Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5540 Version 7.2(2) CPU spike

Hi,

First a bit of history

A few months ago we upgraded our PIX 515 from version 6.3(5) to version 7.2.1. we then suffered the consequences with a very heavily utilised CPU and packet loss.. the thing was idling around 50% cpu..

Anyway we have just recently replaced out PIX failover pair with a pair of ASA 5540 running version 7.2(2). Initially the replacement went fine and things seem to work ok. However we now seem to have the same problem we had before???!!! I would say total firewall throughput across all 12 physical and logical interfaces is less than 100Mbps , xlates and connections are low and all interfaces are good..

The ASA's initially seemed to be good and idle along most of the time at around 5% cpu however we have started so noticed a few issues with some of our VOIP (this goes inside a dmvpn tunnel that passes through the PIX)... so I enabled prioriry queues on the ASA

Looking into the VOIP problems it seems that the ASA CPU seems to spike at around 99% for maybe a second (long enough for voip) and then drops..... not sure why this is happening... the ASA 5540 are supposed to be able to handle 650Mbps...???

Could this be some sort of bug? If I show CPU hog on the ASA we get the following?

Process: Dispatch Unit, NUMHOG: 1406, MAXHOG: 9084, LASTHOG: 1010

LASTHOG At: 17:12:59 UTC Jan 25 2007

PC: 89cd5d

Traceback: 2f16b3 2f0f4d 2f4b81 2ed253 74bbd7 7411ce c3a905

c3ae4f c3b334 740fab 74bf38 74e086 62b970 21906a

I know that this unit is more than capable of handling this.. our old 515E was... can anyone shed any light on this?

Thanks

Matt

2 REPLIES
Silver

Re: ASA 5540 Version 7.2(2) CPU spike

It looks like a bug, I suggest you rio change the encryption type. If you are AES -128, changed to 3DES encryption for the VPN traffic.

New Member

Re: ASA 5540 Version 7.2(2) CPU spike

Hi,

I got to the bottom of this, it seemed to be related to esmtp fixup. I turned this off and cpu hog went away... Looking in the logs fixup was not liking some of our mail...

Thanks

391
Views
0
Helpful
2
Replies