10-02-2007 09:23 AM - edited 03-11-2019 04:19 AM
Hi,
I have PIX 515UR Ver 7.2(2), the unit has 256 MB memory.
I find that the CPU usage is showing constantly around 80% during day time usage.
The ?sh proc? and '?sh proc cpu-hog? output shows that 'dispatch unit' takes up most of the cpu. See below:
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 89%; 1 minute: 85%; 5 minutes: 83%
------------------ show cpu hogging process ------------------
Process: Dispatch Unit, NUMHOG: 1, MAXHOG: 356, LASTHOG: 360
LASTHOG At: 16:36:44 UTC Oct 1 2007
PC: 1044803
Traceback: 89e435 89eac9 2f47e2 2f4c69 2ed253 74bbd7 7411ce
c3a905 c3ae4f c3b334 740fab 74bf38 77b2f6 74e04d
------------------ show process ------------------
PC SP STATE Runtime SBASE Stack Process
Mwe 00c72c7c 01caa320 013a9360 9 016f63a0 15616/16384 emweb/cifs
Lwe 001071fc 01729db4 013a93d0 0 01727de0 8132/8192 block_diag
Mrd 002190dc 01b5adfc 013a9470 32179294 01b52e78 26104/32768 Dispatch Unit
I restarted the unit but it comes back to same status during day time. Please advise what could be the reason of such high cpu utilization by ?dispatch unit? process and how to rectify the issue.
Thanks
Khalid
Solved! Go to Solution.
10-02-2007 08:41 PM
Dispatch Unit handles the general processing of packets, along with the handing off of layer-7 inspected packets to the relevant inspection engine. If this is high you're most probably inspecting too many packets at layer-7, so look at what protocols you have "inspect ..." statements for, then try to figure out if you're sending too much traffic to them. "sho service-policy" on a 7.x/8.x PIX will give you an idea of the amount of traffic each inspection engine is seeing.
Other than that it may just be that you're hammering this PIX with too many packets. Do a "sho traffic" to get an idea of how much traffic is passing through the interfaces, and make sure you're not over-running the device. A 515 (non-E) can only handle about max 100Mbps of throughput, much less if you're inspecting a lot of it or encrypting, etc.
Also have a read of http://www.cisco.com/warp/public/110/pixperformance.html as it may give you a few ideas.
10-02-2007 08:41 PM
Dispatch Unit handles the general processing of packets, along with the handing off of layer-7 inspected packets to the relevant inspection engine. If this is high you're most probably inspecting too many packets at layer-7, so look at what protocols you have "inspect ..." statements for, then try to figure out if you're sending too much traffic to them. "sho service-policy" on a 7.x/8.x PIX will give you an idea of the amount of traffic each inspection engine is seeing.
Other than that it may just be that you're hammering this PIX with too many packets. Do a "sho traffic" to get an idea of how much traffic is passing through the interfaces, and make sure you're not over-running the device. A 515 (non-E) can only handle about max 100Mbps of throughput, much less if you're inspecting a lot of it or encrypting, etc.
Also have a read of http://www.cisco.com/warp/public/110/pixperformance.html as it may give you a few ideas.
10-05-2007 07:55 AM
Hi.
I appreciate your help. I performed a show service-policy and saw
a ton of hits/drops on the DNS inspection entry. I removed the policy
which did not help at all. So I fired up a sniffer and DNS was over 50%
of the packets. We couldn't isolate any issue on the DNS server, and
every time we reset the process, the problem would return in an hour or
so... so we finally reboot the DNS server and we haven't seen any
trouble since.
Kymalik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide