Hi Phil, Thanks for your email. Below is my answer: > Do you have any CoPP or MLS limiters enabled? I am thinking particularly the TTL and MTU ones. The CPU only spikes in less than a minute show I cannot catch it when it high. I had CoPP applied as below ============================================================== ip access-list standard CoreIP permit 172.16.x.x 0.0.0.255 permit 172.16.x.x 0.0.0.255 ! class-map match-all CoreIP match access-group name CoreIP ! policy-map CoPP class CoreIP police 20000000 conform-action transmit exceed-action drop class class-default police 6000000 conform-action transmit exceed-action drop ! control-plane service-policy input CoPP ==============================================================
The output shows more than 12Mbps of traffic (matched by class-default) is sending to CPU. I believe this is value is high but I could not determine what type of traffic is sending to CPU ============================================================================ === PE-Router#sho policy-map control-plane Control Plane Service-policy input: CoPP Hardware Counters: class-map: CoreIP (match-all) Match: access-group name CoreIP police : 20000000 bps 625000 limit 625000 extended limit Earl in slot 1 : 1684255 bytes 5 minute offered rate 2808 bps aggregate-forwarded 1684255 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 3760 bps exceed 0 bps Earl in slot 4 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 6 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 7 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 9 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Software Counters: Class-map: CoreIP (match-all) 27872 packets, 2226445 bytes 5 minute offered rate 4000 bps, drop rate 0000 bps Match: access-group name CoreIP police: cir 20000000 bps, bc 625000 bytes conformed 27915 packets, 2229727 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 4000 bps, exceed 0000 bps Hardware Counters: class-map: class-default (match-any) Match: any police : 6000000 bps 187000 limit 187000 extended limit Earl in slot 1 : 7697842499 bytes 5 minute offered rate 12430840 bps aggregate-forwarded 3726798935 bytes action: transmit exceeded 3971043564 bytes action: drop aggregate-forward 6016104 bps exceed 6414120 bps Earl in slot 4 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 6 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 7 : 908447 bytes 5 minute offered rate 880 bps aggregate-forwarded 908447 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 624 bps exceed 0 bps Earl in slot 9 : 304 bytes 5 minute offered rate 0 bps aggregate-forwarded 304 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Software Counters: Class-map: class-default (match-any) 7093 packets, 1164410 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: any 7093 packets, 1164410 bytes 5 minute rate 2000 bps police: cir 6000000 bps, bc 187500 bytes conformed 7101 packets, 1165380 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 3000 bps, exceed 0000 bps ============================================================================ === > You could ERSPAN the RP/SP CPU to a remote machine, then correlate CPU spikes with the captured traffic. How can I do this? Do you have any guideline? > How many BGP routes and peers do you have? What is the churn rate on the BGP table? Is there any IGP stability? Is there any possibility of a loop? We only run MP-BGP for MPLS VPN on this router. The BGP table contains less than 10 routes. I do not tune any BGP timer and keep it as default. We run OSPF inside the network and seems there is no instability. Thanks, Rin _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/