Cisco ASA5510 Used Memory Slowly Rising... A Leak ?

Unanswered Question
Mar 3rd, 2010

Ok so for the past few week the 5510 firewall has been slowly leaking memory, about 1mb a day, it is a ticking timebomb! soon there will be no memory left and then theres trouble...

screen-capture-5.jpg

There is 256 MB total, with roughly 70 mb free.

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Ive tried everything, through ASDM I have disabled everything that is not required, all logging, threat-detection stats, "clear conf threat-detection", cleared all stats i can see recorded, we are half way through a failover setup ( half configured ) involving a second 5510 with failover active, tried disabling that.

One thing is that we have had alot of traffic lately (expected) and this problem seems to have co-incided with that. However the traffic levels are staying the same now but the memory usage is slowly rising.

#sh proc mem  ...

--------------------------------------------------------------
Allocs   Allocated       Frees         Freed           Process
          (bytes)                      (bytes)
--------------------------------------------------------------

449199      187388289       446826        165548521       Init Thread
247932      40660848        123966        16363512        IP Background

3328         574680          125719        24731928        tmatch compile thread

2653236    606106467       2425144       604639669       IKE Daemon

20749       57119690        20739         57109832        Unicorn Admin Handler
112454     916832          224630        1797040         emweb/https

331980219179978100693    320861794     178548750051    Dispatch Unit

17123182 1548328839      17116468      1536525265      snmp

334951     19353216        0             0               IKE Receiver
1679         468665          10422082      1327274466      PIX Garbage Collector

403          20249098        378           20232654        telnet/ci

110703     27730189        12164         591008          CTM message handler

I have left out all the small mem usage procs

Dispatch unit appears massive. Im having trouble deciphering how much memory it is actually using though, it claims "179978100693" of allocated bytes, thats 171640.492146492 MB apparently according to a bytes to MB convertor, so somethings not right there...

Is this some sort of memory leak ? Is there a solution ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Wed, 03/03/2010 - 08:19

Memory creeping up like this could relate to memory leaks.

The "sh memory detail" and "sh binsize" etc need to be investigate by TAC.

I would suggest a case with them.

PK

leoruben2308 Thu, 03/04/2010 - 02:58

Thanks, however we dont have a service contract with Cisco.

After contacting our point of sales for support, they are only able to take the device and send it back to Cisco, this is not an option atm as the firewall is in production... Bit of a joke really as you buy a product, for alot of money, expecting it to work, then when there is a clear design/manufacturing fault with the device Cisco can do nothing for you unless you have a sevice contract. Well good thing I have a second 5510 I can xfer the config to and use in the meantime.

Panos Kampanakis Thu, 03/04/2010 - 06:37

There is no way any company in the world can guarantee software defect free code and that is why support contracts are for.

Also a hardware swap is not likely to solve software issues.

You can try going to 8.2.2 but I don't think you are legally elibible for that either, since you don't have a contract.

PK

Actions

This Discussion