URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 23865
[ Назад ]

Исходное сообщение
"Большая нагрузка CPU при скачивании"

Отправлено volxv , 09-Июн-12 14:13 
Имеем Cisco 2811 (revision 53.50) при закачки торрентов и вообще файлов из интернет наблюдается большая загрузка CPU.

rtr-els#show processes cpu sorted
CPU utilization for five seconds: 99%/42%; one minute: 46%; five minutes: 37%
PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
  78    59085836  59339968        995 53.15% 22.17% 16.25%   0 IP Input
213       95752      4617      20739  0.48%  0.05%  0.00%   0 Per-minute Jobs
226       28512    564359         50  0.48%  0.15%  0.08%   0 IP NAT Ager
229      139824   8370301         16  0.24%  0.30%  0.32%   0 PPP manager
  17      589888   1409427        418  0.24%  0.18%  0.17%   0 ARP Input
230       74724   8381086          8  0.16%  0.15%  0.16%   0 PPP Events
107       55724    405468        137  0.16%  0.11%  0.10%   0 CEF process
225        3116     42181         73  0.08%  0.02%  0.00%   0 IP VFR proc
239       77424   8174707          9  0.08%  0.18%  0.18%   0 RADIUS
132       30676   2662405         11  0.08%  0.07%  0.08%   0 RBSCP Background
244       48152    637736         75  0.08%  0.09%  0.08%   0 IP-EIGRP: HELLO
146         604     99563          6  0.08%  0.00%  0.00%   0 FLEX DSP KEEPALI
  84       12856      3630       3541  0.08%  0.18%  0.29% 322 SSH Process
  13           0         1          0  0.00%  0.00%  0.00%   0 IPC BackPressure
  12           0         1          0  0.00%  0.00%  0.00%   0 IPC Seat Manager
  14           0         1          0  0.00%  0.00%  0.00%   0 OIR Handler
  15           0         1          0  0.00%  0.00%  0.00%   0 Crash writer
  11        1788    268799          6  0.00%  0.00%  0.00%   0 IPC Deferred Por
  19           0       347          0  0.00%  0.00%  0.00%   0 AAA high-capacit
  20           0         1          0  0.00%  0.00%  0.00%   0 AAA_SERVER_DEADT
  10        1804    268802          6  0.00%  0.00%  0.00%   0 IPC Periodic Tim
--More--

Конфиг:


Current configuration : 21723 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtr-els
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-25e.bin
boot system flash:c2800nm-advsecurityk9-mz.124-3e.bin
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2 10.10.10.10
ip dhcp excluded-address 10.10.10.200 10.10.10.255
!
ip dhcp pool vlan101
   network 10.10.10.0 255.255.255.0
   dns-server 10.10.10.250
   default-router 10.10.10.1
!
!
ip domain name it-net.su
ip name-server 94.25.103.3
ip name-server 94.25.103.2
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3

vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
voice-card 0
no dspfarm
!
crypto pki trustpoint TP-self-signed-3838137165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3838137165
revocation-check none
rsakeypair TP-self-signed-3838137165
!
!
crypto pki certificate chain TP-self-signed-3838137165
certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383338 31333731 3635301E 170D3037 31323033 31343038
  34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38333831
  33373136 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B056 09C6A53E EAE362F7 C434F913 49D37B2A 737000C7 1443F4CA 9587BFA3
  9F8C9503 CA167DDE DCC23C0A 8F5A6E24 7E728B93 D28DA736 09B356CA 94E2555A
  BD48BDAF 4CF46A9B E28FF5E1 418E5AB9 6ED35221 7A367D69 1B7CBC37 4549A785
  94AD0542 754CE49B 9AE15EF5 09BC5794 26BE6BD5 522852CB 83F20442 58F3D32F
  6A4F0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
  551D1104 1A301882 16636C6C 2D727472 2D636973 312E782D 63617264 2E727530

