Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
0
Helpful
1
Replies

IDSM-2; continual high CPU and FIFO overruns

bryan.thomson
Level 1
Level 1

‎02-23-2012 07:43 AM - edited ‎03-10-2019 05:37 AM

Hello,

I have a problem with one of our Cisco IDSM-2's and wondered if anyone on this forum can help me.

We have the IDSM installed in a C6509 in promiscuous mode and are sending all the necessary vLAN's to the device via a vLAN access map.

The device intermittently reports that it is missing packets (GUI) and this is backed up by the FIFO overrun count.

When I look at the stats it shows that we are pushing 155Mbs @23kpps toward the sensor. This to me seems fine and would suggest no bottle neck.

My thoughts are that the high CPU is down to the processor not being able to analyse each packet quickly enough which is resulting in the interface buffer over loading. The result of this is of course missed packets and FIFO overruns.

So, my next logical step is to look at the policy. Our policy is optimised and only has <20% of the available signatures enabled with a very little amount of filtering. CPU 1 is constantly at 97% and CPU 2 runs at around 50% with an average combined CPU usage of about 70%.

I am a bit stuck with this as I can't figure out where the issue lies. Bandwidth and throughput wise we seem to be fine, and with the policy we are currently running I don't understand why the CPU is being hammered.

Any suggestions/tips greatly appreciated!

Labels:
0 Helpful
1 Reply 1

haivrajesh
Level 1
Level 1

‎02-28-2012 01:03 PM

First check how much traffic IDSM-2 can handle

Rajeswar

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card