Cisco Switching/Routing :: Erspan Causing High CPU On 6500?
Aug 2, 2012
I'm attempting to create an erspan session between a Nexus 5000 and 6500 to get traffic from a FEX interface on the 5000 over to a sniffer off of the 6500. The Nexus and 6500 are directly connected with a 10G link, but I added a separate 1G link between the two for the erpsan traffic. I created a routed interface on the 6500, and and SVI on the Nexus. The Erspan session came up, and looked ok from both sides, but as soon as we got a burst of traffic this morning the CPU on the 6500 spiked to 99%. I used 'debug netdr capture rx' to determine the traffic was coming in from the erspan port and subsequently shut down the new interface on the 6500. why this caused a CPU spike? Here are the relevant configs from each device:
Nexus:
vrf context NetOps!
interface Vlan123
no shutdown
[code].....
View 1 Replies
ADVERTISEMENT
Aug 9, 2012
I'm trying to get ERSPAN working with an ERSPAN source on a Nexus 5548 and the ERSPAN destination on a Catalyst 6500.
The configuration on the Nexus is as follows:
[...]
interface loopback0
ip address 192.168.2.133/32
[Code].....
If I do a netdr capture I can see ERSPAN traffic sourced from the Nexus reaching the C6500, but there doesn't appear to be anything sent out the ERSPAN destination inerface (Gi4/6) and there's nothing being received by the probe connected to that interface. I know the traffic seen with netdr is definitely the ERSPAN traffic sourced from the Nexus as I've changed the TTL and DSCP values within the monitor session on the Nexus and can see those changes reflected on the C6500 netdr capture. The attached is a screen grab of the show netdr capture started with debug netdr capture soure-ip-address 192.168.2.133.
When I look at the interface I see it shown as up/down (monitoring), but no output or counters clocking up. If I run a local SPAN session on the C6500 it works fine.
I've tried changing the destination IP address from that assigned to the C6500 Loopback interface to an IP address assigned to a physical interface, but that still doens't work.
The hardware in the C6500 is WS-SUP720-BASE Hw version 3.2 with WS-F6K-PFC3B Hw version 2.4. The IOS version is 12.2(33)SXI6.
View 2 Replies
View Related
Mar 19, 2012
SUP2T-D#sh proce cpu hist
11111111111 1111 1111 1111 1111
0000000000099999000099999000099999999990000999900009999999
0000000000099999000099999000099999999990000999900009999999
100 **********************************************************
90 **********************************************************
80 **********************************************************
70 **********************************************************
60 **********************************************************
50 **********************************************************
40 **********************************************************
30 **********************************************************
20 **********************************************************
10 **********************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
SUP2T-D#sh proce cpu sorted
CPU utilization for five seconds: 100%/83%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
416 3324188 879928 3777 13.05% 14.42% 14.45% 0 Spanning Tree
633 104408 5091 20508 1.50% 0.53% 0.45% 0 Env Poll
75 22000 298 73825 1.10% 0.13% 0.07% 0 Per-minute Jobs
168 69696 163563 426 0.39% 0.23% 0.22% 0 slcp process
2 532 1010 526 0.07% 0.00% 0.00% 0 Load Meter (code )
View 5 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Feb 27, 2012
We are experiencing continuing high CPU issues on our 6500 (generally 80+% most times).
#show proc cpu sorted | exc 0.00
CPU utilization for five seconds: 75%/67%; one minute: 69%; five minutes: 68%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
View 15 Replies
View Related
Nov 23, 2012
Have got 2 6500 in VSS. I'm seeing unsual high output drops. IOS Version: advipservicesk9-mz.151-1.SY.bin
Seeing too much output drops on interface ( in millions). When checked buffers ( output pasted below), it also shows enourmous drops.Not too sure, but is this normal or is there something fishy; which needs to be investigated. [code]
View 3 Replies
View Related
Apr 18, 2012
we are using Cisco 6509-E VSS mode [12.2(33)SXI] ipbase image and facing high cpu utilization. In show process cpu output it is showing some "ios-base" process consuming cpu. I attached show cpu output
View 1 Replies
View Related
Jul 6, 2012
We have HSRP between NexusA and NexusB with access layer switches connecting to the core using VPC, We are trying to setup a VAM server Voice recording for Siemens phones. We need to span all voice vlan and point it to the VAM server the VAM server connects to a 3750 Stack considering the amount of traffic multiple span session can generate I plan to move the server to the Nexus directly and run a Local Span Session.
1- As we have two Nexus running HSRP and VAM server only connects physically to one NexusA (I can run local span on that nexusA) the Second NexusB is not directly connected to the VAM server I plan to run ERSPAN so if this is the best design and which path will the span traffic take from Nexus B to NexusA will it go through the access layer switches depending on the vlans allowed on the uplinks or will it go through the 20 Gig uplink between the two Nexus allowing all vlans (VPN peer links) ? WE have approximately 10 voice vlans, Do we an example config for ERSPAN session where the source are vlans (As I am for fimilliar with RSPAN) ?
View 3 Replies
View Related
Sep 5, 2011
A customer reported that their router experienced spikes (high cpu utilization) every 4 hours and claims that it is caused by snmp polling of the Ciscoworks server.
The process SNMP engine is the process that causes these spikes .We think that the job responsible of this periodic high CPU utilization. It's called "Vrf Collector Job" and it's runnning every 4 hours.Below the result of show stack PID and show version
*Sep 5 12:02:43.230 GMT+1: %SYS-1-CPURISINGTHRESHOLD: Threshold: Total CPU Utilization(Total/Intr): 56%/14%, Top 3 processes(Pid/Util): 557/39%, 488/1%, 555/0%
*Sep 5 12:02:43.286 GMT+1: %HA_EM-4-LOG: CPUTH:
Process 557: SNMP ENGINE
Stack segment 0x1CFC204C - 0x1CFC4F2C
[code]....
View 3 Replies
View Related
Jun 23, 2011
I have 3560-24PS-S (ios version 12.2(35)SE1) that have high CPU (almost 100%) use at every inventory collection (each sunday) or polling (each day 6 a.m) during 2 or 3 minutes.
I read on the forum, that this could be due to some mib object polling failure, and could, perhaps, be solved by upgrading the ios version or configuring view preventing the poll of the problematic object.
But what view to configure ?Is there well known MIB objects to filter ? Which ones ? I did not see any bug related to my IOS version and this behavior in the bug toolkit ... I join some sh commands (unfortunately done when no problem). I will try to obtain the output of the sh command when the pb occurs.
View 1 Replies
View Related
Jan 26, 2013
Recently me and my girlfriend have been having issues with in game latency, receiving pings close to jittering to well over 300 where they were formerly in the 30-40s to identical servers. We live with a Chinese housemate who is extremely conscious of her privacy/personal space, we noticed a dirge of active ports on the router (both TCP and UDP) which seemed to have no association with any major application and assumed it was the old P2P boogie-monster. She is the only one who uses Wifi, an upon briefly deactivating the Wifi, all ping issues were instantly resolved. The bizarre thing is we still have plently of up/download bandwidth, I mean we're not swimming in a fibre optic connection but still a relatively healthy 1MB dl/70KB/s ul, more than enough for gaming.Deciding we needed a better idea of what was going on in the network, we downloaded Wireshark. We discovered a couple of things that might mean something, they might mean nothing at all:Firstly there was a deluge of random ARP requests coming from the suspect IP, something along the lines of:"who has 192.168.0.(random number) Tell (suspect computer's IP)"repeated over and over in bursts. A little googling found us this: Has Your Network been Now given that she is Chinese and is probably exposed to a lot of Chinese websites, is there any chance that this could be the root cause - could it drown the network to the extent that it produces terrible pings?Secondly there have been an inordinate amount of name queries coming from her IP to 192.168.0.255 (broadcast channel), they generally take the form of:
NBNS92Name query NB WPAD<00>
or
NBNS92Name query NB ISATAP<00>
and occasionally, it will name query my network id, leading to: (her ip being 192.168.0.3)
2144211275.734470000192.168.0.3 192.168.0.255NBNS92Name query NB (my id)<20>
2144231275.739314000192.168.0.3 (my id)TCP6658451 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
2144251275.741325000192.168.0.3 (my id)NBSS126Session request, to (my network id)<20> from (her network id)<00>
2144271275.744124000192.168.0.3 (my id)SMB213Negotiate Protocol Request
[code]....
Now combine this with the sometimes 9-10 active ports our router assigns to her IP (which don't appear to relate to anything according to numerous port id sites), does this send out a red flag to any of you? I realize it would be so much easier if I could get access to her computer, but as I said, she is very private and timid and doesn't seem to like even having people in her room, let alone letting them use her computer.
