Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Inspection load at 0% and CPU at 100%

Hi, I have an ASA firewall 5585X with IPS SSP60 module, the issue here is that in the IPS module with IME, IDM and CLI, the staticts show that the inspection load is ever at 0% and the CPU(the 24 cores) are at 100% of use, i Think that is not so real, because I can see alerts and I able to access to the module.

so here are some evidence:

Inspection load:

show statistics virtual-sensor

Virtual Sensor Statistics

   Statistics for Virtual Sensor vs0

      Name of current Signature-Defintion instance = sig0

      Name of current Event-Action-Rules instance = rules0

      List of interfaces monitored by this virtual sensor =

      General Statistics for this Virtual Sensor

         Number of seconds since a reset of the statistics = 128767

         MemoryAlloPercent = 3

         MemoryUsedPercent = 3

         MemoryMaxCapacity = 45000000

         MemoryMaxHighUsed = 1054898

         MemoryCurrentAllo = 1566870

         MemoryCurrentUsed = 1506030

        Inspection Load Percentage = 0

         Total packets processed since reset = 38248606

         Total IP packets processed since reset = 38248606

CPU usage:

CPU Statistics

   Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

attached are the tech support file

someone know this problem?

5 REPLIES

Inspection load at 0% and CPU at 100%

Hello Mahuen,

This is the expected behavior.

Let me explain myself.

The explanation being that that the CPU polls the NIC more frequently, hence
decreasing the polling interval and reducing latency. The additional CPU
load that is reported while polling is actually available to process packets, and
reduces as inspection load goes up, it does not negatively affect the
overall throughput of the IPS.

 
This anomaly is discussed under the defect CSCtl74475

Hope this helps,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Inspection load at 0% and CPU at 100%

ok, that explain the issue with the cpu, but what about the inspection-load?

Inspection load at 0% and CPU at 100%

Hello Mahuen,

Well, there is no much traffic generating inspection across the box. That's all

Regards,

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Inspection load at 0% and CPU at 100%

which informatio do you read to say that?

Inspection load at 0% and CPU at 100%

Hello Mahuen,

Well that is what the ouptut means!

Have you check the service policy to check how many packets are being send to the module?

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
2447
Views
0
Helpful
5
Replies