Router#show proc cpu
CPU utilization for five seconds: 63%/50%; one minute: 58%; five minutes: 58
%
PID  Runtime(ms)  Invoked  uSecs    5Sec   1Min   5Min TTY Process
   1        4976     54773     90   0.00%  0.00%  0.00%   0 Load Meter
   2        3788       670   5653   1.71%  0.22%  0.15% 130 Virtual Exec
  24        3592       632   5683   0.00%  0.04%  0.09% 131 Virtual Exec
  25   101868424  30627416   3326   8.76%  9.04% 10.41%   0 IP Input
CPU utilization for five seconds: 63%/50%
50%是指由于Interrupt switching 导致的CPU utilization, 所谓的Interrupt switch
ing 也就是指所有除了process switching 的交换方式,例如fast switching, optimu
m switching, cef switching....所产生的CPU负载
Average utilization due to interrupts, during last five seconds
63%指的是最近5秒的CPU utilization总和,包括(interrupts + processes)
Average total utilization during last five seconds (interrupts + processes)
用63%-50%=13%, 这13%是基本由于process switching导致的CPU消耗,理解Cisco 路由
器交换方式的人都知道,有一些流量路由器是必须使用process switching,例如icmp,
也就ping, snmp等都是必须使用process switching
通常看来,如果打开了cef switching但是process switching部分的cpu utilization(
63%-50%=13%)非常高,很可能目前情况不太正常,,因为如果打开cef的话,基本上除
了icmp, snmp等类型的包外,都应该采用cef switching,但这部分差值由谁导致的,就
要看show process cpu了, 从上面的例子可以看出来:
PID  Runtime(ms)  Invoked  uSecs    5Sec   1Min   5Min TTY Process
25   101868424  30627416   3326   8.76%  9.04% 10.41%   0 IP Input
由于此路由器已经打开了cef,但为什么还有这么多的IP Input流量是通过process swi
tching处理呢?
使用show  interface state可以看到每个接口不同swiching方式产生的流量,如果某个
接口的process部分很高,那很可能问题就出在这个端口。
Router#show interfaces stat
FastEthernet0/0
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    7995038  553590227    8470311  629922225
             Route cache   42017034 3042361084   47856422 3952941601
                   Total   50012072 3595951311   56326733  287896530
FastEthernet1/0
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    1478297  178528355    1007368  101120880
             Route cache   46470310 3666895196   40629605 2756450367
                   Total   47948607 3845423551   41636973 2857571247
使用show ip traffic命令来确认到底是那一种流量过大。
从下例中可以看出, 几个不太正常的地:
1.在ICMP中有321413 unreachable,2263321 echo reply,很明显路由器响应的ICMP太
多了,如果每隔几秒都有数量增加,建议在接口状态下关掉IMCP redirects, unreacha
ble以及echo reply,这些只会增加CPU负担。
interface xxxx
no ip redirects
no ip unreachables
...
2.在UDP statistics中:
  Rcvd: 7112 total, 0 checksum errors, 21093 no port
大量的no port就不太正常了,一般都是由于某些hacker软件扫描端口造成的, 如果每
隔几秒都有数量增加,建议关掉proxy-arp
interface xxx
no ip proxy-arp
3. 在IP statistics,有89518 bad hop count,这一般是由于TTL过期导致的,如果每
隔几秒都有大量计数增加,很明显,网络中存在routing loop,尽快检查你的数据配置
或是询问你的ISP怎么给你做的路由。
Router#show ip traffic
IP statistics:
  Rcvd:  190022549 total, 13327 local destination
         2 format errors, 0 checksum errors, 89518 bad hop count
         0 unknown protocol, 0 not a gateway
         0 security failures, 0 bad options, 0 with options
  Opts:  0 end, 0 nop, 0 basic security, 0 loose source route
         0 timestamp, 0 extended security, 0 record route
         0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump
         0 other
  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
         6583 fragmented, 0 couldn't fragment
  Bcast: 2433 received, 77 sent
  Mcast: 0 received, 0 sent
  Sent:  100452 generated, 99773529 forwarded
  Drop:  430 encapsulation failed, 1479 unresolved, 0 no adjacency
         3606 no route, 0 unicast RPF, 0 forced drop
ICMP statistics:
  Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 321413 unreachable
        2281 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench
        0 parameter, 0 timestamp, 0 info request, 0 other
        0 irdp solicitations, 0 irdp advertisements
  Sent: 0 redirects, 4 unreachable, 0 echo, 2263321 echo reply
        0 mask requests, 0 mask replies, 0 quench, 0 timestamp
        0 info reply, 89517 time exceeded, 0 parameter problem
        0 irdp solicitations, 0 irdp advertisements
UDP statistics:
  Rcvd: 7112 total, 0 checksum errors, 21093 no port
  Sent: 5883 total, 0 forwarded broadcasts
TCP statistics:
  Rcvd: 3935 total, 0 checksum errors, 4 no port
  Sent: 2788 total