07-17-2013 03:07 AM - edited 03-11-2019 07:13 PM
Hi,
We have a cisco ASA 5510 running on Software Version 8.0(4)28.
Recently we are seeing high cpu usage as below
ABC-ASA# show cpu usage
CPU utilization for 5 seconds = 53%; 1 minute: 43%; 5 minutes: 45%
ABC-ASA#
and I have notice its becuase of dispatch unit
ABC-ASA# show processes cpu-usage non-zero sorted
PC Thread 5Sec 1Min 5Min Process
0817ff94 d442f92c 44.9% 41.1% 42.1% Dispatch Unit
08b207ad d4429aa4 2.5% 2.4% 2.3% Logger
091c6c28 d442af70 0.1% 0.0% 0.0% Checkheaps
ABC-ASA#
Please advise what should be the avarage cpu and Dispatch unit utilization in the peak connections time .
07-17-2013 10:52 AM
Hello,
There is no average CPU usage for an ASA, that will depend of your enviroment (how much traffic is going through the ASA, How many features you have enabled on the box, how many inspection engines are doing DPI, etc ,etc ,etc)
So my recomendation would be:
-Get a baseline of what is your usual CPU usage and from there start monitoring the box, then if you see the CPU incrementing you can let us know,
-FYI Dispatch unit is related to traffic handling of the ASA so in this case the CPU is at 46% due to how it handles traffic and the logging services (most being used by the dispatch unit)
44% is not something to be scared of, unless you were on 2 % this morning and suddenly you go up to 46%
Regards
For Networking Posts check my blog at http://laguiadelnetworking.com/
Cheers,
Julio Carvajal Segura
07-18-2013 02:53 AM
Thanks Julio,
We are running DPI default and basic inspection setting as below.
I will keep monitor the CPU usgae and traffic on ASA to see if got any sudden change.
=========
dynamic-access-policy-record DfltAccessPolicy
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
class class-default
set connection decrement-ttl
!
service-policy global_policy global
prompt hostname context
07-18-2013 09:28 AM
Hello,
That's all you got to do now, keep an eye on it,
Regards
For Networking Posts check my blog at http://laguiadelnetworking.com/
Cheers,
Julio Carvajal Segura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide