PIX CPU usage is high

Unanswered Question
Sep 17th, 2007
User Badges:

Customer is saying that cpu usage is at about 85%. Researching docs about CPU usage in the pix, I found that some itens may be verified like "show xlate count", but I doesn't say what is the normal value for it. Another says to check that "memory block" is normal, but what is "normal"? What else can I do to troubleshoot the cpu usage?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rajbhatt Mon, 09/17/2007 - 23:01
User Badges:


WHat IOS (finesse) ver u are running ?

Plz check that memory block should not be 0 for 15 sec(otherwise it will cause failover)

Have u recently added any servers or services through the pix ?

Do u have huge number of ACLS are they complied?

Depending on the connection u can see if the xlate count is very big .

Also verify the sh conn and sh conn count to see if there is any attack.

Also check for output of sh proc to see if a particular process is eating up the memory

Check for interface errors .

Also check for asa drops .

Also verify the logging levels .It should not be set over level 5.

Verify the syslog entries to see any abnormal logs.

This should guide u to give a fair idea what is making the cpu to spike


luizsergiosantos Thu, 09/20/2007 - 13:28
User Badges:

Hello Raj,

I did exactly you said, but the problem is still the same. The version of the pix is 6.5.



arburt Thu, 09/20/2007 - 17:14
User Badges:


There's no version 6.5.

Did you mean version 6.3(5)



arburt Tue, 09/18/2007 - 17:56
User Badges:


Do the ff.

1. sh cpu usage (if cpu utilization is high, proceed to number 2)

2. cpu profile activate 5000 (use #3 to see the status of the cpu profiling)

3. show cpu profile

4. clear cpu profile

5. sh proc (wait for 1 minute, then issue the same command)

Send this to cisco tac so that they can decode the cause of high cpu. From there tac or this forum can recommend properly.



jon.humphries Thu, 09/20/2007 - 15:22
User Badges:


I concur with what has already been said, however I have seen these issues with bug's in the IOS. You should try updating or downgrading incase a recent config change has caused a caveat to trigger.

It could be a virus generating large amounts of traffic, or simply the fact that there is high utilization of the pix, as regards users.

Have you checked to see if any debugs or captures are running ?

Try undebug all. There are lots of things it could be, you can always paste the config into here and we can take a look to see if anything abnormal has been switched on.


Jon Humphries

luizsergiosantos Thu, 09/20/2007 - 15:34
User Badges:

Thanks Jon, upgrading the IOS is a problem right now, we need to plan it. About the debug I'm going to double check it.

arburt Thu, 09/20/2007 - 17:10
User Badges:


Post the pixos version and the top 5 processes using the 'show proc' command.

With the detail above, we can avoid the shot-in-the-dark approach of solving the issue.




This Discussion