cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
921
Views
0
Helpful
8
Replies

PIX CPU usage is high

Customer is saying that cpu usage is at about 85%. Researching docs about CPU usage in the pix, I found that some itens may be verified like "show xlate count", but I doesn't say what is the normal value for it. Another says to check that "memory block" is normal, but what is "normal"? What else can I do to troubleshoot the cpu usage?

8 Replies 8

rajbhatt
Level 3
Level 3

Hi,

WHat IOS (finesse) ver u are running ?

Plz check that memory block should not be 0 for 15 sec(otherwise it will cause failover)

Have u recently added any servers or services through the pix ?

Do u have huge number of ACLS are they complied?

Depending on the connection u can see if the xlate count is very big .

Also verify the sh conn and sh conn count to see if there is any attack.

Also check for output of sh proc to see if a particular process is eating up the memory

Check for interface errors .

Also check for asa drops .

Also verify the logging levels .It should not be set over level 5.

Verify the syslog entries to see any abnormal logs.

This should guide u to give a fair idea what is making the cpu to spike

Raj

Hello Raj,

I did exactly you said, but the problem is still the same. The version of the pix is 6.5.

Regards,

Luiz

Luiz,

There's no version 6.5.

Did you mean version 6.3(5)

Regards,

arburt

arburt
Level 1
Level 1

Luis,

Do the ff.

1. sh cpu usage (if cpu utilization is high, proceed to number 2)

2. cpu profile activate 5000 (use #3 to see the status of the cpu profiling)

3. show cpu profile

4. clear cpu profile

5. sh proc (wait for 1 minute, then issue the same command)

Send this to cisco tac so that they can decode the cause of high cpu. From there tac or this forum can recommend properly.

Regards,

arburt

Thanks Arburt, I'll do it.

Hi,

I concur with what has already been said, however I have seen these issues with bug's in the IOS. You should try updating or downgrading incase a recent config change has caused a caveat to trigger.

It could be a virus generating large amounts of traffic, or simply the fact that there is high utilization of the pix, as regards users.

Have you checked to see if any debugs or captures are running ?

Try undebug all. There are lots of things it could be, you can always paste the config into here and we can take a look to see if anything abnormal has been switched on.

Thanks,

Jon Humphries

Thanks Jon, upgrading the IOS is a problem right now, we need to plan it. About the debug I'm going to double check it.

Luis,

Post the pixos version and the top 5 processes using the 'show proc' command.

With the detail above, we can avoid the shot-in-the-dark approach of solving the issue.

Regards,

arburt

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: