Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

need help for IPS 4270 cpu overload !!!

hi all:

      we got one ips 4270 sensor.one of the cpu always overload(over 95% in the IME soft),but when i use the command "show statistics virtual-sensor | in processing load percentage" to check the cpu usage rate.it's under 5.

     sometimes the sensor will hang,then i have to reload it..TAC suggest upgrading the image from 6.x to 7.x..but in fact ,there is no change.

     any one can tell me how to do next ? 

     thanks.

3 REPLIES

Re: need help for IPS 4270 cpu overload !!!

Hello Wei,

Starting with the E3 engine update, the IPS uses a different algorithm for managing  its idle time, and spends more time polling for packets to reduce  latency. This results in the higher CPU usage being reported than  previous releases, including output by external tools such as top and  ps. This additional CPU load can be noticed on all Intel-based  platforms, single-CPU platforms as well as the primary CPU of multi-core  models. (AIM and NME-IPS already show 100% CPU usage on the primary  core, regardless of load, on all releases.) So the high CPU is normal.

Do you still have a TAC case open for the hang issue? What code are you currently running?

Please feel free to email me directly if you would like to work through a TAC case.

Thank you,

Blayne Dreier

blayne@cisco.com

Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

New Member

Re: need help for IPS 4270 cpu overload !!!

Bayne Dreier,

Even i have same problem in my environment .

As per my undertsanding from your response , we can ignore the same and no action required. Please correct me if iam wrong.

Could you please tell me is there any work around or any solutions to avoid the same. We use SSIM and soem time we didnt see the logs and it require the reboot.

How do we avoid the same.

Thanks...

-VP

------------------

Venkatesan.P

Re: need help for IPS 4270 cpu overload !!!

Hello VP,

The high CPU can be ignored. The hang issue should be fullly investigated via a TAC case.

Thank you,
Blayne Dreier
Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

457
Views
0
Helpful
3
Replies
CreatePlease to create content