Re: CPU % on ASA higher than normal, how can I debug?

whiteford · ‎09-20-2008

Hi,

The CPU on my ASA is higher than normal. Usually it's around 10-15% but now it's around 40% since a couple of days ago.

No nothing has been added to the ASA's config, plus the bandwidth through the switch hasn't changed either, how can I debug?

Thanks

mj11 · ‎09-20-2008

Hi

Follow these steps in order to troubleshoot:

1.Verify that the connection count in show xlate count is low.

2.Verify that the memory block is normal.

3.Issue the show memory detail command, and verify that the memory used by the PIX is normal utilization.

4.Verify that the counts in show processes cpu-hog and show processes memory are normal.

5.Any host present inside or outside the security appliance can generate the malicious or mass traffic that can be a broadcast/multicast traffic and cause the high CPU utilization. In order to resolve this issue, configure an access list to deny the traffic between the hosts (end to end) and check the usage.

6.Check the duplex and speed settings in PIX interfaces. The mismatch setting with the remote infterfaces can increase the CPU utilization.

Note: Cisco recommends that you enable the ip verify reverse-path interface command on all the interfaces as it will drop packets that do not have a valid source address, which results in less CPU usage.

7.Another reason for high CPU usage can be due to too many multicast routes. Issue the show mroute command in order to check if PIX/ASA receives too many multicast routes.

8.Use the show local-host command in order to see if the network experiences a denial-of-service attack, which can indicate a virus attack in the network.

Also which code are you running?

Regards MJ

whiteford · ‎09-20-2008

Running 8.03

1.) 51 what is xlate?

2.) How do I verify the memory block

3.) sh memory detail

Free memory: 171233952 bytes (32%)

Used memory: 365636960 bytes (68%)

Allocated memory in use: 202058976 bytes (38%)

Reserved memory: 84336768 bytes (16%)

DMA Reserved memory: 79241216 bytes (15%)

----------------------------- ----------------

Total memory: 536870912 bytes (100%)

Dynamic Shared Objects(DSO): 0 bytes

DMA memory:

Unused memory: 2073132 bytes ( 3%)

Crypto reserved memory: 20471928 bytes (26%)

Crypto free: 16785316 bytes (21%)

Crypto used: 3686612 bytes ( 5%)

Block reserved memory: 56441696 bytes (71%)

Block free: 52624576 bytes (66%)

Block used: 3817120 bytes ( 5%)

Used memory: 254460 bytes ( 0%)

----------------------------- ----------------

Total memory: 79241216 bytes (100%)

HEAP memory:

Free memory: 171233952 bytes (46%)

Used memory: 202058976 bytes (54%)

Init used memory by library: 4218752 bytes ( 1%)

Allocated memory: 197840224 bytes (53%)

----------------------------- ----------------

Total memory: 373292928 bytes (100%)

Least free memory: 170910928 bytes (46%)

Most used memory: 202382000 bytes (54%)

4.) Not sure what I'm looking at

6.) How can I check a mismatch, nothing flashing amber. Also how can I add ip verify reverse-path interface command

7.) No mroutes found

Thanks

JORGE RODRIGUEZ · ‎09-20-2008

Andy,

just go over this link provides a bit more explanation of things you are looking at.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

Rgds

Jorge

Jorge Rodriguez