cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
5
Helpful
6
Replies

ASA CPU higher than normal

Andy White
Level 3
Level 3

Hello,

Our ASA CPU level has been higher than normal over the last few weeks and I can see a reason why. 

I have noiced that tha dashboard has had the top graphs/tables re-enabled, which I beleive can cause the CPU to rise, how can I turn these off again?

Thanks

6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

Can you share

Show processes cpu-usage sorted non-zero

Clear interfaces

show interface | include errors

After 5 minutes

show interface | include errors

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Sure:

show processes cpu-usage non-zero

PC                    Thread         5Sec      1Min     5Min     Process

0x09303f3c   0x6d5ac568      0.1%      0.0%     0.0%     websns_snd

0x0911595d   0x6d5ac778     0.1%      0.1%     0.1%     websns_rcv_tcp

0x08c7e425   0x6d5c0b48     0.1%      0.1%     0.0%     Unicorn Admin Handler

0x0911d204   0x6d5af0b8      0.5%      0.4%     0.4%     tcp_thread

0x090c7a4d   0x6d5a6688     0.1%      0.0%     0.0%     ssh

0x091618b9   0x6d5ab6f8      0.0%      0.1%     0.1%     snmp

0x087a174e   0x6d5af8f8       0.1%      0.1%     0.1%     IP Thread

0x0865991b   0x6d5b3d08     0.0%      0.1%     0.1%     IKE Daemon

0x0828fb01   0x6d5c3278      68.8%    62.3%    59.7%   Dispatch Unit

0x098a2535   0x6d5bb8c8     0.0%      0.1%     0.0%     Checkheaps

0x087a8efe   0x6d5af6e8       0.1%      0.0%     0.0%     ARP Thread

show interface  | include errors

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        790 input errors, 0 CRC, 0 frame, 790 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        637 input errors, 0 CRC, 0 frame, 637 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

Thanks

Hello,

So the CPU is high due to DIspatch Unit process (Traffic handeling related)

That being said we can see that interface 1 and 2 are the ones receiving more traffic.

So my recommendation is:

Clear the interfaces with the command

clear interfaces

give 4 minutes

and do

show interfaces | include errors

Also run

show local-host | includehost|count/limit

And look for the hosts with the largest amount of conn.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Will do, just noticed this didn't work:

show local-host | includehost|count/limit

                                                ^

ERROR: % Invalid input detected at '^' marker.

It's

show local-host | include host|count/limit

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Strong suggestion would be to use Netflow and collector of choice against a Cisco switch that can monitor real time, the reason I state this is because if you need to cut down someone that is doing something that you are not allowing you would need to wait for the flow to close down to identify the source through Netflow on the ASA but on a Cisco switch you would identify the source immediately.

You can also enable threat detection feature that will tell you who is the top talker at a moment but not a history of that user.

https://supportforums.cisco.com/docs/DOC-6113

Value our effort and rate the assistance!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: