[c-nsp] CEF Scanner eating CPU in Supervisor 720

Rodney Dunn rodunn at cisco.com
Thu Jun 8 16:06:49 EDT 2006


On Thu, Jun 08, 2006 at 09:39:55PM +0200, Peter Salanki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Yes, we are running MPLS. Does mac changes load CEF Scanner more when  
> MPLS is enabled?

Yes. Sorta confusing but the MPLS TFIB scanner piggybacks on the CEF
scanner.

On SXF4 you have the fix but one problem we had was:

CSCsb16512
Externally found moderate defect: Resolved (R)
High CPU in CEF Process and CEF scanner due to prefix reresolve

A Cisco router may show high CPU in the CEF scanner process with MPLS configured.
The condition is triggered when an existing arp entry learned on the interface  that is
mpls enabled changes for an ip address that already exist.

Workaround: None.

What we did there was change it such that if a mac address changes we
don't reresolve the prefixes for macs that didn't change. We were doing it
on a per interface before which wasn't too smart.

Your core links with MPLS enabled should be pretty stable at L2 for
your mac rewrites. That's why you should have a L3 segment that only
has your MPLS peers on it. VLAN it out or something.

Rodney

 I have a couple of /32s that are repeated a number  
> of times in sh ip cef event. So probably caused by duplicate IPs or  
> something like that, is there any aid for this other than trying to  
> hunt down every broken customer.
> 
> 
> 8 jun 2006 kl. 19.40 skrev Rodney Dunn:
> 
> > Are you running MPLS on the box?
> >
> > Check the sh ip cef event outut and see if you have a /32 ADJ
> > for a mac constantly changing. That's the most common trigger
> > I've seen for the scanner running high.
> >
> > You are forcing CEF to constantly reresolve prefixes.
> >
> > Rodney
> >
> > On Thu, Jun 08, 2006 at 02:23:22PM +0200, Peter Salanki wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Hello,
> >>
> >> Process "CEF Scanner" is eating average 60% of the CPU on one of my
> >> Sup720-3BXL. This leads to snmp responses being delayed and full BGP
> >> updates taking a long time. I have not seen this on any of my other
> >> sup720s. What differs this box from the rest is that this one has a
> >> lot of directly connected hosts ~10 SVIs with 300 hosts each (on /23
> >> subnets). I have tried setting arp timeout to 1200 on those SVIs,
> >> which resulted in a small CPU utilization decrease. What can I do to
> >> calm down the CEF Scanner? I'm running 12.2(18)SXF4.
> >>
> >> CPU utilization for five seconds: 44%/4%; one minute: 38%; five
> >> minutes: 38%
> >> PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
> >> 119   103495040    719635     143819 35.40% 23.87% 21.54%   0 CEF
> >> Scanner
> >>
> >> Sincerely
> >>
> >> Peter Salanki
> >> Chief Network Engineer
> >> Bahnhof AB (AS8473)
> >> www.bahnhof.se
> >> Office: +46855577132
> >> Cell: +46709174932
> >>
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.2.2 (Darwin)
> >>
> >> iD8DBQFEiBa7iQKhdiFGiogRAr9aAJ9W+rryMPcg5qnAYrYTU9jbRg8PFgCdHDA3
> >> QjIpm/Yk7kuf4VjZN5MqDq8=
> >> =O029
> >> -----END PGP SIGNATURE-----
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> Sincerely
> 
> Peter Salanki
> Chief Network Engineer
> Bahnhof AB (AS8473)
> www.bahnhof.se
> Office: +46855577132
> Cell: +46709174932
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> 
> iD8DBQFEiH0LiQKhdiFGiogRAkeMAKCZwPieK5gWAw9h7u04SU8KgdsVjwCfX1CF
> QMCyuAjUrFE3g9CEN2/WiEI=
> =SxIf
> -----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list