Solved: FWSM 3.1(10): Unreasonably high CPU utilization

Kostas Kyriakos · ‎05-18-2010

Hello.

We are investigating a problem with unreasonably high CPU utilization, with one of our FWSM modules in a 6509-E. This is a newly implemented module with practically zero traffic passing through it but still, the CPU is at 20-22%. Here's some information:

<FWSM>/actNoFailover# sh ver

FWSM Firewall Version 3.1(10)
Device Manager Version 6.2(1)F

<FWSM>/actNoFailover# show pc conn
0 in use, 0 most used

<FWSM>/actNoFailover# sh resource usage
Resource              Current         Peak      Limit        Denied Context
Telnet                      1            2          5             0 System
ASDM                        1            1          5             0 System
Conns                      11           35 unlimited             0 System
Xlates                     12          124 unlimited             0 System
Hosts                      12          124 unlimited             0 System

fw-mgmtdc-kln-01/actNoFailover# sh processes cpu-hog

MAXHOG NUMHOG LASTHOG Process
-------------- --------------- --------------- ---------

<FWSM># sh cpu usage
CPU utilization for 5 seconds = 18%; 1 minute: 18%; 5 minutes: 18%

Please let me know if you require any additional information so that i will provide them. Any help as to why we are getting such high CPU readings, will be greatly appreciated.

Best regards.

Panos Kampanakis · ‎05-18-2010

You can do "sh process", wait for 60 seconds and do it again.

Than you load the columns for the processes in a spreadsheet and subtract them and you will see what process kept the cpu for the most amount of time.

The you will know which process is eating up your cpu most.

I hope it helps.

PK

View solution in original post

Jay Johnston · ‎05-18-2010

Do you have OSPF enabled on the FWSM? If so, it is normal and expected that the CPU utilization increase to around 20% continuously, with no traffic through the FWSM.

Even though the CPU is at 20% due to the OSPF process, that process will yield the CPU usage if it is required for other, higher priority tasks (such as packet processing on the control-point).

View solution in original post

Panos Kampanakis · ‎05-18-2010

You can do "sh process", wait for 60 seconds and do it again.

Than you load the columns for the processes in a spreadsheet and subtract them and you will see what process kept the cpu for the most amount of time.

The you will know which process is eating up your cpu most.

I hope it helps.

PK

Kostas Kyriakos · ‎05-18-2010

Hello pkampana and thanks for your reply.

Below you'll find my top 3 processes along with the diffs (first column):

Diff   Runtime    SBASE     Stack        Process
39163 557399451 01cfa0c8 32136/32768 Dispatch Unit
22213 317350952 0afab4b0 7776/8192    snp_timer_thread
13643 12064734   0fee1ad0 5292/8192    OSPF Router

This pretty much proves what Jay Johnston suggests. Any comments/ suggestions are welcome.

Thanks in advance.

Panos Kampanakis · ‎05-18-2010

OK, so it seems the 3 top processes are Dispatch Unit, snp_timer_thread and OSPF. As jajohnst mentioned with OSPD it is normal and expected that the CPU utilizationincrease to around 20% continuously, with no traffic through the FWSM. Eventhough the CPU is at 20% due to the OSPF process, that process willyield the CPU usage if it is required for other, higher priority tasks(such as packet processing on the control-point).

The Dispatch Unit is packet processing so it is normal to take cpu.

PK

Jay Johnston · ‎05-18-2010

Do you have OSPF enabled on the FWSM? If so, it is normal and expected that the CPU utilization increase to around 20% continuously, with no traffic through the FWSM.

Even though the CPU is at 20% due to the OSPF process, that process will yield the CPU usage if it is required for other, higher priority tasks (such as packet processing on the control-point).

Kostas Kyriakos · ‎05-18-2010

Thanks both very much for your suggestions.

Best regards.