- Cisco 2811, высокая загрузка CPU,
 eRIC, 14:03 , 23-Сен-15 (1)
- Cisco 2811, высокая загрузка CPU, Andrey, 14:14 , 23-Сен-15 (2)
>[оверквотинг удален]
> 93 5139052 137607964
> 37 0.00% 0.02%
> 0.01% 0 SSS Feature Time
> 215 16699620 595085
> 28062 0.00% 0.04% 0.00%
> 0 Per-minute Jobs
> 230 1875128 26271809
> 71 0.08% 0.00%
> 0.00% 0 IP VFR proc
> Что за фигня, что еще можно посмотреть?96% CPU уходит на прерывания.
Это либо ACL, либо IPSLA, либо IPSec, либо еще что-то без конфига и загрузки интерфейсов не сказать.
Например может быть отключен CEF. Тогда железка может загнуться и при минимальном трафике.
А вообще эта железка по нынешним временам, когда 10Мб считается минимальным подключением офиса на 10-20 человек, уже слабая.
- Cisco 2811, высокая загрузка CPU, anonymous, 14:32 , 23-Сен-15 (4)
>Что за фигня, что еще можно посмотреть?sh ip traffic
- Cisco 2811, высокая загрузка CPU, anonymous, 14:34 , 23-Сен-15 (5)
+
sh int fa 0/0
sh int fa 0/1
- Cisco 2811, высокая загрузка CPU, koblin, 15:26 , 23-Сен-15 (6)
На интерфейсе в сторону провайдера crypto map(ipsec) с двумя профилями: один для внешних пользователей (сейчас 3 человека висит), второй - туннель с головной конторой. Собственно полез смотреть почему медленно работает туннель...Этот интерфейс в сторону двух провайдеров, на интерфейсе висит два vlan-а
#sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0014.a925.1eb8 (bia 0014.a925.1eb8)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 42/255, rxload 7/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/19014/0 (size/max/drops/flushes); Total output drops: 122031
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2937000 bits/sec, 1064 packets/sec
5 minute output rate 16747000 bits/sec, 1647 packets/sec
2978065262 packets input, 89368498 bytes
Received 7368352 broadcasts, 4 runts, 0 giants, 1411 throttles
113141 input errors, 127 CRC, 141 frame, 0 overrun, 112869 ignored
0 watchdog
0 input packets with dribble condition detected
1613851039 packets output, 3315631982 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
1765169 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out В сторону локалки
#sh int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0014.a925.1eb9 (bia 0014.a925.1eb9)
Description: INSIDE
Internet address is 1.2.3.4/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 16/255, rxload 44/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 6/75/38636/0 (size/max/drops/flushes); Total output drops: 797
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 17429000 bits/sec, 1972 packets/sec
5 minute output rate 6293000 bits/sec, 1551 packets/sec
1210798376 packets input, 3137328546 bytes
Received 588545 broadcasts, 0 runts, 0 giants, 2047 throttles
633459 input errors, 0 CRC, 1 frame, 0 overrun, 633458 ignored
0 watchdog
0 input packets with dribble condition detected
3049127627 packets output, 2744917918 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
588503 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out #sh ip traf
IP statistics:
Rcvd: 2110104704 total, 40214361 local destination
0 format errors, 107 checksum errors, 4824815 bad hop count
13 unknown protocol, 78475 not a gateway
0 security failures, 0 bad options, 10226 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 10226 alert, 0 cipso, 0 ump
0 other
Frags: 201185664 reassembled, 0 timeouts, 0 couldn't reassemble
5051 fragmented, 10652 fragments, 85 couldn't fragment
Bcast: 731937 received, 0 sent
Mcast: 0 received, 0 sent
Sent: 119477457 generated, 1457218170 forwarded
Drop: 203170 encapsulation failed, 0 unresolved, 0 no adjacency
6462 no route, 0 unicast RPF, 134524 forced drop
0 options denied
Drop: 0 packets with source IP address zero
Drop: 0 packets with internal loop back IP address
0 physical broadcast ICMP statistics:
Rcvd: 1365 format errors, 66 checksum errors, 0 redirects, 127206 unreachable
130180 echo, 349 echo reply, 0 mask requests, 0 mask replies, 33 quench
0 parameter, 1 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 58985451 unreachable, 115 echo, 130180 echo reply
0 mask requests, 0 mask replies, 0 quench, 1 timestamp
0 info reply, 1382558 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements TCP statistics:
Rcvd: 13285451 total, 1901 checksum errors, 131164 no port
Sent: 13133762 total BGP statistics:
Rcvd: 0 total, 0 opens, 0 notifications, 0 updates
0 keepalives, 0 route-refresh, 0 unrecognized
Sent: 0 total, 0 opens, 0 notifications, 0 updates
0 keepalives, 0 route-refresh IP-EIGRP statistics:
Rcvd: 0 total
Sent: 0 total PIMv2 statistics: Sent/Received
Total: 0/0, 0 checksum errors, 0 format errors
Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0
Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
Queue drops: 0
State-Refresh: 0/0 IGMP statistics: Sent/Received
Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
DVMRP: 0/0, PIM: 0/0
Queue drops: 0 UDP statistics:
Rcvd: 26662807 total, 1622 checksum errors, 17521329 no port
Sent: 45876789 total, 0 forwarded broadcasts OSPF statistics:
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks Sent: 0 total
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks ARP statistics:
Rcvd: 2737009 requests, 4272 replies, 20 reverse, 0 other
Sent: 136991 requests, 1503882 replies (1 proxy), 0 reverse
- Cisco 2811, высокая загрузка CPU, Andrey, 17:56 , 23-Сен-15 (8)
> 5 minute input rate 2937000 bits/sec, 1064 packets/sec
> 5 minute output rate 16747000 bits/sec, 1647 packets/secIPSec это Process Switching.
Для 2811 Process Switching - 3k пакета в секунду в дефолтовой конфигурации.
Дальше продолжать?
- Cisco 2811, высокая загрузка CPU, anonymous, 18:29 , 23-Сен-15 (9)
Как-то маловато, мб ТС не включил onboard accelerator.
Или иос с функционалом хуже чем advsecurity/advip.ТС, покажите sh crypto engine brief и sh crypto engine acc st
- Cisco 2811, высокая загрузка CPU, koblin, 09:49 , 24-Сен-15 (11)
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M)#sh crypto engine br
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: aim 0
VPN Module in slot: 0
Product Name: AIM-VPN/EPII-PLUS
Software Serial #: 55AA
Device ID: 001E - revision 0000
Vendor ID: 13A3
Revision No: 0x001E0000
VSK revision: 0
Boot version: 255
DPU version: 0
HSP version: 2.3(6) (PRODUCTION)
Time running: 2w1d
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 2000
Maximum SA index: 2000
Maximum Flow index: 4000
Maximum RSA key size: 2048 crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Disabled
Location: onboard 0
Product Name: Onboard-VPN
Middleware Version: v1.2.0
Firmware Version: v2.2.0
Time running: 4294967 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0300
Maximum SA index: 0300
Maximum Flow index: 2400
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 2B1165F6
crypto engine state: installed
crypto engine in slot: N/A
#sh crypto engine acc st Device: AIM-VPN/EPII-PLUS
Location: AIM Slot: 0
Virtual Private Network (VPN) Module in slot : 0
Statistics for Hardware VPN Module since the last clear
of counters 4294967 seconds ago
1874939192 packets in 1874939192 packets out
1261321698746 bytes in 1253823148613 bytes out
436 paks/sec in 436 paks/sec out
2349 Kbits/sec in 2335 Kbits/sec out
854517266 packets decrypted 1020421926 packets encrypted
408532425032 bytes before decrypt 845290723581 bytes encrypted
362684564140 bytes decrypted 898637134608 bytes after encrypt
0 packets decompressed 0 packets compressed
0 bytes before decomp 0 bytes before comp
0 bytes after decomp 0 bytes after comp
0 packets bypass decompr 0 packets bypass compres
0 bytes bypass decompres 0 bytes bypass compressi
0 packets not decompress 0 packets not compressed
0 bytes not decompressed 0 bytes not compressed
1.0:1 compression ratio 1.0:1 overall
7449227 commands out 7449227 commands acknowledged
Last 5 minutes:
109178 packets in 109178 packets out
363 paks/sec in 363 paks/sec out
2246154 bits/sec in 2271987 bits/sec out
70645444 bytes decrypted 10015162 bytes encrypted
1909336 Kbits/sec decrypted 270680 Kbits/sec encrypted
1.0:1 compression ratio 1.0:1 overall Errors:
ppq full errors : 1193 ppq rx errors : 2
cmdq full errors : 0 cmdq rx errors : 0
ppq down errors : 0 cmdq down errors : 0
no buffer : 0 replay errors : 43499
dest overflow : 0 authentication errors : 7
Other error : 0 Raw Input Underrun : 0
IPSEC Unsupported Option: 0 IPV4 Header Length : 0
ESP Pad Length : 0 IPSEC Decompression : 0
AH ESP seq mismatch : 0 AH Header Length : 0
AH ICV Incorrect : 0 IPCOMP CPI Mismatch : 0
IPSEC ESP Modulo : 0 Unexpected IPV6 Extensio: 0
Unexpected Protocol : 0 Dest Buf overflow : 0
IPSEC Pkt is fragment : 0 IPSEC Pkt src count : 0
Invalid IP Version : 0 Unwrappable : 0
PPTP Duplicate packet : 0 PPTP Exceed max missed p: 0
RNG self test fail : 0 DF Bit set : 0
Hash Miscompare : 0 Unwrappable object : 0
Missing attribute : 0 Invalid attrribute value: 0
Bad Attribute : 0 Verification Fail : 0
Decrypt Failure : 0 Invalid Packet : 2
Invalid Key : 0 Input Overrun : 0
Input Underrun : 0 Output buffer overrun : 0
Bad handle value : 0 Invalid parameter : 0
Bad function code : 0 Out of handles : 0
Access denied : 0 Out of memory : 0
NR overflow : 0 pkts dropped : 1202 Warnings:
sessions_expired : 0 packets_fragmented : 0
general: : 0 HSP details:
hsp_operations : 7449243 hsp_sessions : 24
- Cisco 2811, высокая загрузка CPU, anonymous, 14:54 , 24-Сен-15 (12)
Вроде всё норм.
А ошибок на коммутаторе нет, через который заводятся аплинки и lan на роутер?
Попробуйте убрать шейперы если есть, nbar и т.п.
Можно попробовать увеличить memory-size iomem
- Cisco 2811, высокая загрузка CPU, Hammer, 00:02 , 24-Сен-15 (10)
А не много ли ошибок на интерфейсе + ICMP подозрительные движения. А?
|
Версия для распечатки
Cisco 2811, высокая загрузка CPU, 
