BGP Scanner
High CPU due to BGP Scanner
High CPU due to the BGP scanner process can be expected for short durations on a router carrying a large Internet routing table. Once a minute, BGP scanner walks the BGP RIB table and performs important maintenance tasks. These tasks include checking the next-hop referenced in the router's BGP table and verifying that the next-hop devices can be reached. Thus, a large BGP table takes an equivalently large amount of time to be walked and validated.
Because the BGP Scanner process runs through the entire BGP table, the duration of the high CPU condition varies with the number of neighbors and the number of routes learned per neighbor. Use the show ip bgp summary and show ip route summary commands to capture this information.
The BGP scanner process walks the BGP table to update any data structures and walks the routing table for route redistribution purposes. (In this context, the routing table is also known as the routing information base (RIB), which the router outputs when you execute the show ip route command). Both tables are stored separately in the router's memory and can be very large, thus consuming CPU cycles.
The following sample output of the debug ip bgp updates command captures an execution of BGP scanner, which starts scanning at the lowest numbered prefix or 0.0.0.0.
router#
2d17h: BGP: scanning routing tables
2d17h: BGP: 3.0.0.0 computing updates, neighbor version 8,
table version 9, starting at 0.0.0.0
2d17h: BGP: 3.0.0.0 update run completed, ran for 0ms, neighbor
version 8, start version 9, throttled to 9, check point net 0.0.0.0
2d17h: BGP: 4.0.0.0 computing updates, neighbor version 8,
table version 9, starting at 0.0.0.0
2d17h: BGP: 4.0.0.0 update run completed, ran for 4ms, neighbor
version 8, start version 9, throttled to 9, check point net 0.0.0.0
router#
While BGP scanner runs, low priority processes need to wait a longer time to access the CPU. One low priority process controls Internet Control Message Protocol (ICMP) packets such as pings. Packets destined to or originated from the router may experience higher than expected latency since the ICMP process must wait behind BGP scanner. The cycle is that BGP scanner runs for some time and suspends itself, and then ICMP runs. In contrast, pings sent through a router should be switched via Cisco Express Forwarding (CEF) and should not experience any additional latency. When troubleshooting periodic spikes in latency, compare forwarding times for packets forwarded through a router against packets processed directly by the CPU on the router.
Note: Ping commands that specify IP options, such as record route, also require direct processing by the CPU and may experience longer forwarding delays.
Use the show process | include bgp scanner command to see the CPU priority. The value of "Lsi" in the following sample output uses "L" to refer to a low priority process.
6513# show processes | include BGP Scanner
172 Lsi 407A1BFC 29144 29130 1000 8384/9000 0 BGP Scanner