08-01-2008 10:06 AM
Hi All,
PIX pair with Active/Stdby mode configured for Stateful failover stateful cable & ethernet interfaces connected via Xover cable.
It is observed that, the the Stdby PIX memory utilization is above gradually increasing (from monitoring system data- it starts at 72% and right now up to 85%)and Active is only between 30-40%.
IOS :6.3 (4). No interface drops/errors on stateful interfaces (cable looks fine).
Any suggestions, what causing the memory eatup on Stdby unit..?
Thank you in advance
MS
08-02-2008 01:51 AM
Hi,
Most probably is an PIX OS bug.
Try checking the version release notes to see if this bug is noted and they also should state the next OS version that fixes the problem.
For example, on 6.3(5) a caveat has been resolved since 6.3(4) for something similar:
"Alias command may cause High CPU on Secondary PIX"
http://www.cisco.com/en/US/docs/security/pix/pix63/release/notes/pixrn635.html
Please rate if this helped.
Regards,
Daniel
08-02-2008 05:46 AM
Thank you for the reply. How come the primary PIX with same IOS does not show the similar behaviour...?
I have contacted TAC. The engineer at this time has no definitive answer except some assumptions..
1. the Xover ethernet cable bad (I strongly think it is not the reason- as I do not see any interface hits/erros)
2. Alias command --> No alias commnds in config
3. fixup Sip --> Config got SIP, I will look into remove it, as it looks like we are not using at thei time.
4. If nothing fixes the issue, upgrade to
6.3 (5)
Iam looking into options we can do here with minimal impact, as it is prod environment.
Any other suggestions are welcome.
Thank you
MS
08-02-2008 10:39 AM
Hi,
I had a similar issue in the past with the secondary PIX disconnecting from all network connections every 1.5 hours. The primary PIX was ok. I saw this on the Syslog. You should check also the syslog messages from both Primary and Secondary.
To fix this i had to update the OS and it got sorted out.
You can upgrade only the secondary to 6.3(5) and see how it goes. This should not affect your production environment.
Please rate if this helped.
Regards,
Daniel
08-03-2008 11:50 AM
Thank you.. i will check the syslog for any connection disconnects messages. Also, Is it recomended to upgrade only secondary PIX..? I never tried this. So connect the console cable directly to secondary unit and upload using TFTP and reload after IOS upload.Does this works for only secondary unit..?
Thank you
MS
08-04-2008 06:34 PM
Hi All,
Can someone shed what exactly happened here.
Today TAC asked for 'Show chunkstats' o/p and when I ran the command, o/p keeps rolling on the PIX and it never stopped atleast for 30-40Mins irrespective of my efforts to srtop that. After that, while I was checking the Primary configs, I received a message'SYNC started' and then 'completed'. Then the Memory usage on the secondary went back to normal (30-35%) and its been like that since then.
TAC engineers expected sudden reboot, but it never happened (sh ver uptime is very long). I tried to get crashinfo, but its saying corrupted.
So anyone can shed light on exactly what made the Memory usage jump back to normal..? Memory crash..??
Thank you in advance
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide