Имеем Cisco 2811 (revision 53.50) при закачки торрентов и вообще файлов из интернет наблюдается большая загрузка CPU.rtr-els#show processes cpu sorted
CPU utilization for five seconds: 99%/42%; one minute: 46%; five minutes: 37%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
78 59085836 59339968 995 53.15% 22.17% 16.25% 0 IP Input
213 95752 4617 20739 0.48% 0.05% 0.00% 0 Per-minute Jobs
226 28512 564359 50 0.48% 0.15% 0.08% 0 IP NAT Ager
229 139824 8370301 16 0.24% 0.30% 0.32% 0 PPP manager
17 589888 1409427 418 0.24% 0.18% 0.17% 0 ARP Input
230 74724 8381086 8 0.16% 0.15% 0.16% 0 PPP Events
107 55724 405468 137 0.16% 0.11% 0.10% 0 CEF process
225 3116 42181 73 0.08% 0.02% 0.00% 0 IP VFR proc
239 77424 8174707 9 0.08% 0.18% 0.18% 0 RADIUS
132 30676 2662405 11 0.08% 0.07% 0.08% 0 RBSCP Background
244 48152 637736 75 0.08% 0.09% 0.08% 0 IP-EIGRP: HELLO
146 604 99563 6 0.08% 0.00% 0.00% 0 FLEX DSP KEEPALI
84 12856 3630 3541 0.08% 0.18% 0.29% 322 SSH Process
13 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure
12 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
14 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler
15 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
11 1788 268799 6 0.00% 0.00% 0.00% 0 IPC Deferred Por
19 0 347 0 0.00% 0.00% 0.00% 0 AAA high-capacit
20 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
10 1804 268802 6 0.00% 0.00% 0.00% 0 IPC Periodic Tim
--More--Конфиг:
Current configuration : 21723 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtr-els
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-25e.bin
boot system flash:c2800nm-advsecurityk9-mz.124-3e.bin
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2 10.10.10.10
ip dhcp excluded-address 10.10.10.200 10.10.10.255
!
ip dhcp pool vlan101
network 10.10.10.0 255.255.255.0
dns-server 10.10.10.250
default-router 10.10.10.1
!
!
ip domain name it-net.su
ip name-server 94.25.103.3
ip name-server 94.25.103.2
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
voice-card 0
no dspfarm
!
crypto pki trustpoint TP-self-signed-3838137165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3838137165
revocation-check none
rsakeypair TP-self-signed-3838137165
!
!
crypto pki certificate chain TP-self-signed-3838137165
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383338 31333731 3635301E 170D3037 31323033 31343038
34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38333831
33373136 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B056 09C6A53E EAE362F7 C434F913 49D37B2A 737000C7 1443F4CA 9587BFA3
9F8C9503 CA167DDE DCC23C0A 8F5A6E24 7E728B93 D28DA736 09B356CA 94E2555A
BD48BDAF 4CF46A9B E28FF5E1 418E5AB9 6ED35221 7A367D69 1B7CBC37 4549A785
94AD0542 754CE49B 9AE15EF5 09BC5794 26BE6BD5 522852CB 83F20442 58F3D32F
6A4F0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
551D1104 1A301882 16636C6C 2D727472 2D636973 312E782D 63617264 2E7275301F060355 1D230418 30168014 8D449366 DDEF0EB5 3861C520 DB15AF90 F8D6AFE9
301D0603 551D0E04 1604148D 449366DD EF0EB538 61C520DB 15AF90F8 D6AFE930
0D06092A 864886F7 0D010104 05000381 810058F7 67681DBF 18343404 1C8C2E2B
4CDEF3B6 38433C89 42557C55 16A0CB2C 3FC88E48 4B87381F 03DCABD0 CC958D67
4BBF1DF2 CFBB32ED A8D88DBA 36EA21B5 187A954E 0B666645 D2FC73C4 2BE134B0
FB91D619 67B0071A 49C37573 99B4F93A 7AB43485 56BF382A B54B16E1 A47A49B7
1CAC21DF 2DDAEB5B B0DF6530 D339D323 1EFB
quit
!
