Hi all,

Our usually rock-solid 3900 has become unreliable of late. Last week it randomly stopped responding and needed to be rebooted. I briefly caught a glimpse in the syslog of high CPU load. It's done it again today, and the syslog reads:

cmm: [cmm] err 12: Cannot allocate memory ? sned signal to restart cmm...

But, below this are lots of these:

FPP detect flooding from LAN port (10) LAN 1

Sometimes the above suggests messages suggest flooding on the WAN port too.

I believe this flooding is causing the high CPU/memory load and is then causing the router to crash. The traffic is genuine traffic though. Is there a way to turn the FPP detect off? Or decrease the triggering threshold? Or have we just outgrown our trusty 3900 and need something bigger?

Any ideas ??

We had similar problems with our 3900 last year. Our 3900 also used to take a good 5-10 minutes to reboot / boot fully - it was painful.

We replaced it with a 2960 which has worked perfectly.

The problematic 3900 was factory reset and worked perfectly at another site which makes think that ultimately it was a problem with the config (it had been iterated on over many years and firmware updates)

I hate suggest it but I'd say take a backup config, factory reset it, make sure you're on the latest firmware and then build your config up again (there'll probably be plenty of room for streamlining rules etc) and monitor from there.

At least you'll rule out a software issue and it's more likely to be hardware at that point.

The FPP is the packet processing system. It should indicate that there's more traffic it can handle on that specific LAN interface. If you've got routed networks, or a lot of LAN traffic routing through the switch, you can use "Routing > Fast Route" to lighten the load for traffic going between two LAN subnets. The "NAT > Fast NAT" does the same for outgoing traffic i.e. a specific LAN IP going out through WAN2.
That could potentially improve your router's loading / resolve the FPP flooding issue.

admin3 wrote:
The FPP is the packet processing system. It should indicate that there's more traffic it can handle on that specific LAN interface. If you've got routed networks, or a lot of LAN traffic routing through the switch, you can use "Routing > Fast Route" to lighten the load for traffic going between two LAN subnets. The "NAT > Fast NAT" does the same for outgoing traffic i.e. a specific LAN IP going out through WAN2.
That could potentially improve your router's loading / resolve the FPP flooding issue.

Thank you for both replies, in particular this one. We have several IPSec profiles connecting our branch offices so I will look at adding these subnets to the Fast Routes.