Исходное сообщение
"Загрузка Cisco при VPN, PPoE и NAT" Отправлено Alx, 28-Сен-08 13:27
Доброго дня! Столкнулся с проблемой - загрузка CPU на роутере 3825 подпрыгивает до 95%. В принципе и трафика через неё проходит ~ 50 Мбит (где-то 35 в одну и остаток в обратную). Хотелось бы понять причину - некорректная настройка либо достигнут предел производительности. Конфиг привожу ниже. Может можно еще что-нить "подкрутить"? На ней VPN (порядка 180-190 сесский), PPoE (пока 40, но будет больше, на VPN больше не сажаем людишек) и NAT. На кошке стоит AIM-VPN/SSL-3 модуль. Output Command base-URL was: /level/15/exec/- Complete URL was: /level/15/exec/-/sh/run/CR Command was: sh run Building configuration... Current configuration : 6713 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption no service dhcp ! hostname Christie ! boot-start-marker boot-end-marker ! no logging buffered no logging console enable secret 5 fdgvcbERfgvc. enable password 7 fdgvcbERfgvc ! aaa new-model ! aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default local group radius aaa accounting delay-start aaa accounting network default start-stop group radius ! aaa attribute list mitya_ip   attribute type addr 176.165.130.8 service ppp protocol ip ! aaa session-id common ! resource policy ! clock timezone Riga 2 clock summer-time Riga date Mar 30 2003 3:00 Oct 26 2003 4:00 no ip source-route ip icmp rate-limit unreachable DF 1 ip wccp web-cache redirect-list fwrSquid ! ip cef ! ip domain name sky ip rcmd rsh-enable ip rcmd remote-host mitya 10.10.254.1 root enable vpdn enable ! vpdn-group test ! Default L2TP VPDN group   accept-dialin     protocol l2tp     virtual-template 1   no l2tp tunnel authentication   ip mtu adjust ! voice-card 0   no dspfarm ! no spanning-tree vlan 193 no spanning-tree vlan 254 username mitya privilege 15 secret 5 fdgvcbERfgvc username mitiya privilege 0 password 7 fdgvcbERfgvc username mitiya aaa attribute list mitya_ip ! ! crypto keyring VPN     pre-shared-key address 10.10.0.0 255.255.0.0 key skyinet ! crypto isakmp policy 10   encr 3des   hash md5   authentication pre-share   group 2   lifetime 3600 ! ! crypto ipsec transform-set test esp-3des esp-sha-hmac   mode transport ! crypto dynamic-map dyn-test 10   set transform-set test ! ! crypto map test 10 ipsec-isakmp dynamic dyn-test ! bba-group pppoe global   virtual-template 2   sessions max limit 500   ac name nas1   sessions per-mac limit 1   sessions per-vlan limit 500   sessions auto cleanup ! ! interface GigabitEthernet0/0   ip address 78.122.134.46 255.255.255.252   ip nat outside   ip virtual-reassembly   ip route-cache policy   duplex auto   speed auto   media-type rj45 ! interface GigabitEthernet0/1   ip address 192.168.7.254 255.255.255.0 secondary   ip address 10.10.1.249 255.255.255.0 secondary   ip address 192.168.234.254 255.255.255.252 secondary   ip address 192.168.0.254 255.255.255.0 secondary   ip address 10.10.21.254 255.255.255.0   no ip redirects   ip nat inside   ip virtual-reassembly   duplex auto   speed auto   media-type rj45   pppoe enable group global   no keepalive   fair-queue 100 256 0   crypto map test ! interface FastEthernet0/0/0   switchport access vlan 193 ! interface FastEthernet0/0/1   switchport access vlan 254 ! interface FastEthernet0/0/2   switchport access vlan 193 ! interface FastEthernet0/0/3   switchport access vlan 254 ! interface Virtual-Template1   ip unnumbered GigabitEthernet0/0   ip mtu 1420   ip flow ingress   ip flow egress   ip tcp adjust-mss 1380   no logging event link-status   peer default ip address pool vpnpool   ppp mtu adaptive   ppp authentication ms-chap-v2 ! interface Virtual-Template2   mtu 1492   ip unnumbered GigabitEthernet0/1   ip wccp web-cache redirect in   ip flow ingress   ip flow egress   ip tcp adjust-mss 1452   no logging event link-status   autodetect encapsulation ppp   peer default ip address pool vpnpool   ppp max-bad-auth 3   ppp authentication chap radius   ppp authorization radius   ppp timeout retry 3   ppp timeout authentication 45   ppp timeout idle 3600 ! interface Vlan1   no ip address   no ip redirects ! interface Vlan193   ip address 176.165.130.1 255.255.255.0 ! interface Vlan254   ip address 10.10.254.254 255.255.255.0 ! router bgp 34990   no synchronization   bgp router-id 176.165.130.1   bgp log-neighbor-changes   network 176.165.130.0   neighbor 78.122.134.45 remote-as 21219   neighbor 78.122.134.45 description Datagroup   neighbor 78.122.134.45 prefix-list defonly in   no auto-summary ! ip local pool vpnpool 176.165.130.20 176.165.130.254 ip route 10.10.0.0 255.255.0.0 10.10.1.252 ip route 192.168.0.0 255.255.255.0 10.10.1.254 ip route 192.168.1.0 255.255.255.0 10.10.1.252 ip route 176.165.130.0 255.255.255.0 Null0 200 ! ip flow-cache timeout active 1 ip flow-export version 5 ip flow-export destination 10.10.254.1 9996 ! no ip http server ip http authentication local ip http secure-server ip nat pool NATOVERLOAD 78.122.134.46 78.122.134.46 prefix-length 30 ip nat inside source list 50 pool NATOVERLOAD overload ip nat inside source static 10.10.21.190 176.165.130.9 ! ip access-list standard fwrSquid   permit 176.165.130.135   permit 10.10.21.190 ! ip prefix-list defonly seq 5 permit 0.0.0.0/0 logging 10.10.251.1 access-list 50 permit 192.168.234.253 access-list 50 permit 10.10.254.1 snmp-server community fddfsgvcbERfgvc RO 50 no cdp run ! radius-server host 10.10.254.1 auth-port 1812 acct-port 1813 key 7 fxvcxgfdgxcvxcvv ! control-plane ! line con 0 line aux 0 line vty 0 4   transport input telnet ssh   escape-character 3 ! scheduler allocate 20000 1000 ! end sh proc cpu sort 5min CPU utilization for five seconds: 71%/63%; one minute: 70%; five minutes: 70%   PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process   100 27139760 32226493 842 4.34% 4.25% 3.58% 0 IP Input   266 17376144 1385398 12542 1.06% 0.93% 0.91% 0 IP NAT Ager     17 7520056 19326731 389 0.73% 0.74% 0.76% 0 ARP Input   281 4412144 28132254 156 0.32% 0.28% 0.25% 0 NAT MIB Helper   270 848660 12856338 66 0.24% 0.25% 0.24% 0 PPP Events   269 392408 12784281 30 0.16% 0.16% 0.16% 0 PPP manager   259 800288 5798493 138 0.16% 0.14% 0.16% 0 L2X Data Daemon       5 1359396 73158 18581 0.00% 0.13% 0.15% 0 Check heaps     37 957788 175272 5464 0.24% 0.13% 0.12% 0 Net Background     85 55104 4613 11945 0.00% 0.00% 0.10% 578 SSH Process   282 271004 12564683 21 0.16% 0.12% 0.10% 0 RADIUS     46 525092 82172 6390 0.08% 0.08% 0.08% 0 Compute load avg   127 436252 644521 676 0.08% 0.08% 0.08% 0 CEF process     41 328120 410625 799 0.08% 0.08% 0.08% 0 Per-Second Jobs       2 69996 82108 852 0.00% 0.06% 0.07% 0 Load Meter   224 126308 2052040 61 0.08% 0.05% 0.06% 0 Atheros LED Ctro   217 503100 582071 864 0.00% 0.06% 0.05% 0 Crypto IKMP   161 97896 4042722 24 0.08% 0.04% 0.02% 0 RBSCP Background   284 265360 17022 15589 0.00% 0.03% 0.00% 0 VTEMPLATE Backgr   283 84920 27368 3102 0.08% 0.00% 0.00% 0 BGP Scanner   148 41476 6842 6061 0.08% 0.00% 0.00% 0 IP Cache Ager     40 8108 410035 19 0.08% 0.00% 0.00% 0 TTY Background     78 5148 410541 12 0.08% 0.00% 0.00% 0 Crypto Device Up