now, no recent major config or network
:> changes. Historic CPU utilization was running between 1% - 4%, but now
:> is bouncing between 15% and 60%, peaking at 80%, with performance
:> fluctuating between "OK" to "chunky". The router in question is *NOT*
:> pushing much traffic, about 1.5m to 3.0m in/out through the FastEthernet
:> interfaces (f0/0 and f2/0) and an ATM DS3 on a PA-T3-A3+ and should not
:> be experiencing the performance slowdowns I'm seeing.
:>
:> I've sifted http://www.cisco.com/warp/public/63/queue_drops.html#before
:> through my clue sponge (brain) but nothing suggested there seems to
:> help.
:>
:> Looking at the process list suggests ARP seems to be the culprit.
More information about the cisco-nsp
mailing list