Hello.
I have what seems to be a big problem here with CPU utilization on my 2620 router.
I will display the config below but basically this router's sole function is to service DSL subscribers.
We have two ATM circuits that are bonded to provide 3 megs throughput.
here are my cpu stats:
CPU utilization for five seconds: 69%/35%; one minute: 68%; five minutes: 69%
50 5016268 890226 5634 5.91% 4.92% 4.74% 0 IP Input
133 33445120 2093594 15974 24.71% 26.61% 27.57% 0 HyBridge Input P
As you can see the HyBridge Input P doesn't look good at all.
I am not running CEF because for some reason it isn't working correctly when i do a #(Config)ip cef
this may have to do with the BVI bridging and ATM's.
I Have have been told to switch to RBE but if that is so can someone tell me what and how i need to change my config below so RBE will work? we have around 100 PVC's that are entered and i don't use numbered interfaces for each PVC.
the BVI1 is the interface that has the main ip address (dsl customer default gateway). Can I setup RBE in a similar fashion where i don't have to assign an ip address per interface? we assign static ip addresses for each customer and their modems are setup for bridging....we don't use DHCP or PPPOE.
Like I said, my main issue is the CPU usage but i'm thinking this is due to the type of bridging i'm using here and i think i need to change things. things that can't be changed are at the premises of each dsl subscriber. I cannot modify their settings. they each have a static ip address and gateway address as well as dns ip's.
can someone help me out here and offer a solution for me?
I greatly appreciate the help you all give.
Here is my config:
Current configuration : 14128 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco2620
!
boot-start-marker
boot system flash c2600-is-mz.123-16a.bin
boot-end-marker
!
no logging on
!
no aaa new-model
ip subnet-zero
no ip rcmd domain-lookup
no ip cef
!
!
ip name-server 12.44.x.x
!
!
bridge irb
!
interface FastEthernet0/0
description connected to EthernetLAN
ip address 12.44.2xx.1 255.255.255.192 secondary //another subnet
ip address 12.44.2xx.162 255.255.255.192 //main ip of router
ip access-group 101 in
speed auto
half-duplex
arp timeout 3600
!
interface ATM1/0 //main ATM interface that is bonded to Ima-group 0
no ip address
no atm ilmi-keepalive
ima-group 0
clock source loop-timed
scrambling-payload
!
interface ATM1/3 //another ATM interface bonded to Ima-group 0
no ip address
no atm ilmi-keepalive
ima-group 0
clock source loop-timed
scrambling-payload
!
interface ATM1/IMA0 //IMA interface
bandwidth 10000
no ip address
no atm ilmi-keepalive
!
interface ATM1/IMA0.3 multipoint //virtual interface for entering pvc's
bandwidth 10000
bridge-group 1
pvc 1/32
!
pvc 1/36
!
interface ATM1/IMA0.4 multipoint //secondary interface for entering pvc's
bandwidth 10000
bridge-group 1
pvc 1/33
!
pvc 1/34
!
interface BVI1 //bridged virtual interface that is the default gateway for all dsl customers.
description Shared subinterface for DSL customers
ip address 12.44.2xx.65 255.255.255.192 secondary //secondary DSL IP RANGE
ip address 12.154.1xx.129 255.255.255.192 //primary DSL IP RANGE
no ip redirects
no ip proxy-arp
no ip mroute-cache
arp timeout 600
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 12.44.x.x //main router to ATT
!
access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny pim any any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
access-list 101 deny ip 127.0.0.0 0.255.255.255 any log
access-list 101 deny ip 255.0.0.0 0.255.255.255 any log
access-list 101 deny ip 224.0.0.0 7.255.255.255 any log
access-list 101 deny ip host 0.0.0.0 any log
access-list 101 permit tcp any any eq domain log
access-list 101 permit udp any any eq domain log
access-list 101 deny tcp any any eq 3306 log
access-list 101 deny tcp any any eq ident log
access-list 101 deny tcp any any eq 11 log
access-list 101 deny udp any any eq 11 log
access-list 101 deny tcp any any eq daytime log
access-list 101 deny udp any any eq 13 log
access-list 101 deny tcp any any eq 17 log
access-list 101 deny udp any any eq 17 log
access-list 101 deny tcp any any eq 18 log
access-list 101 deny udp any any eq 18 log
access-list 101 deny tcp any any eq chargen log
access-list 101 deny udp any any eq 19 log
access-list 101 deny tcp any any eq 69 log
access-list 101 deny udp any any eq tftp log
access-list 101 deny tcp any any eq 12345 log
access-list 101 deny udp any any eq 12345 log
access-list 101 deny tcp any any eq 27374 log
access-list 101 deny udp any any eq 27374 log
access-list 101 deny tcp any any eq 31337 log
access-list 101 deny udp any any eq 31337 log
access-list 101 deny tcp any any eq 31338 log
access-list 101 deny udp any any eq 31338 log
access-list 101 deny tcp any any eq 65000 log
access-list 101 deny udp any any eq 65000 log
access-list 101 deny tcp any any eq 5 log
access-list 101 deny udp any any eq 5 log
access-list 101 deny tcp any any eq discard log
access-list 101 deny udp any any eq discard log
access-list 101 deny tcp any any eq 445 log-input
access-list 101 deny udp any any eq 445 log-input
access-list 101 deny tcp any any range 135 139 log-input
access-list 101 deny udp any any range 135 netbios-ss log-input
access-list 101 deny icmp any any echo
access-list 101 deny icmp any any echo-reply
access-list 101 deny icmp any any log-input fragments
access-list 101 deny icmp any any
access-list 101 permit tcp any any established
access-list 101 permit ip any any
!
tftp-server system
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 aging-time 600
!
dial-peer cor custom
!