no ip rcmd domain-lookup
ip rcmd remote-host traffic 192.168.152.202 a.bekrenev enable 8
ip rcmd remote-host traffic 192.168.152.202 Administrator enable 8
ip rcmd remote-host itnetgw 10.10.1.2 root enable
ip rcmd remote-host itnetgw 10.10.32.1 admin enable
ip rcmd remote-host itnetgw 10.10.32.10 Administrator enable
!
crypto ipsec transform-set ts1 esp-des esp-md5-hmac
!
crypto map tpay 1 ipsec-isakmp
! Incomplete
description IPSEC_M-9
set peer 77.246.241.210
set transform-set ts1
set pfs group1
match address 104
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip route-cache policy
ip route-cache flow
!
interface Tunnel11
description M-9
ip address 192.168.10.2 255.255.255.252
ip mtu 1500
tunnel source 94.25.103.10
tunnel destination 85.142.222.2tunnel mode ipip
!
interface Tunnel12
description SoyuzElectro
ip address 192.168.10.5 255.255.255.252
ip mtu 1500
tunnel source 94.25.103.10
tunnel destination 87.251.145.82
tunnel mode ipip
!
interface Tunnel13
description efremov
ip address 192.168.10.9 255.255.255.252
ip mtu 1500
tunnel source 94.25.103.10
tunnel destination 78.25.76.30
tunnel mode ipip
!
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arpip virtual-reassembly
duplex auto
speed auto
no snmp trap link-status
!
interface FastEthernet0/0.5
description System-2
encapsulation dot1Q 5
ip address 10.10.2.1 255.255.255.0
ip access-group SystemAccess2 out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
duplex auto
speed auto
no snmp trap link-status
!interface FastEthernet0/1.1
description Default System
encapsulation dot1Q 1 native
ip address 10.10.1.3 255.255.255.0 secondary
ip address 10.10.1.1 255.255.255.0
ip access-group SystemAccess out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.6
description ClientStaticAddress
encapsulation dot1Q 6
ip address 10.10.6.9 255.255.255.248 secondary
ip address 10.10.6.17 255.255.255.248 secondary
ip address 10.10.6.25 255.255.255.248 secondary
ip address 10.10.6.33 255.255.255.248 secondary
ip address 10.10.6.41 255.255.255.248 secondary
ip address 10.10.6.129 255.255.255.192 secondary
ip address 192.168.0.254 255.255.255.0 secondary
ip address 10.10.12.1 255.255.255.0 secondary
ip address 10.10.6.1 255.255.255.248
ip access-group ClientAccess in
ip access-group ClientAccessOut out
ip nat inside
ip virtual-reassembly
traffic-shape group 131 256000 32000 32000 1000
traffic-shape group 132 3072000 384000 384000 3000
traffic-shape group 133 256000 32000 32000 1000
traffic-shape group 136 768000 96000 96000 3000
traffic-shape group 137 6144000 768000 768000 1000
!
interface FastEthernet0/1.11
description ClientInternet1
encapsulation dot1Q 11
ip address 94.25.103.74 255.255.255.192 secondary
ip address 94.25.103.11 255.255.255.192 secondary
ip address 94.25.103.10 255.255.255.224
ip access-group InternetAccess in
ip nat outside
ip virtual-reassembly
ip policy route-map MAP
!
interface FastEthernet0/1.14
description CommunNet
encapsulation dot1Q 14
ip address 10.10.7.1 255.255.255.0
ip access-group AccessPublicCommunNet in
ip nat inside
ip virtual-reassembly
traffic-shape group 155 1024000 240000 240000 1000
traffic-shape group 156 1024000 240000 240000 1000
!
interface FastEthernet0/1.15
description CommunNet1
encapsulation dot1Q 15
ip address 10.10.8.1 255.255.255.0
ip access-group AccessPublicCommunNet1 in
ip nat inside
ip virtual-reassembly
no ip route-cache same-interface
traffic-shape group 155 1024000 240000 240000 1000
traffic-shape group 156 1024000 240000 240000 1000
!
interface FastEthernet0/1.16
description MBD
encapsulation dot1Q 16
ip address 10.10.9.1 255.255.255.0
ip access-group AccessPublicMVD in
ip nat insideip virtual-reassembly
traffic-shape group 155 4048000 4048000 512000 4000
traffic-shape group 156 4048000 4048000 512000 4000
!
interface FastEthernet0/1.101
description Office
encapsulation dot1Q 101
ip address 10.10.10.1 255.255.255.0
ip access-group OfficeAcceess out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.254
description komunalshikNat
encapsulation dot1Q 254
ip address 10.10.254.254 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Loopback0
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip route-cache policyip route-cache flow
no peer default ip address
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
ppp ipcp dns 94.25.103.3 94.25.103.2
ppp ipcp address unique
!
router eigrp 1
network 10.0.0.0
network 192.168.10.0
auto-summary
!
ip local pool pptp 192.168.152.210 192.168.152.230
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 94.25.103.1
ip route 10.10.32.0 255.255.240.0 10.10.1.2
ip route 10.10.152.0 255.255.255.0 10.10.1.19
ip route 10.11.0.0 255.255.0.0 192.168.10.10
ip route 94.25.103.64 255.255.255.192 94.25.103.2
ip route 172.16.0.0 255.255.0.0 10.10.10.245
ip route 172.16.0.0 255.255.252.0 192.168.10.10
ip route 192.168.90.0 255.255.255.0 Tunnel12
ip route 192.168.99.0 255.255.255.0 Tunnel12ip route 192.168.150.0 255.255.255.0 Tunnel11
ip route 192.168.151.0 255.255.255.0 Tunnel11
!
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation tcp-timeout 1200
ip nat translation udp-timeout 30
ip nat translation finrst-timeout 10
ip nat translation syn-timeout 30
ip nat translation dns-timeout 3
ip nat translation icmp-timeout 5
ip nat translation max-entries all-host 500
ip nat inside source list 150 interface FastEthernet0/1.11 overload
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxxx extendableip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
!
Тут много аксесников идетsnmp-server community ччччч RO
arp 10.10.7.57 00ee.000d.c4cc ARPA
!
route-map MAP permit 10
match ip address 108
set interface Loopback0 Virtual-Template1
!
route-map MAP permit 20
match ip address 108
set interface Loopback0
!
!
radius-server host 10.10.1.2 auth-port 1812 acct-port 1813
radius-server timeout 30
radius-server deadtime 1radius-server key 7 032D4F25031B134D4A000C16
!
control-plane
!
privilege exec level 8 show ip accounting
privilege exec level 8 show ip
privilege exec level 8 show
privilege exec level 8 clear ip accounting checkpoint
privilege exec level 8 clear ip accounting
privilege exec level 8 clear ip
privilege exec level 8 clear
!
line con 0
line aux 0
line vty 0 4exec-timeout 0 0
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input telnet
!
scheduler allocate 20000 1000
!
end
Канал в интернет большой? Может НАТ грузит процессор, железка то не быстрая. У меня на таком же маршрутизаторе на канале 10мбит/с при скачивании торрентов до 80% доходит. При обычном скачивании на весь канал не торрентами до 60%. Но у меня еще и netflow нагружает сильно при торрентах.или вот эту статью еще почитайте http://www.opennet.me/base/cisco/cisco_mem.txt.html
и пароли уберите/поменяйте из конфига :)
> Канал в интернет большой? Может НАТ грузит процессор, железка то не быстрая.
> У меня на таком же маршрутизаторе на канале 10мбит/с при скачивании
> торрентов до 80% доходит. При обычном скачивании на весь канал не
> торрентами до 60%. Но у меня еще и netflow нагружает сильно
> при торрентах.
> или вот эту статью еще почитайте http://www.opennet.me/base/cisco/cisco_mem.txt.html
> и пароли уберите/поменяйте из конфига :)Канал 10 Мбит. При скачивании торентов нагрузка на ЦП как в посте. При простом скачивании немного меньше. Netflow я выключил. Хотя был. Статейку почитаю.