Apply to IOS Cisco gears ONLY:
Router#show processes cpu | exclude 0.00%__0.00%__0.00%
Router#show processes cpu | include CPU|IP Input
Router#show processes cpu history
Router#show processes | include ARP Input <- ARP messages orginated from router itself. There will be a lot of the ARP message sent out if router has to keep asking for Mac address of the next hop.
Router#show processes | include Net Background <- process used to create packet buffer when hardware buffer is full. If also the interfaces also loaded, it could also have this process loaded.
Router#show processes | include IP Background <- handle the configuration change for interface. Maybe a bad interface flapping up and down could cause issue.
Router#show processes | include TCP Timer <- handle the TCP session terminated on router itself. A lot of ssh/telnet/https sessions to router for management could increase the processor load.
•Check the default route setting on router. It is better to set default route to an address instead of the broadcast interface, like the fast ethernet interface, to avoid keep generating ARP Messages.
•Check the interface throttles, overruns, ignores in “show interface” command, which could increase the load.
•Run “Router#show tcp statitics” to see the statistics of connections.
•Run “Router#show tcp brief” to see sessions to router/switch as management connection.
•Hacker could generate thousands of connections to DoS of router. So put some access-list on VTY to protect remote management.
If you find the above looks familiar, study the CCNP yourself, you might write some fancier ones 🙂