[c-nsp] IP Input high CPU utilization
David Coulson
david at davidcoulson.net
Wed Jan 24 14:32:41 EST 2007
This has been bugging me for a while, and I thought it had it cracked -
But no, I don't.
I have two 7507s with PA-FEs on VIP2s and GEIPs. On one router I have my
vlan 100 on a FE (core1), on the other it is on g 4/0/0.100 (core2).
Life is good. Both routers run <5% CPU all the time. core1 is generally
the active router in the HSRP pair.
I set core2 to be the active router, and life continued to be good. CPU
usage didn't change at all, and everything was smooth. I moved the
config off the FE onto g 4/0/0.100 on core1, and again, things kept
working and CPU usage was low. At this point core2 is still the active
router in the configuration.
So, I decided to make core1 the active router in HSRP. It started to
utilize 100% cpu on core1 due to the 'IP Input' process. I know this is
caused by process switched packets, however since the config for the
interfaces is the same on both routers, I can't figure out why it would
behave differently on the two routers. For all intents and purposes,
these two routers are identical (same IOS, same RSPs, same VIP/PAs).
Even when I have HSRP move onto core2, we still have outbound traffic to
that interface on core1, and traffic which would previously have been
routed via core1 (e.g. directly connected customers) will come in on
another GigE interface sub-interface and end up on core1 anyway.
Is my best bet to turn it up on core1, clear the counters, and watch
'show int switching' for a while and see why it is process switching the
packets?
This is my config for the interface. Seems pretty basic and there isn't
anything in there that I know causes the packets to be process switched.
interface GigabitEthernet4/0/0.100
encapsulation dot1Q 100
ip address a.b.c.d 255.255.255.0
no ip proxy-arp
ip ospf cost 100
ip ospf priority 60
ip policy route-map in-vlan100
no cdp enable
standby 10 ip a.b.c.e
standby 10 priority 110
standby 10 preempt
end
The config for the FE is identical, except for the encapsulation command
- It comes in untagged on the FE.
Anyone got a clue that might point me in the right direction? Is there a
debugging method available to figure out why the router would process
switch something?
David
More information about the cisco-nsp
mailing list