CPU spikes on switches and routers can cause crazy problems in the network because of the way that traffic flowing through the network gear can be discarded or paused. Applications like Solarwinds that track network utilization only show the processor usage average rather than tracking spikes that occur periodically. Network problems can still occur when the processor spikes close to 100 percent even for a few seconds.

Thankfully, Cisco has included a new command that can track cpu spikes. You must be at the enable prompt in order to issue this command.

routerA#show process cpu history

This command will show CPU usage charts of the switch or router for the past 60 seconds, 60 minutes and 72 hours. The charts are neatly created in text format and show average CPU usage with the # sign and maximum CPU with * symbols. Note that the charts are not retained after the router or switch has rebooted. For the most part, anything above 80 percent is a concern. If the maximum CPU reaches above that point, then the network device probably created some sort of network disruption because there wasn’t enough CPU cycles leftover to process the traffic. The symptoms are unusual, unexplainable and intermittent network problems– almost like ghosts or gremlins are causing havoc in the network.

Isolating what is causing the CPU spikes

Unfortunately, most of the detective work comes after diagnosing the CPU spike. The simplest way is to watch the device and enter the following command during the processor spike.

RouterA#show process cpu sorted

The process occupying the most processor time will pop up to the top. That should isolate what type of traffic that is causing the spike. Notice that this command shows CPU utlization for the five seconds, one minute and for five minutes

Cisco gear is designed to process typical traffic in its special hardware rather than in the CPU, so a CPU spike is a sign that something atypical is occurring on the network. The exact cause can be almost anything. For example, some types of traffic are designed to be processed by the processor in newer Cisco equipment like Appletalk and IPX, which are older protocols that have been replaced by TCP/IP. An overly complicated configuration with too many Access Control Lists can cause problems too. Perhaps the device is under attack from hackers, called a Denial of Service attack, or or the network utilization is beyond the device’s capacity and an upgrade is needed.

Related posts:

  1. Configuring SSH on Cisco routers/switches (How-to)With all of the security problems out there today, it...
  2. Working with VLANS on Cisco SwitchesHistorically, creating multiple networks required multiple switches, but VLANs (Virtual...
  3. Configure Port Mirrors on Cisco SwitchesSwitches make network troubleshooting a bit more difficult because not...
  4. Authentication in Cisco IOSAdding username and password authentication to Cisco routers and switches...
  5. Troubleshoot VLAN trunksThe syntax for setting up VLAN trunks on Cisco switches...

Related posts brought to you by Yet Another Related Posts Plugin.