Hello everyone,
Today I will share with you how to deal with high CPU usage.
Fault Symptom
After devices in the core equipment room of a stadium in the UK were deployed, the AR3260 system responded slowly and the system CPU usage exceeded 70% in the case of a few services. After detailed information was checked, the CPU usage of the SNMP module reached about 40% to 50%.
Alarm Information
None
Troubleshooting Procedure
1. Run the display snmp-agent statistics command to view SNMP statistics. The command output shows that the device received a large number of SNMP packets but did not process these packets because the number of packets exceeded the buffer queue capacity. As a result, error statistics were collected.
2. Capture packet information, finding that the device received a lot of getbulk packets and that the source address of these packets is not the eSight address of the internal network but a public IP address. Therefore, these packets may be attack packets from the public network.
Root Cause
The device uses the default read-write community name. On the gateway's outbound interface, you can view many SNMP-getbulk packets carrying the public source IP address. These packets are suspected to be attack packets. As a result, the device keeps processing these packets.
Summary and Suggestions
Modify the read-write attribute to solve the problem. During live-network deployment, do not use default parameter values.
That is all I want to share with you! Thank you!
