S-Series: High CPU (switch packet processing) when a GRE tunnel traverses the switch (source and dest elsewhere) and netflow is enabled
High CPU ( Switch Packet Processing task runs up to the max of 60% )
Large number of flows on port where GRE tunnel enters the switch ( up to 500,000 )
potential dropped frames
GRE Tunnel traverses through the switch or Vxlan
The issue can happen if there is a GRE tunnel traversing the switch toward Purview and a lot of customer traffic mirrored within that tunnel. It may or may not show symptoms dependent on the amount of traffic in the tunnel.
Enabling netflow leads to building of flows past tunnel headers (Vxlan, GRE, MPLS, Mac in Mac, etc) to the inner customer headers and netflow records are exported for the inner headers. In some environments that may lead negative consequences like exceeding flow limits, high CPU usage, and dropped packets.
Upgrade to Firmware 8.63.01
In this version a new CLI command has been added to give user control over whether flows are built past tunnel headers (and netflow records exported for inner headers). You can then configure:
set netflow export-inner-headers disable
Try removing Netflow configuration from the switch. If the CPU drops then you can work around by keeping netflow disabled until you can upgrade