[c-nsp] Shapping in/out on Ethernet subinterfaces (7206 NPE-G1) and CPU usage
Lukas Tribus
luky-37 at hotmail.com
Thu Feb 13 08:10:26 EST 2014
Hi,
> On a 7206 NPE-G1 which is an access router for customer, we want to do some
> shapping.
>
> At this moment, we are using the configuration just described below.
> In this case, customers are directly connected to the gi0/2 router (through
> a switch).
>
> Is it the best way to do about the subint configuration?
>
> Moreover, we added 20 subinterfaces in this situation recently.
> At total on this router, we have 100 subinterfaces (half are in a vrf for
> private subnets and natting to Internet, other are just routing public
> subnets).
> We saw the CPU usage growing in a significant way (75% CPU).
> Is this due to a bad configuration of the subints or just the fact the
> NPE-G1 is a software router too weak for this kind of usage?
Don't know. Read "Troubleshooting High CPU Utilization on Cisco Routers" [1].
Extremely wild guess: you may see increased bursty traffic due to NTP
amplification attacks. Read the NTP DDoS thread [2]. Check whether host
behind this router are vulnerable. This can really hit a software router hard.
> Would be a NPE-G2 sufficient on short term before moving to a real router
> as a ASR 1k?
What traffic patterns do you have? What are you doing on the box besides
routing and NAT? IPsec? Nbar? Netflow?
Regards,
Lukas
[1] http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/15095-highcpu.html
[2] http://www.gossamer-threads.com/lists/cisco/nsp/177289
More information about the cisco-nsp
mailing list