[c-nsp] High interrupt CPU load on Cat3750, caused by ACL?
Clinton Work
clinton at scripty.com
Mon Mar 27 10:25:10 EST 2006
Neither the 3550 or 3750 can support ACLs with a lot of L4 operations (TCP /
UDP ports or flags). I would try removing and reapplying the ACLs to see if
you get an error message in the log.
Also check that your not exceeding the unicast route limits for your current
SDM template. Both the number of unicast routes and ARP entries
are important. On the 3550 at least, each ARP entry uses one
unicast CEF entry (unicast route).
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a00801e7bb9.shtml#topic4
I would also check the "show controllers cpu-interface" for a lot of
sw forwarding frames. I have seen both complicated ACLs and too many unicast
routes force all IP packets to be routed by the CPU.
Johannes Resch wrote:
> hi there,
>
> I've got a stack of 2x C3750G-24T running c3750-ipservicesk9-mz.122-25.SEE
> giving me some trouble.
>
> the device uses OSPF and BGP (~3k routes total) and has about 35 routed
> SVIs (some of them with rate limiting).
> all routed traffic is below 50 mbit/sec, plus about 70mbit of switched
> traffic, less than 15kpps total. no QoS, PBR, L2-ACLs or other fancy
> features.
>
> however, "show proc cpu" shows a high level of interrupt CPU load:
>
> CPU utilization for five seconds: 78%/72%; one minute: 79%; five minutes: 77%
>
More information about the cisco-nsp
mailing list