Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1154
Views
0
Helpful
6
Replies

New SSM-IPS40 show 50% CPU with no traffic

Go to solution
dschwind
Level 1
Level 1

‎03-01-2012 02:07 PM - edited ‎03-10-2019 05:37 AM

We're getting ready to deploy 2 ASA 5585s with SSM-IPS40 modules.  IDM reports 8 cpus at 100% utilization for a total of 50% cpu utilization.  Is IDM reporting this in error?  I'm not finding a way to check on the CLI.  There is no traffic traversing these devices at the moment.

Thanks in advance for any help.

Dennis

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
svaish
Level 1
Level 1
In response to dschwind

‎03-05-2012 04:23 AM

As from E3 engine updates, the IPS uses a different algorithm for managing its idle

time,and spends more time polling for packets to reduce latency. The E3 changes included a

fix to a problem with high latency during low traffic loads. The fix was to have sensorApp

check the packet buffers on the driver more often. So the packet could be pulled off the

driver queue quicker for analysis instead of waiting for the driver to fill the queue

before passing it to sensorApp. This increased checking caused a corresponding increase in

cpu usage.

The CPU Utilization measurement can/will be high, due to the change made in

the E3 engine, polling the sensing interfaces for more data. This is OK as if/when the

sensorApp process requires additional CPU time, the amount the polling is using is

dynamically scaled back to useful for determining actual sensor load.

So do not worry for the HIGH CPU but check the Processing load percentage on the IPS.

Please post if there are still unanswered questions.

,

Sachin

View solution in original post

0 Helpful

Go to solution
svaish
Level 1
Level 1
In response to dschwind

‎03-05-2012 05:21 AM

show statistics virtual-sensor VS0

Virtual Sensor Statistics

Statistics for Virtual Sensor vs0

Processing Load Percentage = XX

or on the IDM where you see the Graph for the CPU in the same circlr you would see Inspection Load.

Sachin

View solution in original post

0 Helpful

Go to solution
svaish
Level 1
Level 1
In response to dschwind

‎03-05-2012 06:59 AM

Please mark as answered if answered

View solution in original post

0 Helpful
6 Replies 6

Go to solution
dschwind
Level 1
Level 1

‎03-01-2012 02:38 PM

I should include the SSP_IPS40 blades shipped with 7.1(1)E4.

0 Helpful

Go to solution
svaish
Level 1
Level 1
In response to dschwind

‎03-05-2012 04:23 AM

As from E3 engine updates, the IPS uses a different algorithm for managing its idle

time,and spends more time polling for packets to reduce latency. The E3 changes included a

fix to a problem with high latency during low traffic loads. The fix was to have sensorApp

check the packet buffers on the driver more often. So the packet could be pulled off the

driver queue quicker for analysis instead of waiting for the driver to fill the queue

before passing it to sensorApp. This increased checking caused a corresponding increase in

cpu usage.

The CPU Utilization measurement can/will be high, due to the change made in

the E3 engine, polling the sensing interfaces for more data. This is OK as if/when the

sensorApp process requires additional CPU time, the amount the polling is using is

dynamically scaled back to useful for determining actual sensor load.

So do not worry for the HIGH CPU but check the Processing load percentage on the IPS.

Please post if there are still unanswered questions.

,

Sachin

0 Helpful

Go to solution
dschwind
Level 1
Level 1
In response to svaish

‎03-05-2012 05:15 AM

How would I check processing load?

Dennis

0 Helpful

Go to solution
svaish
Level 1
Level 1
In response to dschwind

‎03-05-2012 05:21 AM

show statistics virtual-sensor VS0

Virtual Sensor Statistics

Statistics for Virtual Sensor vs0

Processing Load Percentage = XX

or on the IDM where you see the Graph for the CPU in the same circlr you would see Inspection Load.

Sachin

0 Helpful

Go to solution
dschwind
Level 1
Level 1
In response to svaish

‎03-05-2012 05:58 AM

Ah, very good. 

Thanks a bunch.

Dennis

0 Helpful

Go to solution
svaish
Level 1
Level 1
In response to dschwind

‎03-05-2012 06:59 AM

Please mark as answered if answered

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card