  1F060355 1D230418 30168014 8D449366 DDEF0EB5 3861C520 DB15AF90 F8D6AFE9
  301D0603 551D0E04 1604148D 449366DD EF0EB538 61C520DB 15AF90F8 D6AFE930
  0D06092A 864886F7 0D010104 05000381 810058F7 67681DBF 18343404 1C8C2E2B
  4CDEF3B6 38433C89 42557C55 16A0CB2C 3FC88E48 4B87381F 03DCABD0 CC958D67
  4BBF1DF2 CFBB32ED A8D88DBA 36EA21B5 187A954E 0B666645 D2FC73C4 2BE134B0
  FB91D619 67B0071A 49C37573 99B4F93A 7AB43485 56BF382A B54B16E1 A47A49B7
  1CAC21DF 2DDAEB5B B0DF6530 D339D323 1EFB
  quit
!
no ip rcmd domain-lookup
ip rcmd remote-host traffic 192.168.152.202 a.bekrenev enable 8
ip rcmd remote-host traffic 192.168.152.202 Administrator enable 8
ip rcmd remote-host itnetgw 10.10.1.2 root enable
ip rcmd remote-host itnetgw 10.10.32.1 admin enable
ip rcmd remote-host itnetgw 10.10.32.10 Administrator enable
!
crypto ipsec transform-set ts1 esp-des esp-md5-hmac
!
crypto map tpay 1 ipsec-isakmp
! Incomplete
description IPSEC_M-9
set peer 77.246.241.210
set transform-set ts1
set pfs group1
match address 104
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip route-cache policy
ip route-cache flow
!
interface Tunnel11
description M-9
ip address 192.168.10.2 255.255.255.252
ip mtu 1500
tunnel source 94.25.103.10
tunnel destination 85.142.222.2

tunnel mode ipip
!
interface Tunnel12
description SoyuzElectro
ip address 192.168.10.5 255.255.255.252
ip mtu 1500
tunnel source 94.25.103.10
tunnel destination 87.251.145.82
tunnel mode ipip
!
interface Tunnel13
description efremov
ip address 192.168.10.9 255.255.255.252
ip mtu 1500
tunnel source 94.25.103.10
tunnel destination 78.25.76.30
tunnel mode ipip
!
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp

ip virtual-reassembly
duplex auto
speed auto
no snmp trap link-status
!
interface FastEthernet0/0.5
description System-2
encapsulation dot1Q 5
ip address 10.10.2.1 255.255.255.0
ip access-group SystemAccess2 out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
duplex auto
speed auto
no snmp trap link-status
!

interface FastEthernet0/1.1
description Default System
encapsulation dot1Q 1 native
ip address 10.10.1.3 255.255.255.0 secondary
ip address 10.10.1.1 255.255.255.0
ip access-group SystemAccess out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.6
description ClientStaticAddress
encapsulation dot1Q 6
ip address 10.10.6.9 255.255.255.248 secondary
ip address 10.10.6.17 255.255.255.248 secondary
ip address 10.10.6.25 255.255.255.248 secondary
ip address 10.10.6.33 255.255.255.248 secondary
ip address 10.10.6.41 255.255.255.248 secondary
ip address 10.10.6.129 255.255.255.192 secondary
ip address 192.168.0.254 255.255.255.0 secondary
ip address 10.10.12.1 255.255.255.0 secondary
ip address 10.10.6.1 255.255.255.248
ip access-group ClientAccess in
ip access-group ClientAccessOut out
ip nat inside
ip virtual-reassembly
traffic-shape group 131 256000 32000 32000 1000
traffic-shape group 132 3072000 384000 384000 3000
traffic-shape group 133 256000 32000 32000 1000
traffic-shape group 136 768000 96000 96000 3000
traffic-shape group 137 6144000 768000 768000 1000
!
interface FastEthernet0/1.11
description ClientInternet1
encapsulation dot1Q 11
ip address 94.25.103.74 255.255.255.192 secondary
ip address 94.25.103.11 255.255.255.192 secondary
ip address 94.25.103.10 255.255.255.224
ip access-group InternetAccess in
ip nat outside
ip virtual-reassembly
ip policy route-map MAP
!
interface FastEthernet0/1.14
description CommunNet
encapsulation dot1Q 14
ip address 10.10.7.1 255.255.255.0
ip access-group AccessPublicCommunNet in
ip nat inside
ip virtual-reassembly
traffic-shape group 155 1024000 240000 240000 1000
traffic-shape group 156 1024000 240000 240000 1000
!
interface FastEthernet0/1.15
description CommunNet1
encapsulation dot1Q 15
ip address 10.10.8.1 255.255.255.0
ip access-group AccessPublicCommunNet1 in
ip nat inside
ip virtual-reassembly
no ip route-cache same-interface
traffic-shape group 155 1024000 240000 240000 1000
traffic-shape group 156 1024000 240000 240000 1000
!
interface FastEthernet0/1.16
description MBD
encapsulation dot1Q 16
ip address 10.10.9.1 255.255.255.0
ip access-group AccessPublicMVD in
ip nat inside

