need help for IPS 4270 cpu overload !!!

Unanswered Question
Jul 6th, 2010

hi all:

      we got one ips 4270 of the cpu always overload(over 95% in the IME soft),but when i use the command "show statistics virtual-sensor | in processing load percentage" to check the cpu usage's under 5.

     sometimes the sensor will hang,then i have to reload it..TAC suggest upgrading the image from 6.x to 7.x..but in fact ,there is no change.

     any one can tell me how to do next ? 


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Christopher Dreier Wed, 07/07/2010 - 08:31

Hello Wei,

Starting with the E3 engine update, the IPS uses a different algorithm for managing  its idle time, and spends more time polling for packets to reduce  latency. This results in the higher CPU usage being reported than  previous releases, including output by external tools such as top and  ps. This additional CPU load can be noticed on all Intel-based  platforms, single-CPU platforms as well as the primary CPU of multi-core  models. (AIM and NME-IPS already show 100% CPU usage on the primary  core, regardless of load, on all releases.) So the high CPU is normal.

Do you still have a TAC case open for the hang issue? What code are you currently running?

Please feel free to email me directly if you would like to work through a TAC case.

Thank you,

Blayne Dreier

[email protected]

Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show:

p_venkatesan Wed, 07/07/2010 - 08:54

Bayne Dreier,

Even i have same problem in my environment .

As per my undertsanding from your response , we can ignore the same and no action required. Please correct me if iam wrong.

Could you please tell me is there any work around or any solutions to avoid the same. We use SSIM and soem time we didnt see the logs and it require the reboot.

How do we avoid the same.






This Discussion