Inspection load at 0% and CPU at 100%

Unanswered Question
Oct 23rd, 2012

Hi, I have an ASA firewall 5585X with IPS SSP60 module, the issue here is that in the IPS module with IME, IDM and CLI, the staticts show that the inspection load is ever at 0% and the CPU(the 24 cores) are at 100% of use, i Think that is not so real, because I can see alerts and I able to access to the module.

so here are some evidence:

Inspection load:

show statistics virtual-sensor

Virtual Sensor Statistics

   Statistics for Virtual Sensor vs0

      Name of current Signature-Defintion instance = sig0

      Name of current Event-Action-Rules instance = rules0

      List of interfaces monitored by this virtual sensor =

      General Statistics for this Virtual Sensor

         Number of seconds since a reset of the statistics = 128767

         MemoryAlloPercent = 3

         MemoryUsedPercent = 3

         MemoryMaxCapacity = 45000000

         MemoryMaxHighUsed = 1054898

         MemoryCurrentAllo = 1566870

         MemoryCurrentUsed = 1506030

        Inspection Load Percentage = 0

         Total packets processed since reset = 38248606

         Total IP packets processed since reset = 38248606

CPU usage:

CPU Statistics

   Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

attached are the tech support file

someone know this problem?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Julio Carvaja Tue, 10/23/2012 - 16:08

Hello Mahuen,

This is the expected behavior.

Let me explain myself.

The explanation being that that the CPU polls the NIC more frequently, hence
decreasing the polling interval and reducing latency. The additional CPU
load that is reported while polling is actually available to process packets, and
reduces as inspection load goes up, it does not negatively affect the
overall throughput of the IPS.

 
This anomaly is discussed under the defect CSCtl74475

Hope this helps,

Julio

Julio Carvaja Wed, 10/24/2012 - 10:18

Hello Mahuen,

Well, there is no much traffic generating inspection across the box. That's all

Regards,

Julio Carvaja Wed, 10/24/2012 - 12:41

Hello Mahuen,

Well that is what the ouptut means!

Have you check the service policy to check how many packets are being send to the module?

Actions

Login or Register to take actions

This Discussion

Posted October 23, 2012 at 6:44 AM
Stats:
Replies:5 Avg. Rating:
Views:1595 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 816
2 668
3 603
4 526
5 367
Rank Username Points
5
5
5
5
5