ip virtual-reassembly
traffic-shape group 155 4048000 4048000 512000 4000
traffic-shape group 156 4048000 4048000 512000 4000
!
interface FastEthernet0/1.101
description Office
encapsulation dot1Q 101
ip address 10.10.10.1 255.255.255.0
ip access-group OfficeAcceess out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.254
description komunalshikNat
encapsulation dot1Q 254
ip address 10.10.254.254 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Loopback0
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip route-cache policy

ip route-cache flow
no peer default ip address
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
ppp ipcp dns 94.25.103.3 94.25.103.2
ppp ipcp address unique
!
router eigrp 1
network 10.0.0.0
network 192.168.10.0
auto-summary
!
ip local pool pptp 192.168.152.210 192.168.152.230
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 94.25.103.1
ip route 10.10.32.0 255.255.240.0 10.10.1.2
ip route 10.10.152.0 255.255.255.0 10.10.1.19
ip route 10.11.0.0 255.255.0.0 192.168.10.10
ip route 94.25.103.64 255.255.255.192 94.25.103.2
ip route 172.16.0.0 255.255.0.0 10.10.10.245
ip route 172.16.0.0 255.255.252.0 192.168.10.10
ip route 192.168.90.0 255.255.255.0 Tunnel12
ip route 192.168.99.0 255.255.255.0 Tunnel12

ip route 192.168.150.0 255.255.255.0 Tunnel11
ip route 192.168.151.0 255.255.255.0 Tunnel11
!
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation tcp-timeout 1200
ip nat translation udp-timeout 30
ip nat translation finrst-timeout 10
ip nat translation syn-timeout 30
ip nat translation dns-timeout 3
ip nat translation icmp-timeout 5
ip nat translation max-entries all-host 500
ip nat inside source list 150 interface FastEthernet0/1.11 overload
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxx extendable
ip nat inside source static tcp xxxxxx extendable

ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
ip nat inside source static tcp xxxxxx extendable
!
Тут много аксесников идет

snmp-server community ччччч RO
arp 10.10.7.57 00ee.000d.c4cc ARPA
!
route-map MAP permit 10
match ip address 108
set interface Loopback0 Virtual-Template1
!
route-map MAP permit 20
match ip address 108
set interface Loopback0
!
!
radius-server host 10.10.1.2 auth-port 1812 acct-port 1813
radius-server timeout 30
radius-server deadtime 1

radius-server key 7 032D4F25031B134D4A000C16
!
control-plane
!
privilege exec level 8 show ip accounting
privilege exec level 8 show ip
privilege exec level 8 show
privilege exec level 8 clear ip accounting checkpoint
privilege exec level 8 clear ip accounting
privilege exec level 8 clear ip
privilege exec level 8 clear
!
line con 0
line aux 0
line vty 0 4

exec-timeout 0 0
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input telnet
!
scheduler allocate 20000 1000
!
end


Содержание

Сообщения в этом обсуждении
"Большая нагрузка CPU при скачивании"
Отправлено justsat , 10-Июн-12 04:40 
Канал в интернет большой? Может НАТ грузит процессор, железка то не быстрая. У меня на таком же маршрутизаторе на канале 10мбит/с при скачивании торрентов до 80% доходит. При обычном скачивании на весь канал не торрентами до 60%. Но у меня еще и netflow нагружает сильно при торрентах.

или вот эту статью еще почитайте http://www.opennet.me/base/cisco/cisco_mem.txt.html

и пароли уберите/поменяйте из конфига :)


"Большая нагрузка CPU при скачивании"
Отправлено volxv , 13-Июн-12 10:35 
> Канал в интернет большой? Может НАТ грузит процессор, железка то не быстрая.
> У меня на таком же маршрутизаторе на канале 10мбит/с при скачивании
> торрентов до 80% доходит. При обычном скачивании на весь канал не
> торрентами до 60%. Но у меня еще и netflow нагружает сильно
> при торрентах.
> или вот эту статью еще почитайте http://www.opennet.me/base/cisco/cisco_mem.txt.html
> и пароли уберите/поменяйте из конфига :)

Канал 10 Мбит. При скачивании торентов нагрузка на ЦП как в посте. При простом скачивании немного меньше. Netflow я выключил. Хотя был. Статейку почитаю.