Mon Jul 20, 2020 1:29 am
based on your ROS release I'd assume this setup has been in production for some time.
band-aid suggestions:
switch on fastpath, yes you have to remove firewall-policies, also make sure your ip services are secured.
as your network processing load seems incredibly high I'd suspect some kind of looping and/or broadcast-storming happening.
if possible enable loop-protection on your interfaces - always mind yourself you could lock yourself out if you have no dedicated management-port to connect to this box. if you use bridges look into spanning tree options;
I've never seen this kind of load at 10G bandwidth, therefore I'm quite surprised.
if you're running IPv6 and have several /64 or smaller prefixes locally terminated someone could theoretically fill your cores with neighbor discoveries (though I believe there should already protections be in place for this, but I'm not sure sorry), in the end if nothing else helps you could try disabling ipv6 addresses from your local interface and see if this works, but I seriously believe you have something looping in your network.