Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
0
Helpful
2
Replies

High CPU usage in PIX

trackme
Level 1
Level 1

‎11-19-2008 01:39 AM - edited ‎03-11-2019 07:15 AM

Hello,

I have a PIX 515E and it shows constantly high CPU usage and not sure which process exactly eats that.

----------------

sh cpu usa

CPU utilization for 5 seconds = 90%; 1 minute: 89%; 5 minutes: 84%

---------------

I did show process

-------------

sh proc

PC SP STATE Runtime SBASE Stack Process

Hsi 001eaee9 008c4f7c 005588b0 7500 008c3ff4 3628/4096 arp_timer

Lsi 001f048d 00968174 005588b0 501880 009671fc 3664/4096 FragDBGC

Lwe 00119a57 009e9364 0055c018 0 009e84fc 3688/4096 dbgtrace

Lwe 003e6385 009eb4f4 005511d8 6418730 009e95ac 6464/8192 Logger

Hwe 003ea51c 009ee5ec 00551488 970 009ec674 7760/8192 tcp_fast

Hwe 003ea495 009f069c 00551488 670 009ee724 7636/8192 tcp_slow

Lsi 003020e1 00b26e1c 005588b0 250 00b25e94 3680/4096 xlate clean

Lsi 00301fef 00b27ebc 005588b0 1260 00b26f44 3384/4096 uxlate clean

Mwe 002f99fb 00cc02bc 005588b0 27750 00cbe324 7640/8192 tcp_intercept_timer_process

Lsi 0043ccf5 00d6ab74 005588b0 1000 00d69bec 3632/4096 route_process

Hsi 002e97fc 00d6bc04 005588b0 102570 00d6ac9c 2244/4096 PIX Garbage Collector

Hwe 002177d1 00d76134 005588b0 4640 00d721cc 15824/16384 isakmp_time_keeper

Lsi 002e739c 00d8fe9c 005588b0 90 00d8ef14 3708/4096 perfmon

Mwe 0020edf9 00dba2cc 005588b0 5110 00db8354 7680/8192 IPsec timer handler

Hrd 0039c643 00dced54 00558898 179220 00dcce0c 6784/8192 qos_metric_daemon

Mwe 00261fe5 00de988c 005588b0 329290 00de5924 15344/16384 IP Background

Lwe 002fa672 00e9c1dc 0056ecf8 0 00e9b364 3704/4096 pix/trace

Lwe 002fa8aa 00e9d28c 0056f428 0 00e9c414 3704/4096 pix/tconsole

H* 0011f1af 0009ff2c 00558898 56550 00ea577c 12664/16384 ci/console

Csi 002f26fb 00eaa784 005588b0 65440 00ea982c 3280/4096 update_cpu_usage

Hwe 002ddfc1 00f4e71c 00537c50 0 00f4a894 15884/16384 uauth_in

Hwe 003e8f8d 00f5081c 0099d448 0 00f4e944 7896/8192 uauth_thread

Hwe 003ff49a 00f5196c 005517d8 10 00f509f4 3848/4096 udp_timer

Hsi 001e2ab6 00f53634 005588b0 4650 00f526bc 3664/4096 557mcfix

Crd 001e2a6b 00f546f4 00558d28 191740320 00f5376c 3536/4096 557poll

Lsi 001e2b25 00f55794 005588b0 1610 00f5481c 3584/4096 557timer

Cwe 001e46a9 00f6b86c 00558d28 70342810 00f69974 6128/8192 pix/intf0

Mwe 003ff20a 00f6c97c 009e6070 0 00f6ba44 3896/4096 riprx/0

Msi 003a5bf9 00f6da8c 005588b0 220 00f6cb14 3664/4096 riptx/0

Cwe 001e46a9 00f73c94 00558d28 103716960 00f71d9c 5968/8192 pix/intf1

Mwe 003ff20a 00f74da4 009e6028 0 00f73e6c 3896/4096 riprx/1

Msi 003a5bf9 00f75eb4 005588b0 330 00f74f3c 3768/4096 riptx/1

Cwe 001e46a9 00f7c0bc 0081b548 0 00f7a1c4 7928/8192 pix/intf2

Mwe 003ff20a 00f7d1cc 009e5fe0 0 00f7c294 3896/4096 riprx/2

Msi 003a5bf9 00f7e2dc 005588b0 280 00f7d364 3768/4096 riptx/2

Mrd 00258938 010009ac 005588e8 57730 00fffa44 3160/4096 ntp

Mwe 00372856 0100af5c 005588b0 0 01008fe4 7960/8192 Crypto CA

Mwe 003e2e75 00ea153c 005588b0 20 00e9f5c4 7164/8192 ssh/timer

-----------------------------

sh int e1

interface ethernet1 "inside" is up, line protocol is up

Hardware is i82559 ethernet, address

MTU 1500 bytes, BW 100000 Kbit full duplex

68102337 packets input, 4212188675 bytes, 0 no buffer

Received 146892 broadcasts, 0 runts, 0 giants

3510 input errors, 0 CRC, 0 frame, 3510 overrun, 0 ignored, 0 abort

76845298 packets output, 3337696473 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (128/188)

output queue (curr/max blocks): hardware (0/128) software (0/529)

Is there a way to find which eats the most CPU since i have performance problems because of this.

Labels:
0 Helpful
2 Replies 2

jine
Level 1
Level 1

‎11-20-2008 05:52 AM

Hello

are you analyse yours logs ?

Cordialy

0 Helpful

m.surtees
Level 1
Level 1

‎11-23-2008 11:37 PM

Hi - bit late and hope you haven't been running at 90% since the 20th but check out

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009456c.shtml

for some useful info on the various processes running and why. Your 557poll does seem a bit large although it's generally the largest.

1. Are you running a debug or capture? It's a commom mistake.

2. Look at your acls - are they huge in the "show access-list xxx" form (i.e. not what they look like in the running-config). Over use of object-groups and nesting of object-groups is bad form and can really stress your FW

3. How much are you logging? Worth turning it down especilly those logs you don't look at (console?) to see if it makes a difference.

Hope it helps and pls rate this post

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card