[c-nsp] Arp Input Process Causing Spike in CPU

Church, Charles cchurch at multimax.com
Sun Mar 18 10:06:14 EST 2007 

If you're using a 6500 in the distribution layer with potentially a
hundred or more access layer switches attached, numbers of 10K to 20K
are totally possible.  We see numbers like that all the time.  I believe
all the 6500 Sups support 64,000 or more.  That said, when it starts to
get too big, it might be time to control ARP into the control plane.
We've never had to do that yet though.


Chuck Church
Multimax Network Engineer, CCIE #8776
EDS Contractor, Multimax - Navy Marine Corps Intranet (NMCI)
1210 N. Parker Rd. | Greenville, SC 29609 
Office: 864-335-9473 | Cell: 864-266-3978
cchurch at multimax.com

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
Sent: Sunday, March 18, 2007 6:20 AM
To: cisco-nsp
Subject: Re: [c-nsp] Arp Input Process Causing Spike in CPU

Gert Doering wrote:
> Hi,
> 
> On Thu, Mar 15, 2007 at 09:44:23AM -0400, Christian Koch wrote:
>> I'm seeing cpu spikes due to  the arp input process running high ..
>>
>> Currently every route is pointed to next hop and the arp table looks 
>> like..
>>
>> #sh ip arp sum
>> 1743 IP ARP entries, with 21 of them incomplete
> 
> 1743 ARP entries?
> 
> Over *thousand seven hundred* entries?  What sort of networks have you

> connected to this router...?

me-core#sh ip arp sum
2528 IP ARP entries, with 35 of them incomplete

ac-core#sh ip arp sum
5175 IP ARP entries, with 55 of them incomplete

saf-core#sh ip arp sum
2117 IP ARP entries, with 10 of them incomplete

...and this on a weekend. I'm fairly sure we see 30% more during the
week.

It's not an unreasonable figure in some deployments. The OP did not
initially state his hardware or topology type of course, but not
everyone has just 120 /30s and full BGP tables on their routers ;o)

Though the OP has now found the problem, for the archives I'll state
that I've seen ARP Input CPU spikes on 6500s for a number of reasons;
misbehaving clients being the most common one, and "sh ip cef ev | inc
ADJ" or "RP SPAN" are very useful for tracing these.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list