DHCPD Receive maxing CPU?
Hey guys,
I have a Cisco 1700 at a remote site (frame-relay) that is using ip helper to one of our servers. It's sending requests non-stop causing the CPU to be around 75% and causing their line to be soaked up. If I take out the ip helper command the cpu drops back down to around 5% and the bandwidth seems to free up.
I've tried doing ip accounting on both interfaces but I don't see anything helpful or referencing the DHCP server's IP.
Any ideas for narrowing it down to a client PC or device that may be spamming dhcp requests? could it be the router itself?
Thanks,
Dan
I have a Cisco 1700 at a remote site (frame-relay) that is using ip helper to one of our servers. It's sending requests non-stop causing the CPU to be around 75% and causing their line to be soaked up. If I take out the ip helper command the cpu drops back down to around 5% and the bandwidth seems to free up.
I've tried doing ip accounting on both interfaces but I don't see anything helpful or referencing the DHCP server's IP.
Any ideas for narrowing it down to a client PC or device that may be spamming dhcp requests? could it be the router itself?
Thanks,
Dan
Progress: CCIE RS Lab scheduled for Jan. 2012
Equipment: Cisco 360 program racks
Equipment: Cisco 360 program racks
Comments
-
maquesad
Member Posts: 12 ■□□□□□□□□□
I am not really sure what could be the issue but maybe this can help. The ip helper whats is going to do is send the broadcast packets
to all the destinations. If you have a bunch of ip helper every single one will be a process that is going to use memory.
Your process is checking every packet several time to each ip helper thats the main reasson the cpu is getting really high.
I think that there is no other way to send broadcast across the network so I cannot think of any possible solution but anyway I hope this helps. -
kryolla
Member Posts: 785
setup an ACL to allow DHCP requests and log input which will tell you the mac address. Also you can rate-limit the outbound requestStudying for CCIE and drinking Home Brew -
accely
Member Posts: 101
well I made an ACL like this
Extended IP access list DHCP_LOG
40 permit udp any any eq bootpc log-input
50 permit udp any any eq bootps log-input
60 permit ip any any
and turned ip helper back on, but it seems the spam is gone. maybe because i had it off for a few hours.
So, nothing logged (matched) against line 40 or 50, but if it had, would it have been visible in the log buffer with show logging?
Progress: CCIE RS Lab scheduled for Jan. 2012
Equipment: Cisco 360 program racks -
kryolla
Member Posts: 785
well I made an ACL like this
Extended IP access list DHCP_LOG
40 permit udp any any eq bootpc log-input
50 permit udp any any eq bootps log-input
60 permit ip any any
and turned ip helper back on, but it seems the spam is gone. maybe because i had it off for a few hours.
So, nothing logged (matched) against line 40 or 50, but if it had, would it have been visible in the log buffer with show logging?
yeah put an entry for ICMP and send a ping to verifyStudying for CCIE and drinking Home Brew -
accely
Member Posts: 101
that's what i was thinking of doing, thanksyeah put an entry for ICMP and send a ping to verify
Progress: CCIE RS Lab scheduled for Jan. 2012
Equipment: Cisco 360 program racks
