No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CPU Usage Is High

CPU Usage Is High

Common Causes

CPU usage is the percentage of the time during which the CPU executes codes to the total time period. CPU usage is an important index to evaluate device performance.

To view CPU usage, run the display cpu-usage command. If you see that CPU usage exceeds 70%, CPU usage is high. A high CPU usage will cause service faults, for example, BGP route flapping, frequent VRRP active/standby switchovers, and even failed device login.

High system CPU usage occurs when CPU usage of some tasks remains high. This fault is commonly caused by one of the following:
  • A large number of packets are sent to the CPU when loops or DoS packet attacks occur.
  • STP flapping frequently occurs and a large number of TC packets are received, causing the device to frequently delete MAC address entries and ARP entries.
  • The device generates a large number of logs, consuming a lot of CPU resources.

Troubleshooting Flowchart

Figure 13-1 shows the troubleshooting flowchart.

Figure 13-1  CPU usage is high

Troubleshooting Procedure


Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

The following procedures can be performed in any sequence.

The command output in the following procedures varies based on the device model. The following procedures describe how to view related information.


  1. Check the names of tasks with a high CPU usage.

    Run the display cpu-usage command to check the CPU usage of each task .

    Record the names of tasks with CPU usage exceeding 70%.


    CPU usage of 70% does not necessarily affect services. Services may not be affected when some tasks consume 70% of CPU resources, but may be affected when some tasks consume 30% of CPU resources. This outcome depends on the actual situation.

  2. Check whether a large number of packets are sent to the CPU.

    Run the display cpu-defend statistics command to check statistics about the packets sent to the CPU and focus on the Drop field.
    <Huawei> display cpu-defend statistics all
    Packet Type               Pass Packets        Drop Packets                      
    8021X                                0                   0                      
    arp-miss                             1                   0                      
    arp-reply                            5                   0                      
    arp-request                    1450113               25597                      
    bfd                                  0                   0                      
    bgp                                  0                   0                      
    dhcp-client                     114693              136586                      
    dhcp-server                          0                   0                      
    dns                                  0                   0                      
    fib-hit                              0                   0                      
    ftp                                717                   0                      
    fw-dns                               0                   0                      
    fw-ftp                               0                   0                      
    fw-http                              0                   0                      
    fw-rtsp                              0                   0                      
    fw-sip                               0                   0                      
    gvrp                                 0                   0                      
    http                               798                   0                      
    hw-tacacs                            0                   0                      
    icmp                                10                   0                      
    igmp                                 0                   0                      
    ipsec                                0                   0                      
    isis                                 0                   0                      
    lacp                                 0                   0                      
    lldp                             33959                   0                      
    ntp                                  0                   0                      
    ospf                              1569                   0                      
    pim                                  0                   0                      
    pppoe                                0                   0                      
    radius                               0                   0                      
    rip                                  0                   0                      
    snmp                                 0                   0                      
    ssh                                  0                   0                      
    stp                                  0                   0                      
    tcp                               7671                   0                      
    telnet                           71149                   0                      
    ttl-expired                        656                   0                      
    udp-helper                           0                   0                      
    unknown-multicast                    6                   0                      
    unknown-packet                   94189                   0                      
    vrrp                                 0                   0                      
    • If the value of the Drop field of a certain type of packets is great and CPU usage is high, packet attacks occur. Go to step 6.
    • If the value of the Drop field is within the specified range, go to step 3.

  3. Check whether a large number of TC packets are received.

    If STP is enabled on a device, the device deletes MAC address entries and ARP entries when receiving TC-BPDUs. If an attacker sends pseudo TC-BPDUs to attack the device, the device will receive a large number of TC-BPDUs within a short period and frequently deletes MAC address entries and ARP entries. As a result, the device CPU usage becomes high.

    Run the display stp command to check statistics about the received TC packets and TCN packets.

    <Huawei> display stp interface Eth2/0/1                                       
     Port Protocol       :Enabled                                                   
     Port Role           :Designated Port                                           
     Port Priority       :128                                                       
     Port Cost(Dot1T )   :Config=auto / Active=199999                               
     Designated Bridge/Port   :4096.00e0-fc01-0005 / 128.2                          
     Port Edged          :Config=default / Active=disabled                          
     Point-to-point      :Config=auto / Active=true                                 
     Transit Limit       :147 packets/hello-time                                    
     Protection Type     :None                                                      
     Port STP Mode       :MSTP                                                      
     Port Protocol Type  :Config=auto / Active=dot1s                                
     PortTimes           :Hello 2s MaxAge 20s FwDly 15s RemHop 20                   
     TC or TCN send      :1                                                         
     TC or TCN received  :0                                                         
     BPDU Sent           :124008                                                    
              TCN: 0, Config: 0, RST: 0, MST: 124008                                
     BPDU Received       :0                                                         
              TCN: 0, Config: 0, RST: 0, MST: 0 
    • If a large number of TC packets and TCN packets are received, run the stp tc-protection command in the system view to suppress TC-BPDUs. After this command is used, only three TC packets are processed within a Hello interval by default. Run the stp tc-protection threshold command to set the maximum number of TC packets that can be processed. To change the hello interval, run the stp timer hello command.
      [Huawei] stp tc-protection
      [Huawei] stp tc-protection threshold 5
      [Huawei] stp timer hello 200
    • If a small number of TC packets are received, go to step 4.

  4. Check whether loops occur on the network.

    When multiple interfaces of a device belong to the same VLAN, if a loop occurs between two interfaces, packets are forwarded only between these interfaces in the VLAN. Consequently, CPU usage of the device becomes high.

    Run the display current-configuration command to check whether the device is enabled to generate an alarm when MAC address flapping is detected.
     loop-detect eth-loop alarm-only
    • If this function is not configured, run the loop-detect eth-loop alarm-only command to configure this function. If a loop occurs on the network, an alarm is generated when two interfaces of the device learn the same MAC address entry. For example:
      Feb 22 2011 18:42:50 Huawei L2IFPPI/4/MAC_FLAPPING_ALARM:OID mac-address has flap value .  (L2IfPort=0,entPhysicalIndex=0,  BaseTrapSeverity=4, BaseTrapProbableCause=549, BaseTrapEventType=1,  MacAdd=0000-c0a8-0101,vlanid=100,  FormerIfDescName=Ethernet1/0/0,CurrentIfDescName=Ethernet1/0/1,DeviceName=HUAWEI)
      Check the interface connection and networking information based on the alarm:
      • If no ring network is required, shut down one of the two interfaces based on the networking diagram.
      • If the ring network is required, disable loop detection and enable loop prevention protocols, such as STP.
    • If the loop-detect eth-loop alarm-only command is used on the device but no alarm is generated, go to step 5.

  5. Check whether a large number of logs are generated on the device.

    The device generates diagnostic information or logs continuously in some cases, for example, attacks occur on the device, an error occurs during device operation, or an interface frequently alternates between Up and Down states. If the storage device is frequently read or written, CPU usage becomes high.

    Run the display logbuffer command to check whether a large number of logs are generated. If a certain log is repeatedly generated, go to step 6.

  6. Collect the following information and contact technical support personnel:

    • Results of the preceding troubleshooting procedure
    • Configuration files, log files, and alarm files of the device

Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 446308

Downloads: 4301

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next