This document provides information about the output of the show processes cpu command when you issue the command on the Cisco Catalyst 4500/4000, 2948G, 2980G, and 4912G switches that run Catalyst OS (CatOS) system software. This document describes how to identify the causes of high CPU utilization on these switches. The document also lists some common network or configuration scenarios that cause high CPU utilization on the Catalyst 4500 series.
Note: If you run Cisco IOS Software-based Catalyst 4500/4000 series switches, refer to High CPU Utilization on Cisco IOS Software-Based Catalyst 4500/4000 Switches.
Note: In this document, the words switch and switches refer to the Catalyst 4500/4000, 2948G, 2980G, and 4912G switches.
Like Cisco routers, switches use the show processes cpu command in order to show CPU utilization for the switch Supervisor Engine processor. However, due to the differences in architecture and forwarding mechanisms between Cisco routers and switches, the typical output of the show processes cpu command differs significantly. The meaning of the output differs, too.
This document clarifies these differences. The document describes use of the CPU on the switches and how to interpret the show processes cpu command output.
There are no specific requirements for this document.
The information in this document is based on the software and hardware versions for:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Cisco software-based routers use software in order to process and route packets. CPU utilization on a Cisco router tends to increase as the router performs more packet processing and routing. Therefore, the show processes cpu command can provide a fairly accurate indication of the traffic processing load on the router.
Catalyst 4500/4000 that run CatOS, 2948G, 2980G, and 4912G switches do not use the CPU in the same way. These switches make forwarding decisions in hardware, not in software. Therefore, when the switches make the forwarding or switching decision for most frames that pass through the switch, the process does not involve the Supervisor Engine CPU.
Instead, the Supervisor Engine CPU performs other important functions. The functions that it performs include:
Assists in MAC address learning and aging
Note: MAC address learning is also called path setup.
Runs protocols and processes that provide network control
Examples include Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), and Port Aggregation Protocol (PAgP).
Handles network management traffic that is destined to the sc0 or me1 interfaces of the switch
Examples include Telnet, HTTP, or Simple Network Management Protocol (SNMP) traffic.
The show processes cpu command provides information about the Supervisor Engine CPU; the switch hardware that makes the forwarding decisions does not provide this information. Therefore, the output of the command does not directly correlate to the switching performance or traffic load of the switches.
You can locate potential issues and fixes if you:
In some cases, even a switch that passes little or no traffic reports CPU utilization that is higher than is typical with other CatOS-based switches. Output of the show processes cpu command shows this high CPU utilization.
Note: Examples of other CatOS-based switches are the Catalyst 5500/5000 and 6500/6000 series switches.
On a Catalyst 4003, 4006, 2948G, 2980G, or 4912G switch, typical CPU utilization is 1–30 percent. On a Catalyst 4006 switch on which you have installed one or more WS-X4148-RJ45V modules, the typical utilization is higher. The typical utilization is usually 20–50 percent. The utilization is higher because these modules perform additional port monitoring in order to detect connected IP phones. The modules need to detect the connected phones so that inline power can be applied, if necessary.
As a rule, these percentages do not increase in proportion to the amount of traffic that passes through the switch. Therefore, whether the switch is completely idle or passes large amounts of traffic, the average CPU utilization percentages do not change significantly.
Typically, the highest percent utilization processes are the Switching Overhead and the Admin Overhead processes. This example shows the output of the show processes cpu command on a Catalyst 4006 switch with a Supervisor Engine II that runs CatOS:
Note: Some output has been suppressed for clarity.
Console> (enable) show processes cpu
CPU utilization for five seconds: 43.72%
one minute: 43.96%
five minutes: 34.17%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
--- ----------- ---------- -------- ------- ------- ------- --- ---------------
1 143219346 0 0 74.28% 56.04% 65.83% -2 Kernel and Idle
3 5237943 1313358 330000 2.84% 2.00% 2.00% -2 SynConfig
13 4378417 92798429 2000 1.97% 1.00% 1.00% -2 gsgScpAggregati
19 2692969 8548403 14000 1.23% 1.00% 1.00% -2 SptBpduRx
84 6702117 92798314 9000 2.77% 2.00% 2.00% 0 Console
97 9382372 16190292 12499 4.26% 4.22% 4.31% 0 Packet forwardi
98 23438905 7904296 9352 16.64% 19.57% 17.50% 0 Switching overh
99 2271479 1443242 57968 1.19% 1.04% 0.98% 0 Admin overhead
Switching Overhead is actually a process that consists of several subprocesses. The subprocesses handle these tasks:
Address learning for new MAC addresses
Note: MAC address learning is also called path setup.
Normal host entry aging, as well as fast aging, due to the reception of STP Topology Change Notification (TCN) bridge protocol data units (BPDUs)
Packet processing for control traffic, such as STP BPDUs, CDP, VTP, DTP, and PAgP
Packet processing for management traffic, such as Telnet, SNMP, and HTTP, as well as broadcast and multicast packets in the sc0 or me1 subnets
Admin Overhead is a process for switch hardware management. Admin Overhead handles these tasks:
As the Typical show processes cpu Command Utilization section of this document mentions, the typical CPU utilization on Catalyst 4500/4000 series switches is higher than on other CatOS-based switches. These other switches include the Catalyst 5500/5000 and 6500/6000.
However, in some cases, the Supervisor Engine CPU utilization can exceed this expected range. CPU utilization can exceed the typical ranges on the switch for these reasons:
Address learning—The first frame in any flow from a source MAC address to a destination MAC address is redirected to the Supervisor Engine CPU. With this redirection, address learning can occur. Once the CPU sets up the path in hardware, subsequent frames that use the same source and destination MAC addresses are switched in hardware. The CPU has no involvement. Therefore, if the CPU must learn a large number of MAC addresses in a short period of time, the CPU utilization can rise. Utilization rises during setup of the paths. The switch needs to learn a large number of MAC addresses in a short period at, for example, the start of the business day or right after lunch. At these times, many users power up their systems or log in to the network.
STP TCNs in the network—TCN BPDUs cause the switch to perform fast aging on MAC addresses that the switch has learned. As a typical result, many frames are sent to the CPU for address learning and path setup. Therefore, you must find the root cause of the TCNs and prevent the occurrence. These are some possible causes:
The receipt of excessive broadcast traffic on the management interfaces (sc0 or me1)—Broadcasts in the management subnets/VLAN must be raised high enough up the protocol stack on the switch to determine if the Supervisor Engine is the intended recipient of the traffic. Examples of traffic that can increase CPU utilization on the switch include:
Internetwork Packet Exchange (IPX) Routing Information Protocol/Service Advertising Protocol (RIP/SAP)
AppleTalk control traffic
Broadcast Network Basic Input/Output System (NetBIOS) frames
Legacy IP applications that use broadcast
Excessive management traffic—Certain management traffic can cause high CPU utilization on the switch. Particularly frequent SNMP polling is an example.
Software switched traffic—When you use the Layer 3 module, remember that all traffic that reaches the router on the native VLAN is routed in software. This situation has an adverse effect on the performance of the switch. The microcode on the WS-X4232-L3 does not process 802.1Q packets that come in on the native VLAN without tags. Instead, the packets go to the CPU, and the CPU processes the packets. This process results in high CPU utilization if the CPU receives packets without tags at a high rate on the native VLAN subinterfaces. Therefore, create a dummy VLAN (which does not contain any user traffic) as the native VLAN.
Note: Create a dummy VLAN as the native VLAN on the trunk links between the router and the switch. The CPU routes in software all the traffic that sends on the native VLAN, which has an adverse effect on the performance of the switch. Create an additional VLAN that you do not use anywhere else in the network and make this VLAN the native VLAN for the trunk links between the router and the switch.
Another misconception is that ping response latency is the result of high CPU utilization on the switch Supervisor Engine. The response latency occurs when you ping the switch sc0 interface. Response latency is more than 10 ms.
Internet Control Message Protocol (ICMP) request and reply processing is a low-priority task on the Supervisor Engine. Many more-important tasks have precedence over ping response generation. Therefore, ping response times of 7–10 ms are typical, even on a completely idle switch. On a particularly busy switch, response times can be even longer.
However, pings through the switch are typically forwarded in hardware. In these cases, the switch sees the ICMP echo request and reply as simply data frames. The response latency consists of:
The round-trip forwarding delay through the switch
This is usually a very short delay, in the order of microseconds.
The latency of the IP stacks in the process and response to the ping requests and replies
Any other delay in the network that the ICMP packets must traverse
An example of such delay is multiple router hops.
Unnecessary IP redirects due to extensive use of static routing
The Supervisor Engine CPU utilization does not reflect the hardware forwarding performance of the switch. Still, you must baseline and monitor the Supervisor Engine CPU utilization.
Baseline the Supervisor Engine CPU utilization for the switch in a steady state network with normal traffic patterns and load.
Note which processes generate the highest CPU utilization.
When you troubleshoot CPU utilization, consider these questions:
Which processes generate the highest utilization? Are these processes different from your baseline?
Is the CPU consistently elevated, over the baseline? Or are there spikes of high utilization, then a return to the baseline levels?
Are there TCNs in the network? Or are the redundant links properly configured with spanning tree parameters to avoid loops?
Note: Flapping ports or host ports with STP PortFast disabled cause TCNs.
Is there excessive broadcast or multicast traffic in the management subnets/VLAN?
Is there excessive management traffic, such as SNMP polling, on the switch?
If possible, isolate the management VLAN from the VLANs with user data traffic, particularly heavy broadcast traffic.
Examples of this type of traffic include IPX RIP/SAP, AppleTalk, and other broadcast traffic. Such traffic can impact the Supervisor Engine CPU utilization and, in extreme cases, can interfere with the normal operation of the switch.
Consider a switch upgrade.
For Catalyst 4500/4000 series Supervisor Engines and switches that run CatOS, consider a switch upgrade to release 5.5(7) or later.
These releases integrate several CPU-related optimizations, particularly in the area of the Switching Overhead subprocesses.
In CatOS release 6.4.4 and later, there is an extension of the management request timeout period. The timeout period extension can prevent many transient control packets timeouts that a busy CPU can cause.
Note: Releases 6.1(1) and later support the Catalyst 2980G-A.