FWSM 3.1(10): Unreasonably high CPU utilization

Answered Question
May 18th, 2010

Hello.

We are investigating a problem with unreasonably high CPU utilization, with one of our FWSM modules in a 6509-E. This is a newly implemented module with practically zero traffic passing through it but still, the CPU is at 20-22%. Here's some information:

<FWSM>/actNoFailover# sh ver           

FWSM Firewall Version 3.1(10)
Device Manager Version 6.2(1)F

<FWSM>/actNoFailover#  show pc conn
0 in use, 0 most used

<FWSM>/actNoFailover# sh resource usage
Resource              Current         Peak      Limit        Denied Context
Telnet                      1            2          5             0 System
ASDM                        1            1          5             0 System
Conns                      11           35  unlimited             0 System
Xlates                     12          124  unlimited             0 System
Hosts                      12          124  unlimited             0 System

fw-mgmtdc-kln-01/actNoFailover# sh processes cpu-hog

    MAXHOG             NUMHOG             LASTHOG             Process
--------------     ---------------     ---------------       ---------

<FWSM># sh cpu usage      
CPU utilization for 5 seconds = 18%; 1 minute: 18%; 5 minutes: 18%

Please let me know if you require any additional information so that i will provide them. Any help as to why we are getting such high CPU readings, will be greatly appreciated.

Best regards.

I have this problem too.
0 votes
Correct Answer by Jay Johnston about 6 years 6 months ago

Do you have OSPF enabled on the FWSM? If so, it is normal and expected that the CPU utilization increase to around 20% continuously, with no traffic through the FWSM.

Even though the CPU is at 20% due to the OSPF process, that process will yield the CPU usage if it is required for other, higher priority tasks (such as packet processing on the control-point).

Correct Answer by Panos Kampanakis about 6 years 6 months ago

You can do "sh process", wait for 60 seconds and do it again.

Than you load the columns for the processes in a spreadsheet and subtract them and you will see what process kept the cpu for the most amount of time.

The you will know which process is eating up your cpu most.

I hope it helps.

PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Panos Kampanakis Tue, 05/18/2010 - 09:58

You can do "sh process", wait for 60 seconds and do it again.

Than you load the columns for the processes in a spreadsheet and subtract them and you will see what process kept the cpu for the most amount of time.

The you will know which process is eating up your cpu most.

I hope it helps.

PK

Kostas Kyriakos Tue, 05/18/2010 - 11:32

Hello pkampana and thanks for your reply.

Below you'll find my top 3 processes along with the diffs (first column):

Diff   Runtime    SBASE     Stack        Process
39163  557399451  01cfa0c8  32136/32768  Dispatch Unit
22213  317350952  0afab4b0  7776/8192    snp_timer_thread
13643  12064734   0fee1ad0  5292/8192    OSPF Router


This pretty much proves what Jay Johnston suggests. Any comments/ suggestions are welcome.

Thanks in advance.

Panos Kampanakis Tue, 05/18/2010 - 12:02

OK, so it seems the 3 top processes are Dispatch Unit, snp_timer_thread and OSPF. As jajohnst mentioned with OSPD it is normal and expected that the CPU utilizationincrease to around 20% continuously, with no traffic through the FWSM. Eventhough the CPU is at 20% due to the OSPF process, that process willyield the CPU usage if it is required for other, higher priority tasks(such as packet processing on the control-point).

The Dispatch Unit is packet processing so it is normal to take cpu.

PK

Correct Answer
Jay Johnston Tue, 05/18/2010 - 10:21

Do you have OSPF enabled on the FWSM? If so, it is normal and expected that the CPU utilization increase to around 20% continuously, with no traffic through the FWSM.

Even though the CPU is at 20% due to the OSPF process, that process will yield the CPU usage if it is required for other, higher priority tasks (such as packet processing on the control-point).

Actions

This Discussion