View 1 Replies
View Related
Mar 28, 2013
I'm thinking of purchasing a Cisco Linksys EA6500. I need a router that can one monitor bandwidth used by device. Keep exceeding our ISP's network bandwidth allocation, need to identify the devices that are causing this high usage and be able to do so from the router. Does the EA6500's standard software support this, is their router software one can obtain for the unit that does this or is there another home router option that can perform this function?
View 6 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
May 6, 2013
We are trying to configure RSPAN at one of our sites in order to record voice calls using CallRex. We have it working successfully at another site using RSPAN (smaller site with 4x 3560 PoE switches), but when trying to set it up at this site, it causes "instability" for the voice network to say the least (some phones display one-way audio, UCM down message on the phone...not good). The calls are actually recording successfully on the CallRex server, but we cannot leave the RSPAN config in place due to the issues it causes. As soon as the RSPAN commands are removed, everything behaves normally. Here is the relevent config:
EDGE Switch 1 (Cisco 2960-48LPS):
vlan 210
name CALL-RECORDING
remote-span
interface GigabitEthernet1/0/1
[code]....
The config is pretty stright-forward, but as mentioned above, is causing major problems when turned up.CPU / memory levels are normal. Nothing shows up in the sh log on either the Edge or Core switches.
View 4 Replies
View Related
Jul 10, 2012
Any method to renumber a FEX without causing service disruption?
1) Preprovisioning the new FEX number
2) Mirror the config
3) Change the FEX association on the FEX downlink ports on the 5548
but I'm certain this will cause a disruption to the connected hosts ports which are in production on the FEX?
View 2 Replies
View Related
Jan 8, 2011
I am getting high cpu on 6500 swich running with SUP2 . Below is process cpu output .
****************** show proc cpu ******************
CPU utilization for five seconds: 97.03% one minute: 97.08% five minutes: 97.02%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process--- ----------- ---------- -------- ------- ------- ------- --- ---------------1 335581512 0 0 2.97% 2.92% 2.98% -2 Kernel and Idle2 6 128 1000 0.00% 0.00% 0.00% -2 Flash MIB Updat3 10468247 8763359 192000 0.98% 0.00% 0.00% -2 SynConfig 4 1694917 1210299 3000 0.57% 0.00% 0.00% -2 Statuspoll 5 341501 2798181 2000 0.19% 0.00% 0.00% -2
[Code]....
View 2 Replies
View Related
Jan 21, 2012
As per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies
View Related
Sep 12, 2006
Is there any commands to know the Current Heat Dissipation of high end routers and switches 7600,6500? Even though we can calculate thro. corresponding calculators, i eager to know is there any commands to do that?
View 4 Replies
View Related
Jan 24, 2013
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
View 1 Replies
View Related
May 9, 2013
I'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
View 3 Replies
View Related
Mar 3, 2012
I have 2 6509-E chassis with SUP-720-VSS and classic line cards :-(. on October 2011 the switch reached 100% CPU on both devices and the entire network went down. Customer restarted the core so we lost all the log files and couldnt find out any root cause on the same. TAC engineer suggested to have some script configured on the system in case of CPU shooting up above 70%, it will create a file in flash and keep appending the logs to the same. Last week i got call from customer saying that the CPU again went high for around a minute on both the cores. Last time i added CoPP also on the switch in order to prevent the CPU reaching 100%. Still it went high and from the captured logs i saw that the process created the high CPU was Port Manager Per and SSH process. Attached the file created by the netdr capture command.
View 1 Replies
View Related
Jun 8, 2013
The fans 1 & 2 in Module 1 on the Nexus5K are still experiencing the very high RPM and speed issue.
I have replaced the fan from another operational Nexus5K, and the fans are fine in the other Nexus. The replacement fans also have the same issues, so it is not a fan hardware issue.
There are no threshold alarms. the only log entry that is related to this is as follows:
%NOHMS-2-NOHMS_ENV_ERR_FAN_SPEED: System minor alarm in fan tray 1: fan speed is out of range on fan 1. 7950 to 12500 rpm expected. I have provided the output for both the fan detail and the temperature.
N5K-01# sh environment fan detail
Fan: --------------------------------------------------- Module Fan Airflow Speed(%) Speed(RPM) Direction --------------------------------------------------- 1 1
[Code].....
View 4 Replies
View Related
Nov 7, 2011
Currently, my Cisco 3750x (2 switches stacking) is having very hight CPU. Below are some of the output :
3750-ANA#sh processes cpu sorted | ex 0.00
CPU utilization for five seconds: 55%/30%; one minute: 55%; five minutes: 55%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code]....
I am not sure what is using CPU to go up like this. I had tried some troubleshooting guide on Cisco web site like "Troubleshooting high CPU Utilization"
View 3 Replies
View Related
Feb 3, 2013
I have a one question. I am using Cat3750x-48 switch. Suddenly it has occurred following high CPU log message in Cat3750x-48 switch.
%SYS-1-CPURISINGTHRESHOLD: Threshold: Total CPU Utilization(Total/Intr): 62%/0%, Top 3 processes(Pid/Util): 162/40%, 156/10%, 74/1%
What is meaning of PID 162 ?
View 1 Replies
View Related
Jun 2, 2012
I used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
swsur(config)#ip routing
[Code]....
View 3 Replies
View Related
Oct 30, 2011
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
View 2 Replies
View Related
Mar 16, 2013
Where is the "ip routing" command in Cisco switch 6500 series?
is the ip routing enable by default accoridng to the: [URL]
View 3 Replies
View Related
Nov 30, 2011
We are seeing the cpu on 2 of our C500 switches running at 99% with the following process causing the issue,.
View 1 Replies
View Related
Sep 7, 2012
My 4500 core always in 60 % cpu utility , and when i run #sh proc cpu sorted i find that
55 29725041543795572214 0 39.43% 41.40% 41.39% 0 Cat4k Mgmt LoPri
Which mean that this process is the top one , and when i run #sh platform health i found that Stub-JobEventSchedul
10.00 15.98 10 64 100 500 20 17 12 29269:55 K2 CpuMan Review
30.00 35.60 30 48 100 500 49 46 32 52390:52
Those two process are the top and they already exceed their maximum rang and when i run #sh platform cpu packet statistics i can find that Packets Received by Packet Queue
Queue Total 5 sec avg 1 min avg 5 min avg 1 hour avg
---------------------- --------------- --------- --------- --------- ----------
Esmp 5053121950 475 462 340 326
L2/L3Control 244395185 17 8 5 11
Host Learning 67315739 0 0 0 0
L3 Fwd Low 346689615 73 23 14 13
L2 Fwd Low 5336180603 1180 1129 831 804
L3 Rx Low 2287913 0 0 0 0
RPF Failure 7510829 1 0 0 0
View 2 Replies
View Related
Mar 28, 2013
We have a Cisco 3845 router configured as a voice gateway with multi SIP trunks. But when it reachs 200 calls traffic, the CPU increase to 60-70% and caused by CCSIP_SPI_CONTROL process.
CPU utilization for five seconds: 46%/30%; one minute: 54%; five minutes: 58%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
377 400729448 171017979 2343 6.31% 10.71% 12.44% 0 CCSIP_SPI_CONTRO
[Code].....
View 2 Replies
View Related
Feb 4, 2013
my 3750-E Core Stack is connected to the Provider Router and is the DG for the internal LAN. I saw that the CPU is very high also in the night, but I found not the problem. I use an SVI to connect the provider due to HA reasons. I sniffered the network but saw no ecessive broadcaststorms. There was a PBR configured but I deleted it wihtout any success..
switch Version
15.0(1)SE1
10#sh proc cpu so
[Code]......
View 6 Replies
View Related
Jan 31, 2012
We are facing high CPU Utilization on Cisco 3750X-48P-L without any traffic on it. find the attached log files for 2 separate 3750's stack, we have upgraded the IOS of SW2 from "c3750e-universalk9-mz.122-55.SE3.bin" to "c3750e-universalk9-mz.122-55.SE4.bin" but still we found the same issue with CPU utilization.
View 4 Replies
View Related
Apr 24, 2013
I've been looking at reported problems with our Vdeio Conferencing kit attched to a stack of 3750's (which I think is down to QoS) but this got me looking at the logs. We get a lot of high CPU utilization warnings mainly for SNMP (315), Hulc running con (95), Virtual exec (289). I understand the last two are normal, and the SNMP one is probably Cisco Works polling as it happens every 4 hours.
However I've got an odd one: Apr 25 07:34:58: %SYS-1-CPURISINGTHRESHOLD: Threshold: Total CPU Utilization(Total/Intr): 93%/0%, Top 3 processes(Pid/Util): 296/85%, 144/0%, 154/0%
What is Pid 296? It's not listed on the switch:
293 39056 18456 2116 0.00% 0.00% 0.00% 0 SpanTree Helper
294 8 73 109 0.00% 0.00% 0.00% 0 EEM Server
295 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
[Code].....
View 7 Replies
View Related
