[c-nsp] Cisco 7206 - High CPU Utilization

Rodney Dunn rodunn at cisco.com
Wed Jan 21 20:05:43 EST 2009


If you are on a 12.4 version of IOS and run NAT but don't need
NBAR classification in order to translate MGCP and RTP traffic
you can disable it via:

no ip nat service nbar

if you run 12.4(23) or later code.

I wonder how much that would have bought you back in CPU usage
as compared to what you see on average in 12.3(14)T7.

Can you try it and let's compare the trend graphs?

Rodney

On Wed, Jan 21, 2009 at 09:08:51AM -0800, Spencer Barnes wrote:
> It has been a while but I wanted to follow up on the problem I was
> having.  It looks like IOS is the main culprit.  I downgraded from
> 12.4(21) to 12.3(14)T7 this morning and the CPU utilization has dropped.
> I received a message from another user that has 7206VXRs with NPE-300s
> and he had CPU utilization issues with 12.4.  
> 
> Thanks for all the help everyone!
> 
> Spencer
> 
> 
> -----Original Message-----
> From: Spencer 
> Sent: Thursday, December 18, 2008 9:00 AM
> To: 'Mikael Abrahamsson'
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Cisco 7206 - High CPU Utilization
> 
> Thanks for the suggestion, unfortunately it didn't have an impact on the
> CPU utilization.  
> 
> I received this suggestion as well:
> 
> " If you run AES instead you'll massively reduce your CPU utilization.
> I'd suggest a G1 at least for what you're doing. An 1811 would probably
> run better than this router because the processor is at least somewhat
> designed to handle what you're doing."
> 
> It helped reduce utilization on the VPN process by about 20% but I'm
> still seeing high CPU utilization when uploading from our network and I
> should have mentioned that the border router with the high CPU
> utilization is connected to another Cisco 7206 with a lesser NPE-200.
> All the same traffic flowing through the border router is going through
> the core so you'd think it would exhibit the high CPU utilization but it
> never breaks a sweat.  This seems important and seems to indicate the
> border router is having a problem?  
> 
> I'm thinking downgrade the IOS on the border router ((C7200-JK9O3S-M),
> Version 12.4(21)) to match the core ((C7200-IK9S-M), Version
> 12.3(14)T7).  Perhaps the newer IOS with the bigger feature set is too
> much for the border router?
> 
> If that doesn't work I'd also be curious to see what would happen if I
> moved the T3 card to the core router and see if the CPU utilization goes
> up on it but I can't do that until after the holidays.  
> 
> I've followed Cisco's guide to troubleshooting high IP input utilization
> and I can't think of anything else to do configuration wise on the
> border router.  Thanks for all the help from everyone so far, it is very
> much appreciated.
> 
> Spencer
> 
> 
> -----Original Message-----
> From: Mikael Abrahamsson [mailto:swmike at swm.pp.se] 
> Sent: Wednesday, December 17, 2008 11:13 AM
> To: Spencer 
> Cc: Church, Charles; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco 7206 - High CPU Utilization
> 
> On Wed, 17 Dec 2008, Spencer Barnes wrote:
> 
> > I removed all ACLs and Netflow but that did not have an effect.  I
> think
> > I can move NAT to the core router for testing purposes, I'll try and
> do
> > that tomorrow morning.  IOS version is (C7200-JK9O3S-M), Version
> > 12.4(21).
> 
> If you're tunneling over 1500 media, doing "ip tcp mss-adjust 1300" on
> the 
> interface where the traffic to encrypt/tunnel is passing 
> unencrypted/untunneled, might help you. Worth a try though, you don't
> want 
> multiple tunnel/encrypted packets per packet in the VPN.
> 
> -- 
> Mikael Abrahamsson    email: swmike at swm.pp.se
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list