Hi, I have an ASA firewall 5585X with IPS SSP60 module, the issue here is that in the IPS module with IME, IDM and CLI, the staticts show that the inspection load is ever at 0% and the CPU(the 24 cores) are at 100% of use, i Think that is not so real, because I can see alerts and I able to access to the module.
so here are some evidence:
show statistics virtual-sensor
Virtual Sensor Statistics
Statistics for Virtual Sensor vs0
Name of current Signature-Defintion instance = sig0
Name of current Event-Action-Rules instance = rules0
List of interfaces monitored by this virtual sensor =
General Statistics for this Virtual Sensor
Number of seconds since a reset of the statistics = 128767
MemoryAlloPercent = 3
MemoryUsedPercent = 3
MemoryMaxCapacity = 45000000
MemoryMaxHighUsed = 1054898
MemoryCurrentAllo = 1566870
MemoryCurrentUsed = 1506030
Inspection Load Percentage = 0
Total packets processed since reset = 38248606
Total IP packets processed since reset = 38248606
Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.
The explanation being that that the CPU polls the NIC more frequently, hence
decreasing the polling interval and reducing latency. The additional CPU
load that is reported while polling is actually available to process packets, and
reduces as inspection load goes up, it does not negatively affect the
overall throughput of the IPS.
This anomaly is discussed under the defect CSCtl74475
Hope this helps,
Looking for some Networking Assistance?
Contact me directly at firstname.lastname@example.org
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...