Burton, There is already ~150mbps of other traffic flowing through this switch, all of which generates approximately zero CPU, which is how it looks for 11 other active 3550s, all pushing hundreds of mbps; they're extremely good at high pps layer 3 with very little CPU usage. Yes, cef is on everywhere.
The thing that draws the attention here is that it is the only 3550 in our network that has more than 1-2% CPU. Of all of the customers attached to this switch, his is the only port whose graph is an exact match for the CPU usage, and his traffic is overwhelmingly IPSec. I guess I could move him to a different 3550 distribution switch and see if the problem follows. Thanks for your continued input - Randal On Fri, Nov 21, 2008 at 11:17 AM, Burton Windle <[EMAIL PROTECTED]> wrote: > I could be very wrong here, but I'm thought that if the usage is in the > interrupt, then the CPU usage is just because of the volume of traffic, not > the contents. But don't quote me on that. > > Easy way to test would be to push a similar volume of non-IPSec traffic and > see what the CPU does. > > > -- > Burton Windle [EMAIL PROTECTED] > > > On Fri, 21 Nov 2008, randal k wrote: > >> Excuse my typo, my original answer of "IP Input" was completely wrong, >> since it's pretty easy to get them confused. I'm looking at it now and >> it's purely Interrupt traffic. >> >> dist03.cos01#show proc cpu >> CPU utilization for five seconds: 26%/24%; one minute: 25%; five minutes: >> 26% >> >> No, I'm not running anything on the 3550, it's purely a packet pusher. >> It is a 3550-12T, and hanging off of it is the customer's 3560g-24TS >> and VPN3000. All of the tunnels terminate on the Concentrator - the >> 3550 just does some basic layer3 forwarding and has no features. >> >> Net -- 7206edge -- 6509core --- 3550dist --- 3560customer/VPN3000customer >> >> That's why I find it a little bit odd that just forwarding IPSec >> packets (not originating/terminating them) is hitting the CPU. >> >> Randal >> > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
