This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

High CPU on subnet scan

High CPU on subnet scan

jeronimo
Contributor III

yesterday - last edited yesterday

Hello,

I would like to understand why a network scan (nmap doing a ping scan) going to a L2VSN could cause control plane to exhibit high CPU.

Obviously we see a lot of ARPs here (broadcast) as the firewall interface toward destination LAN tries to resolve members of the scanned subnet (here: /21).

All switches which have an endpoint configured in that i-sid (flex-uni) experience high CPU in bcmINTR process and also messages about CPP Tx queue getting saturated.

We do use arp inspection but the NNI is explicity set to trusted. The fabric switches themselves do not have an IP interface in that VLAN, it's all L2VSN with flex-uni.

Why is this kind of traffic affecting the control plane so much? (tried on 5520 running FE 8.10.3.0 and 9.1.3.0)

Thx

1 2025-10-10T22:55:20.893+02:00 XXX CP1 - 0x0002474c - 00000000 GlobalRouter CPU INFO CPP: 60 percent of fbufs are in use: 1829 in Tx queue, 13 in RxQueue0 0 in RxQueue1 0 in RxQueue2 0 in RxQueue3 0 in RxQueue4 0 in RxQueue5 0 in RxQueue6 0 in RxQueue7  Pkts in Q0 (type): 13(10)

...

Sat Oct 11 2025 02:17:22.785013 1 cpp.c :6081[lcy-te][1154-1742]cbcp-main.x:cppProcRxFrame :CPP: cppProcRxFrame: dst=ff-ff-ff-ff-ff-ff src=00-09-0f-09-02-1e typ=0806 IP OR ARP len=56 arrived from 04-01:02:03:04:05:06 updated_port=TX-NNI vid=0x19d pid=2 code=0000 qos=0 PEH 0x019d0000, PktProcCode 0

Sat Oct 11 2025 02:17:22.785074 1 cpp.c :1595[lcy-ve][1154-1742]cbcp-main.x:cppTxFrame :CPP: cppTxFrame: dst=ff-ff-ff-ff-ff-ff src=00-09-0f-09-02-1e typ=0806 port 1/1 pid=2
Sat Oct 11 2025 02:17:22.785120 1 cpp.c :1595[lcy-ve][1154-1742]cbcp-main.x:cppTxFrame :CPP: cppTxFrame: dst=ff-ff-ff-ff-ff-ff src=00-09-0f-09-02-1e typ=0806 port 1/2 pid=2
Sat Oct 11 2025 02:17:22.785192 1 cpp.c :1595[lcy-ve][1154-1742]cbcp-main.x:cppTxFrame :CPP: cppTxFrame: dst=ff-ff-ff-ff-ff-ff src=00-09-0f-09-02-1e typ=0806 port 1/3 pid=2
Sat Oct 11 2025 02:17:22.785229 1 cpp.c :1595[lcy-ve][1154-1742]cbcp-main.x:cppTxFrame :CPP: cppTxFrame: dst=ff-ff-ff-ff-ff-ff src=00-09-0f-09-02-1e typ=0806 port 1/4 pid=2
Sat Oct 11 2025 02:17:22.785265 1 cpp.c :1595[lcy-ve][1154-1742]cbcp-main.x:cppTxFrame :CPP: cppTxFrame: dst=ff-ff-ff-ff-ff-ff src=00-09-0f-09-02-1e typ=0806 port 1/6 pid=2

 

0 Kudos
2 REPLIES 2

Roger_Lapuh
Extreme Employee

6 hours ago

Please open a ticket so this can be analyzed.

Thanks Roger

0 Kudos

jeronimo
Contributor III
In response to Roger_Lapuh

4 hours ago

Does that mean it is not normal and should be treated in hardware and not hitting CPU?

0 Kudos
GTM-P2G8KFN