A solution to the high CPU utilization of routers

　　The first step, show process CPU, such as displaying IP input process is using a lot of CPU, examines the following:

One, Fast switching

Whether it is disabled on a large flow outgoing interface. You can view the interface traffic with the show interfaces switching command. Then re-enable fast switching on the interface. Remember fast Switching is configured on the output interface.

Two, Fast switching on the same interface is disabled. If an interface is equipped with multiple network segments (secondary addresses) and the traffic between these segments is very large, the router works in process-switches mode. To enable IP on the interface in this case Route-cache Same-interface.

Three, can not be fast switched package has: Switching cache no Entry package, destination is the package of routers, the need for protocol conversion package, made Policy Routing package, X.25 encapsulation package, Multilink PPP, compressed, and encrypted package destinations are router packages.

Example: 1. Routing update information (depending on the routing protocol) too fast update values show network instability and increase CPU utilization. You can check the routing table with show ip route

2. Other people login to run the command resulting in a large number of log output

3.Spoof attack. With show IP traffic command confirmation, a large number of packets to the local area can be found.

　　Second, use the show interfaces and show interfaces switching command to identify a large number of packets in and out of the port; Once you are sure to enter the port, open the IP accounting on the outgoing INTERFA Ce to see its characteristics. If it is an attack, the source address will change but the destination address is unchanged. You can use Access list to temporarily resolve such problems (preferably on a device near the source of the attack) and the final solution is to stop the attack source.

I need to policy Routing package. Prior to Cisco IOS version 11.3, policy-routed packets could not be fast switched. IOS version 11.3 allows policy-routed packets to be fast switched. Use the interface command IP route-cache policy.

Two. Packages packaged through X.25 because of the flow control on the second Open System interconnection (OSI) layer.7.compressed traffic. If there is no compression Se Rvice Adapter (CSA) in the router, compressed packets must is process-switched.8.encrypted traffic. If there is no encryption Service Adapter (ESA) in the router, encrypted packets must is process-switched.

Three. A large number of user Datagram Protocol (UDP) traffic. Can be solved with the steps of solving spoof attack.

Four. A large number of multicast streaming across the router. Can enable fast switching of multicast packets using the IP Mroute-cache Interface configuration command (fast switching of Multicast packets is off by default).

Five. A large number of broadcast packs. Check the number of broadcast packets in the show interfaces command output.

Six. Routers are over-used unable to process amount of traffic, you can use the load among other routers or consider another purchase high-end router.

Seven. Routers are configured with IP NAT (network address translation) and have many DNS (Domain Name System) packets traversing router. UDP or TCP packets with the source and/or destination port (DNS) are always punted to process level by NAT.

Whatever the cause of the high CPU utilization in the IP Input process, can be viewed with debugging IP packets. Because the CPU utilization has been higher, the debugging produces many letters Can only through logging buffered and can not logging to a console. Debugging process should not exceed 3-5 seconds. If a suspicious source is found, it can disconnect the device or filter the packets to the destination with the ACL.

Note : More wonderful tutorials Please pay attention to the triple computer tutorial section, triple Computer office group: 189034526 welcome you to join