CallManager 4.x: Troubleshooting High CPU Utilization

Aupair.exe

In the Cisco CallManager 4.x cluster, aupair.exe causes high CPU utilization on the Cisco

CallManager subscriber server. The Cisco Database Layer Monitor service (aupair.exe) monitors aspects of the database layer as well as CDRs. The database layer comprises a set of dynamic link libraries (DLLs) that provides a common access point for applications that need to access the database to add, retrieve, and change data.

Solution

Complete these steps in order to resolve this issue:

1. Restart the CDR Insert service on the publisher.

2. Restart the Database Layer Monitor service and the RIS Collector service on both the publisher and subscriber.

3. Use DBLHelper to reestablish a broken Cisco CallManager Cluster SQL Subscription.

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00807f32e9.shtml#au

081202

Digital Signal 1 (DS1)

signaling scheme devised by Bell Labs.
A DS1 circuit is made up of 24 8-bit channel (also know as time slots or DS0). 8-KHz PCM sampling
(8000 sampling per second and 8 bit for each sample)
8 x 8000 = 64Kbps
=> (24 channel multiplexed together in a physical line)
64K x 24 = 1536Kbps
=> (plus 1 framing bit for each sample)
1536 + 8000 = 1544Kbps = 1.544kbps

http://en.wikipedia.org/wiki/Digital_Signal_1#Origin_of_Name

NEBS (Network Equipment Building System)

NEBS is a set of technical requirements with one basic purpose: to make network switches bulletproof. The standard was developed internally at Bell Labs - and later, at Bellcore (now Telcordia Technologies) - in the days when it was the "deep think" part of the Bell Telephone system (and you thought it only helped bring us Unix!) Does it work? You bet.

http://www.networkworld.com/details/5901.html

http://www.pcmag.com/encyclopedia_term/0,2542,t=NEBS+compliant&i=47722,00.asp

http://www.ce-mag.com/archive/03/03/nebs.html

Cisco ASA 5505 vs Juniper SSG 5

http://www.bluetrait.com/archive/2008/02/21/cisco-asa-5505-vs-juniper-ssg-5/

Deep Inspection

http://en.wikipedia.org/wiki/Deep_packet_inspection

Deep packet inspection (DPI) (or sometimes complete packet inspection) is a form of computer network packet filtering that examines the data and/or header part of a packet as it passes an inspection point, searching for non-protocol compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.[1]
...
DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures as well as the actual payload of the message. The DPI will identify and classify the traffic based on a signature database that includes information extracted from the data part of a packet, allowing finer control than classification based only on header information.


http://www.ranum.com/security/computer_security/editorials/deepinspect/index.html

What is "Deep Inspection"(DI) anyhow? According to NetScreen, DI firewalls "use an Attack Object Database to store protocol anomalies and attack patterns (sometimes referred to as signatures), grouping them by protocol and security level (severity)" Packet processing is typically described as "performing application level checks as well as stateful inspection." In other words, a "Deep Inspection" is just a catchy marketing term for a stateful packet inspection firewall with some IDS signatures and some application protocol anomaly detection rules. It is important to understand that a "Deep Inspection" firewall is going to provide all of the protections of a stateful firewall, as well as whatever signatures are loaded into it.

IMIX traffic

a mix of packet sizes, representing Internet mix traffic (IMIX). This is a deterministic way of simulating real network traffic according to the frame size usage.

This traffic distribution, often referred to as'IMIX traffic', contains a mixture of frame sizes in a ratio to each other and provides the best approximation of the overall composition of frame sizes observed in the real Internet.

http://www.lightreading.com/document.asp?doc_id=63606&page_number=3&site=testing

http://209.85.175.104/search?q=cache:geTkOwcySLsJ:advanced.comms.agilent.com/n2x/docs/whitepapers/pdfs/core_router.pdf+IMIX+traffic&hl=en&ct=clnk&cd=2&gl=hk&client=firefox-a

NTP stratum

What is Stratum 1?

In the world of NTP, stratum levels define the distance from the reference clock. A reference clock is a stratum-0 device that is assumed to be accurate and has lttle or no delay associated with it. The reference clock synchronizes to the correct time (UTC) using long wave radio signals, GPS transmissions, CDMA technology or other time signals such as WWV, DCF77, etc. Stratum-0 servers cannot be used on the network, instead, they are directly connected to computers which then operate as stratum-1 servers.

A server that is directly linked to a stratum-0 device is called a stratum-1 server. This includes all time servers with built-in stratum-0 devices and those with direct links to stratum-0 devices such as over an RS-232 connection or via an IRIG-B time code. The basic definition of a stratum-1 time server is that it be directly linked (not over a network path) to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions. A stratum-1 time server acts as a primary network time standard.

Higher stratum levels are distanced from the stratum-1 server over a network path. Thus, a stratum-2 server gets its time over a network link, via NTP, from a stratum-1 server. A stratum-3 server gets its time over a network link, via NTP, from a stratum-2 server, and so on.

As you progress through different strata there are network costs involved that reduce the accuracy of the NTP server in relation to UTC. A stratum-1 time server will typically have less than 1 millisecond (ms) accuracy to UTC, depending on its reference clock. On the internet, because of network delays, a stratum-2 time server will have anywhere from 10-100 ms accuracy to UTC and each subsequent time server will add an additional 10-100 ms of inaccuracy.

quoted from : http://www.endruntechnologies.com/stratum1.htm