03-03-2010 04:24 AM - edited 03-11-2019 10:17 AM
Ok so for the past few week the 5510 firewall has been slowly leaking memory, about 1mb a day, it is a ticking timebomb! soon there will be no memory left and then theres trouble...
There is 256 MB total, with roughly 70 mb free.
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Ive tried everything, through ASDM I have disabled everything that is not required, all logging, threat-detection stats, "clear conf threat-detection", cleared all stats i can see recorded, we are half way through a failover setup ( half configured ) involving a second 5510 with failover active, tried disabling that.
One thing is that we have had alot of traffic lately (expected) and this problem seems to have co-incided with that. However the traffic levels are staying the same now but the memory usage is slowly rising.
#sh proc mem ...
--------------------------------------------------------------
Allocs Allocated Frees Freed Process
(bytes) (bytes)
--------------------------------------------------------------
449199 187388289 446826 165548521 Init Thread
247932 40660848 123966 16363512 IP Background
3328 574680 125719 24731928 tmatch compile thread
2653236 606106467 2425144 604639669 IKE Daemon
20749 57119690 20739 57109832 Unicorn Admin Handler
112454 916832 224630 1797040 emweb/https
331980219179978100693 320861794 178548750051 Dispatch Unit
17123182 1548328839 17116468 1536525265 snmp
334951 19353216 0 0 IKE Receiver
1679 468665 10422082 1327274466 PIX Garbage Collector
403 20249098 378 20232654 telnet/ci
110703 27730189 12164 591008 CTM message handler
I have left out all the small mem usage procs
Dispatch unit appears massive. Im having trouble deciphering how much memory it is actually using though, it claims "179978100693" of allocated bytes, thats 171640.492146492 MB apparently according to a bytes to MB convertor, so somethings not right there...
Is this some sort of memory leak ? Is there a solution ?
03-03-2010 08:19 AM
Memory creeping up like this could relate to memory leaks.
The "sh memory detail" and "sh binsize" etc need to be investigate by TAC.
I would suggest a case with them.
PK
03-04-2010 02:58 AM
Thanks, however we dont have a service contract with Cisco.
After contacting our point of sales for support, they are only able to take the device and send it back to Cisco, this is not an option atm as the firewall is in production... Bit of a joke really as you buy a product, for alot of money, expecting it to work, then when there is a clear design/manufacturing fault with the device Cisco can do nothing for you unless you have a sevice contract. Well good thing I have a second 5510 I can xfer the config to and use in the meantime.
03-04-2010 06:37 AM
There is no way any company in the world can guarantee software defect free code and that is why support contracts are for.
Also a hardware swap is not likely to solve software issues.
You can try going to 8.2.2 but I don't think you are legally elibible for that either, since you don't have a contract.
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: