[c-nsp] 3560 cpu load question
Peter Rathlev
peter at rathlev.dk
Fri May 22 05:49:12 EDT 2009
On Thu, 2009-05-21 at 16:20 -0700, Cord MacLeod wrote:
> It sits in the middle of a network. Below are layer 2 2960 switches
> at the top of rack which the machines plug in to. Above are routers
> announcing BGP default at it in the confederation. The machines use
> the 3560 to traverse vlans, it is also the root switch in spanning
> tree and has around 110 inbound acls applied on the interface leading
> to the edge routers. As far as STP is concerned, the topology never
> changes so we can rule out convergence.
Would this switch happen to have a L3 interface in a VLAN with other
hosts? Broadcasts are always sent to the CPU, so user traffic then might
cause spikes.
> That's every function the switch is performing. These spikes are
> abnormal spikes, and they do not show up on my graphs, nor can I find
> the process causing them. There is no correlation I find between the
> CPU spikes and any network traffic.
Strange. What are the graphs graphing? Maybe the 5 min avg. every 5
minutes? That would explain why spikes couldn't be seen there at least.
You can setup rmon to alert you specifically when the CPU load exceeds
some threshold:
rmon event 1 trap SecretCommunity description "Rising Event for busyPer" owner admin
rmon event 2 trap SecretCommunity description "Falling Event for busyPer" owner admin
rmon alarm 1 lsystem.56.0 60 absolute rising-threshold 90 1 falling-threshold 70 2 owner admin
With EEM or a script on the trap receiver you could extract the process
table at exactly the moment the CPU spikes occur.
Regards,
Peter
More information about the cisco-nsp
mailing list