DOS identifier

[tuks]

Hi,

Yesterday we have some problems in our network. I log in to our router and the response was very slow. Once inside, I did a "show process" . Found out that the utilization keeps changing from 90% to 98% . I did not want to log in to the console and run debug as I think this is not a good idea.

What I suspect was there was someone logging in to the router or someone running something trying to capture traffic or whatever. So I just reboot the router and its normal again.

Is my theory right or wrong ? If its wrong, then waht is the reason for the increase in the CPU utilization ? .

Hope someone helps.

regards

 

[jeter]

Debugging the router will cause some latency however I do not believe that this is your problem. Do a sh process and look at the entries and try to determine if there is an area you can target your search. Also type in sh tech and this also will help identify a problem at hand. If you think that there is a chance that someone is getting into your router you may want to setup a firewall or something as simple as access list. Good Luck !!!
Jeter@LasVegas.com
J.Fisher CCNA

 

[fynx]

Are you running any debugging already? Some debugging commands do have a detrimental effect on CPU. If you dont require debugging, turn it off.

Try the command "show proc cpu", this will list all the processes and how much cpu they are using. Identify the process, there may be an IOS fix for the problem (post back the proc.)

Cheers,
Phil. If everything is coming your way then you're in the wrong lane.

 

[fynx]

Are you running any debugging already? Some debugging commands do have a detrimental effect on CPU. If you dont require debugging, turn it off.

Try the command "show proc cpu", this will list all the processes and how much cpu they are using. Identify the high usage processes, there may be an IOS fix for the problem (post back the proc.)

Cheers,
Phil. If everything is coming your way then you're in the wrong lane.

 

[wybnormal]

Lets put it this way.. debug should be used with caution!!! It's possible and likely to put such a load on the router that you can not telnet back to it in order to turn off the debug. Debug IP packlets, IPX packets and the like put a VERY heavy load on the router and is almost fatal to the smaller router like the 1600s or even a moderately loaded 2500. KNOW YOUR NETWORK before you start messing with things like this. Bringing down the company 7500 router in the middle of the day is not a career enhancing move ;-)

Many things can cause the load.. A router running EIGPR with a SIA ( stuck in active) route that wont clear, messy convergenece from routes flapping, excessive SAP traffic, ARP storms and the list goes on. Broadcast storms have been the number one thing I've seen to bring a router to it's knees. I had another client who turned OFF route caching which is a real drag for performance. Excessive access lists which cause the router to examine ALL packets can put a heavy load on the router CPU as does NAT if it's a large NAT table.

This is a good article about this subject.

http://www.cisco.com/warp/public/63/highcpu.html

MikeS
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[aceman]

The sho process list needs to be looked at to determine the process which is using the most cpu.

In addition if you are worried about access to the router then the security centres around the passwords and if needed an access-list for router access.

A reboot of the router clears all buffers and obviously relaods the router to an initial state.

Does the problem keep happening ?

Have you any network tools that will monitor the router and somewhere to send syslog output for capturing information ?

The network structure and devices on your network would come into play as it may be caused by something external to the router.

Hope this helps a little