1) The linux kernel will consume most of the available memory for caching large files. The eventStore where alarms are placed is 4 Gig file. Once the evenStore starts filling up with alarms, the kernel will keep as large a portion of the file as it can in memory cache and consume up most of the available RAM. This is in and of itself is not a problem, and so seeing even 98% usage of available memory does not in and of itself suggest a problem.
2) However, because most of the RAM is being consumed by a cached file, the next time the sensor needs a large amount of memory (like during a signature update or reconfiguration) there is a small possibility that sensorApp will be pushed into using swap memory or worse yet not have enough memory available to complete the reconfiguration. We have seen this at very few customer sites, but are working on the issue.
3) Additionally there are a few known special cases that can cause major problems in sensorApp. We are working on these issues and will be delivering the fixes in a service pack.
In the meantime:
If your only symptom is large percentage of memory used (seen when executing "show version")then you are probably just seeing the cache of eventStore in memory and most likely have nothing to worry about.
BUT if you are seeing other symptoms like a sensor that stops sending alarms then please contact the TAC.
The TAC is working with these customers to load early versions of our planned fixes. This way we can verify that we have addressed all of the outstanding customer issues before sending out the service pack.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...