It has been a while but I wanted to follow up on the problem I was having. It looks like IOS is the main culprit. I downgraded from 12.4(21) to 12.3(14)T7 this morning and the CPU utilization has dropped. I received a message from another user that has 7206VXRs with NPE-300s and he had CPU utilization issues with 12.4.
Thanks for all the help everyone! Spencer -----Original Message----- From: Spencer Sent: Thursday, December 18, 2008 9:00 AM To: 'Mikael Abrahamsson' Cc: [email protected] Subject: RE: [c-nsp] Cisco 7206 - High CPU Utilization Thanks for the suggestion, unfortunately it didn't have an impact on the CPU utilization. I received this suggestion as well: " If you run AES instead you'll massively reduce your CPU utilization. I'd suggest a G1 at least for what you're doing. An 1811 would probably run better than this router because the processor is at least somewhat designed to handle what you're doing." It helped reduce utilization on the VPN process by about 20% but I'm still seeing high CPU utilization when uploading from our network and I should have mentioned that the border router with the high CPU utilization is connected to another Cisco 7206 with a lesser NPE-200. All the same traffic flowing through the border router is going through the core so you'd think it would exhibit the high CPU utilization but it never breaks a sweat. This seems important and seems to indicate the border router is having a problem? I'm thinking downgrade the IOS on the border router ((C7200-JK9O3S-M), Version 12.4(21)) to match the core ((C7200-IK9S-M), Version 12.3(14)T7). Perhaps the newer IOS with the bigger feature set is too much for the border router? If that doesn't work I'd also be curious to see what would happen if I moved the T3 card to the core router and see if the CPU utilization goes up on it but I can't do that until after the holidays. I've followed Cisco's guide to troubleshooting high IP input utilization and I can't think of anything else to do configuration wise on the border router. Thanks for all the help from everyone so far, it is very much appreciated. Spencer -----Original Message----- From: Mikael Abrahamsson [mailto:[email protected]] Sent: Wednesday, December 17, 2008 11:13 AM To: Spencer Cc: Church, Charles; [email protected] Subject: Re: [c-nsp] Cisco 7206 - High CPU Utilization On Wed, 17 Dec 2008, Spencer Barnes wrote: > I removed all ACLs and Netflow but that did not have an effect. I think > I can move NAT to the core router for testing purposes, I'll try and do > that tomorrow morning. IOS version is (C7200-JK9O3S-M), Version > 12.4(21). If you're tunneling over 1500 media, doing "ip tcp mss-adjust 1300" on the interface where the traffic to encrypt/tunnel is passing unencrypted/untunneled, might help you. Worth a try though, you don't want multiple tunnel/encrypted packets per packet in the VPN. -- Mikael Abrahamsson email: [email protected] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
