[c-nsp] 3550 High CPU - nothing in proc cpu
Mikael Abrahamsson
swmike at swm.pp.se
Sun Nov 15 05:12:47 EST 2009
On Sun, 15 Nov 2009, Hector Herrera wrote:
> Since the number of packets in the two commands above are very close to
> each other, I think I have identified the network interface with the
> large number of TTL-expired packets. It is a BGP interface, so my best
> guess is that a BGP neighbour is advertising routes that they don't
> actually carry in their routing tables and for some reason they are
> sending the packets back to me, and the question now is to locate the
> culprit route advertisement and contact the neighbor. Right?
Yes, or they didn't null-route their aggregate prefix and has default
route to you (or you didn't null-route your prefix and you have a default
route to them).
Best way is probably to port-mirror the port and look for the ICMP
messages generated. You might also have luck with "debug icmp" on the 3550
and see whereto the ICMP messages are sent. There might also be a debug
command to actually tell you what unreachables are being sent. Make sure
you have "no logging console", and remember it's always a risk to debug
things...
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the cisco-nsp
mailing list