Solved

Cisco IOU High CPU Usuage

Posted on 2016-08-12
6
180 Views
Last Modified: 2016-08-13
Hello Experts,

I use Cisco IOU provided by flyxy.cn at http://91sec.blogspot.co.uk/2014/03/my-cisco-iou-racks-from-flyxj-iouv3.html

The Cisco L2 IOU 12 causes a lot of CPU usage causes high CPU usage. The high CPU usage is System not Users: more debugging shows that L2 IOU causes a lot of loopback traffic. It was suggested to use the following commands:

class-map match-all ARP
  match protocol arp

policy-map ARP-limit
  class ARP
   police rate 2 pps burst 20 packets peak-rate 7 pps
     conform-action transmit
     exceed-action drop
     violate-action drop

http://www.routereflector.com/2012/09/l2-iou-high-cpu-usage/

However, I don't see where to apply to policy. Can someone shed some light

Cheers

cpatte7372
0
Comment
Question by:Member_2_7966113
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 30

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 41754239
Most likely you should apply it on loopback interface (since it is loopback traffic)  :)

interface loopback0
service-policy output ARP-limit

Most likely you need to restrict traffic from loopback in out direction,.
0
 
LVL 4

Expert Comment

by:Steven Roman
ID: 41754435
Hello

This is still going to use processing to try to limited the traffic

Try to determine why this is going on.  ARP could be MAC address flooding on your IOU Lab.

If that does not show any thing try GNS3 or Cisoc VIRL

Hope this helps.

Thanks
0
 
LVL 1

Author Comment

by:Member_2_7966113
ID: 41754627
Hello Steven

Does Cisco VIRL do switching?

Regards
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 30

Expert Comment

by:Predrag Jovic
ID: 41754631
Yes, but you need to pay for it. Check prices on Virl page.
0
 
LVL 1

Author Comment

by:Member_2_7966113
ID: 41754635
Hi Steven,

I've just checked out Cisco VIRL, its not for me.

Cheers
0
 
LVL 1

Author Closing Comment

by:Member_2_7966113
ID: 41754637
Thanks for responding. That solved the problem
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question