I have an issue with my Pix, during an FTP transfer the CPU goes upto 100% and stays there during the period of the transfer. When the transfer ends it goes back to 0%.
The Pix is a 535 with 512MB, the two interfaces transfering the data are both gigabit and are running at gigabit.
The only connection in the 'sh conn' is the one in progress the FTP so its not being hammered from all over yet the CPU spikes upto 100% and stays there then drops back to 0%.
This started because the server guys were complaining about slow transfers and were pointing at the FW, i didnt think for a second that one transfer would cause a Pix 535 with gigabit interfaces to flatline like it does.
Is there something obvious wrong ? or something i could do to identify the problem or a workaround ?
Any input would be great, much head scratching going on here.
Certainly we need to look into this. A single connection should ideally not spike the CPU to 100% and keep it constantly there.
First off, Id like to know if any changes were made on PIX due the complain from the server guys for slow transfer.
What code is running on PIX? Is it possible to take output of "show proc", "sh cpu usage" & "sh mem" just before the start of FTP transfer and then during the FTP transfer. Try keeing the time difference between the two outputs to 10-15 seconds. This might tell us which process is actually consuming CPU so much. Also, if you could provide the "sh interface" and "show run" output, it would be of great help.
What you are seeing is basically a sort of DOS attack. The server guys must be using a third party software to do the FTP. That software must be opening simenltaneous streams to do the ftp...just like a download acclerator. When the ftp process is going on and see the output of show conn count. If the current and the maximum values are almost same then it is a DOS attack..maybe not an intentional dos attack. Possibly you should try to limit the number of connections that the server guys can open..this you can do if you have a self static in place.
Not sure i believe it might have but has only been highlighted to me in the last few days.
Not sure about the FTP transfer either though i did check last night when there were 24 connection and the CPU was only around 60%, though the transfers last night were not going through the two gig interfaces, it was just using one of them.
As for the CPU usage returning to normal yes, please see the snapshot of the PDM i posted.
Hadnt noticed the broadcasts i will keep an eye on that, i was worried about the 'no buffers'
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :