Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
5
Replies

PIX pair: Active/Stdby mode : Stdby unit have High memory utilization

mvsheik123
Level 7
Level 7

‎08-01-2008 10:06 AM

Hi All,

PIX pair with Active/Stdby mode configured for Stateful failover stateful cable & ethernet interfaces connected via Xover cable.

It is observed that, the the Stdby PIX memory utilization is above gradually increasing (from monitoring system data- it starts at 72% and right now up to 85%)and Active is only between 30-40%.

IOS :6.3 (4). No interface drops/errors on stateful interfaces (cable looks fine).

Any suggestions, what causing the memory eatup on Stdby unit..?

Thank you in advance

MS

Labels:
0 Helpful
5 Replies 5

5220
Level 4
Level 4

‎08-02-2008 01:51 AM

Hi,

Most probably is an PIX OS bug.

Try checking the version release notes to see if this bug is noted and they also should state the next OS version that fixes the problem.

For example, on 6.3(5) a caveat has been resolved since 6.3(4) for something similar:

"Alias command may cause High CPU on Secondary PIX"

http://www.cisco.com/en/US/docs/security/pix/pix63/release/notes/pixrn635.html

Please rate if this helped.

Regards,

Daniel

0 Helpful

mvsheik123
Level 7
Level 7
In response to 5220

‎08-02-2008 05:46 AM

Thank you for the reply. How come the primary PIX with same IOS does not show the similar behaviour...?

I have contacted TAC. The engineer at this time has no definitive answer except some assumptions..

1. the Xover ethernet cable bad (I strongly think it is not the reason- as I do not see any interface hits/erros)

2. Alias command --> No alias commnds in config

3. fixup Sip --> Config got SIP, I will look into remove it, as it looks like we are not using at thei time.

4. If nothing fixes the issue, upgrade to

6.3 (5)

Iam looking into options we can do here with minimal impact, as it is prod environment.

Any other suggestions are welcome.

Thank you

MS

0 Helpful

5220
Level 4
Level 4
In response to mvsheik123

‎08-02-2008 10:39 AM

Hi,

I had a similar issue in the past with the secondary PIX disconnecting from all network connections every 1.5 hours. The primary PIX was ok. I saw this on the Syslog. You should check also the syslog messages from both Primary and Secondary.

To fix this i had to update the OS and it got sorted out.

You can upgrade only the secondary to 6.3(5) and see how it goes. This should not affect your production environment.

Please rate if this helped.

Regards,

Daniel

0 Helpful

mvsheik123
Level 7
Level 7
In response to 5220

‎08-03-2008 11:50 AM

Thank you.. i will check the syslog for any connection disconnects messages. Also, Is it recomended to upgrade only secondary PIX..? I never tried this. So connect the console cable directly to secondary unit and upload using TFTP and reload after IOS upload.Does this works for only secondary unit..?

Thank you

MS

0 Helpful

mvsheik123
Level 7
Level 7
In response to mvsheik123

‎08-04-2008 06:34 PM

Hi All,

Can someone shed what exactly happened here.

Today TAC asked for 'Show chunkstats' o/p and when I ran the command, o/p keeps rolling on the PIX and it never stopped atleast for 30-40Mins irrespective of my efforts to srtop that. After that, while I was checking the Primary configs, I received a message'SYNC started' and then 'completed'. Then the Memory usage on the secondary went back to normal (30-35%) and its been like that since then.

TAC engineers expected sudden reboot, but it never happened (sh ver uptime is very long). I tried to get crashinfo, but its saying corrupted.

So anyone can shed light on exactly what made the Memory usage jump back to normal..? Memory crash..??

Thank you in advance

MS

0 Helpful
Customers Also Viewed These Support Documents