Inspection load at 0% and CPU at 100%

Unanswered Question

Hi, I have an ASA firewall 5585X with IPS SSP60 module, the issue here is that in the IPS module with IME, IDM and CLI, the staticts show that the inspection load is ever at 0% and the CPU(the 24 cores) are at 100% of use, i Think that is not so real, because I can see alerts and I able to access to the module.

so here are some evidence:

Inspection load:

show statistics virtual-sensor

Virtual Sensor Statistics

   Statistics for Virtual Sensor vs0

      Name of current Signature-Defintion instance = sig0

      Name of current Event-Action-Rules instance = rules0

      List of interfaces monitored by this virtual sensor =

      General Statistics for this Virtual Sensor

         Number of seconds since a reset of the statistics = 128767

         MemoryAlloPercent = 3

         MemoryUsedPercent = 3

         MemoryMaxCapacity = 45000000

         MemoryMaxHighUsed = 1054898

         MemoryCurrentAllo = 1566870

         MemoryCurrentUsed = 1506030

        Inspection Load Percentage = 0

         Total packets processed since reset = 38248606

         Total IP packets processed since reset = 38248606

CPU usage:

CPU Statistics

   Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

attached are the tech support file

someone know this problem?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Julio Carvajal Tue, 10/23/2012 - 16:08

Hello Mahuen,

This is the expected behavior.

Let me explain myself.

The explanation being that that the CPU polls the NIC more frequently, hence
decreasing the polling interval and reducing latency. The additional CPU
load that is reported while polling is actually available to process packets, and
reduces as inspection load goes up, it does not negatively affect the
overall throughput of the IPS.

This anomaly is discussed under the defect CSCtl74475

Hope this helps,


Julio Carvajal Wed, 10/24/2012 - 10:18

Hello Mahuen,

Well, there is no much traffic generating inspection across the box. That's all



This Discussion

Related Content