[j-nsp] high CPU usage of RPD process

Paolo Autore pautore at columbus-networks.com
Wed Jan 4 11:12:38 EST 2012 

Martin;
 We experienced the same issues sometime ago, same symptoms, plus BGP sessions bouncing. What we found was a particular rogue host on our Metro Network making massive amount of ARP request. Below is the filter that  we used to normalize the situation (filter was configured on aggregation Metro Switch but can be used on your MX as well), hope this helps.

UNDER GROUPS MAKING THE FOLLOWING RULE;
METRO-FILTER {
    interfaces {
        <ge-*/0/*> {
            unit <*> {
                family ethernet-switching {
                    filter {
                        input METRO-FLITER;
                    }
                }
            }
        }
    }
}

UNDER FIREWALL FAMILY ETHERNET-SWITCHING CREATE THE FOLLWING FILTER;
show configuration firewall family ethernet-switching filter METRO-FILTER 
interface-specific;
term 1 {
    from {
        protocol igmp;
    }
    then {
        accept;
        count IGMP-COUNT;
        policer limit-100k;
    }
}
term 2 {
    from {
        ether-type arp;
    }
    then {
        accept;
        count ARP-COUNT;
        policer limit-32k;
    }
}
term last {
    then accept;
}

APPLY FILTER UNDER "APPLY-GROUPS"
apply-groups METRO-FILTER 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Martin T
Sent: Wednesday, January 04, 2012 4:17 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] high CPU usage of RPD process

RPD process(/usr/sbin/rpd -N) has a high ~80-90% CPU usage:

  PID USERNAME     THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
 1278 root           1 122    0   552M   538M RUN    215.0H 86.13% rpd

..on M10i platform(RE-850) without an obvious reason- there has been no changes in network topology, all the interfaces are up, no configuration changes has been done. There isn't anything useful in the "show log messages" output. If I check the updates sent by BGP peers, there is not excessive flood by none of the peers. Anyone seen such behavior before where RPD has high CPU utilization without a clear reason? Is it somehow possible to trace the updates going to RPD in order to understand better, what exactly RDP is doing at the time when the CPU utilization is high?


regards,
martin
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list