[c-nsp] Cisco 2851 bug ?
Paul Cosgrove
paul.cosgrove at heanet.ie
Tue Jul 15 12:34:21 EDT 2008
Hi Rodney,
Is that safe to do even if the traffic rate and/or cpu is high?
Looks like a nice feature.
Paul.
Rodney Dunn wrote:
> Or you could load the new 12.4(20)T and set up a packet capture
> on the punt path. ;)
>
> rtp-rodunn-871#monitor capture point ip process-switched test in ?
> <cr>
>
> rtp-rodunn-871#monitor capture point ip process-switched rodney in
> rtp-rodunn-871#mon
> rtp-rodunn-871#monitor cap
> rtp-rodunn-871#monitor capture buf
> rtp-rodunn-871#monitor capture buffer pakdump ?
> circular Circular Buffer
> clear Clear contents of capture buffer
> export Export in Pcap format
> filter Configure filters
> limit Limit the packets dumped to the buffer
> linear Linear Buffer(Default)
> max-size Maximum size of element in the buffer (in bytes)
> size Packet Dump buffer size (in Kbytes)
> <cr>
>
> rtp-rodunn-871#monitor capture buffer pakdump
>
> ....
>
> Start the capture and export it to pcap. ;)
>
> This is new functionality in 12.4(20)T so we've got some enhancements to
> add to it.
>
> Rodney
>
> On Tue, Jul 15, 2008 at 08:06:26AM +0200, Pavel Skovajsa wrote:
>> Hi,
>> IP Input spike is usually caused by abnormal 'IP input' traffic that
>> gets punted into the RP from CEF for whatever reason.
>> A very common cause is broadcast storm. You can see what what packet
>> is holding the CPU with 'show buffers input interface fa0/1'. However
>> you need to do this command during a real spike...
>>
>> Pavel
>>
>> On Fri, Jul 11, 2008 at 10:47 PM, Teller, Robert
>> <RTeller at deltadentalwa.com> wrote:
>>> Is anyone aware of a bug or configuration that could cause a sudden
>>> spike in IP input?
>>>
>>> uptime is 26 weeks, 3 days, 10 hours, 54 minutes
>>> System returned to ROM by reload at 01:40:08 PST Tue Jan 8 2008
>>> System restarted at 01:41:34 PST Tue Jan 8 2008
>>> System image file is "flash:c2800nm-ipbasek9-mz.124-17a.bin"
>>> Cisco 2851 (revision 53.51) with 251904K/10240K bytes of memory.
>>>
>>> PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
>>> 66 125056 2917547 42 0.00% 0.00% 0.00% 0 CDP
>>> Protocol
>>> 67 28872876 373263867 77 0.08% 51.78% 47.36% 0 IP Input
>>>
>>> Seattle-WAN 01:00:26 PM Friday Jul 11 2008 DST
>>>
>>>
>>> 555558888899999888888888899999999
>>> 555555544444444446666655555999998888844444333332222233333333
>>> 100
>>> 90 ********** ********
>>> 80 ****************************
>>> 70 ****************************
>>> 60 *********************************
>>> 50 *********************************
>>> 40 *********************************
>>> 30 *********************************
>>> 20 *********************************
>>> 10 ******* *******************************************
>>> 0....5....1....1....2....2....3....3....4....4....5....5....6
>>> 0 5 0 5 0 5 0 5 0 5 0
>>> CPU% per second (last 60 seconds)
>>>
>>>
>>> 9999999 1
>>> 588886633444434434453334333334346534453335336645645556354344
>>> 100 *******
>>> 90 #####** *
>>> 80 ######* *
>>> 70 ######* *
>>> 60 ######* *
>>> 50 ######* *
>>> 40 ######* *
>>> 30 ######* *
>>> 20 ####### * #
>>> 10 ####### * ** * * ** ** **** * #
>>> 0....5....1....1....2....2....3....3....4....4....5....5....6
>>> 0 5 0 5 0 5 0 5 0 5 0
>>> CPU% per minute (last 60 minutes)
>>> * = maximum CPU% # = average CPU%
>>>
>>>
>>> 1 1 11 1 1111 111 1111111111 11 1 7121111 1112 1111 111
>>> 1121111111111
>>>
>>> 691760977743309128787415602150180091972430809462896712922076244160072513
>>> 100
>>> 90
>>> 80 *
>>> 70 *
>>> 60 *
>>> 50 *
>>> 40 *
>>> 30 * *
>>> 20 * * * * ** * * * * * * ** * * * *
>>> *
>>> 10
>>> ************************************************************************
>>>
>>> 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
>>> .
>>> 0 5 0 5 0 5 0 5 0 5 0 5
>>> 0
>>> CPU% per hour (last 72 hours)
>>> * = maximum CPU% # = average CPU%
>>>
>>>
>>> #########################################################
>>> The information contained in this e-mail and subsequent attachments may be privileged,
>>> confidential and protected from disclosure. This transmission is intended for the sole
>>> use of the individual and entity to whom it is addressed. If you are not the intended
>>> recipient, any dissemination, distribution or copying is strictly prohibited. If you
>>> think that you have received this message in error, please e-mail the sender at the above
>>> e-mail address.
>>> #########################################################
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
HEAnet Limited
Ireland's Education & Research Network
5 George's Dock, IFSC, Dublin 1, Ireland
Tel: +353.1.6609040
Web: http://www.heanet.ie
Company registered in Ireland: 275301
Please consider the environment before printing this e-mail.
More information about the cisco-nsp
mailing list