High CPU usage on your Cisco router can be caused by a number of things, Its your job to find out why and fix the issue. Now before you go and reload the router and cut all the users off from your data centre and most importantly the internet, lets look at ways to troubleshoot the root cause.
First of all there are a number of show commands you can use, the most important command of all is the “show log” (assuming you have logging enabled, if you don’t then that’s a schoolboy error) Look for unusual entries like link flapping, arp messages, HSRP messages, routing topology changes etc. If you see anything that’s out of the ordinary make a note of it then move on to the next command.
“show processes cpu history” this will give you a nice little visual of the last 60 seconds, 60 minutes and 72 hours so you can see how long this problem has been going on for, you might also be able to use this to trace back to certain times of the day and correlate this with your log messages. See pic for example.
The next show command you should be using is the “sh processes cpu sorted” this command will show you a list of processes and the cpu percentage they are using for the last 5 seconds, 1 minute and 5 minute’s. See my pic for an example, in this example I’ve highlighted an important part of the output this shows us the CPU interrupt percentage, typically this should not be over 10%
I have used this process to troubleshoot high CPU on many routers and switches here is a list of just a few of the issues I’ve come across before.
High processor use on “arp input” an arp message is sent as a broadcast and are limited to one request every 2 secs for the same IP, so if you do a “show arp” and see lots of incomplete entries chances are your default route is specified as an interface or someone is scanning your subnet for hosts.
Spanning-tree misconfiguration can be a cause of high CPU usage if for example there is a layer 2 loop this will cause high CPU usage, but if you have the correct precautions like, “BPDU Guard” and “port-security” on your access ports you should be ok.
Link Flapping, commonly associated with a BGP flap causes high CPU usage this may only spike your CPU but if it’s happening every few seconds or minutes then you need to investigate why the link is flapping.
Routing protocol changes, a topology change can sometimes spike your CPU, have a look at the size of your routing table are the updates too big? even a route-map can be the cause of high CPU having to process too many.
Someone else is running a debug command on another session, use the “show users” to see who else is logged in and find out if they have any debugs running if not then use the “undebug all” command to kill any debugs then check your CPU usage
This is just a simple troubleshooting process and be no means exhaustive but if you use the 3 show commands above I’m sure you’ll find the issue by the time you get the last one.
RH
all-things-networking 