This is the detailed procedure on how to resolve the PIX High CPU Utilization issue.
Complete these steps:
You can use the show cpu usage command in order to see what load the PIX is under.
Note: The output is a running average. The PIX can have higher spikes of CPU usage that are masked by the average.
Once the PIX reaches 80 percent CPU usage, the latency through the PIX slowly increases until about 90 percent CPU.
When CPU usage is more than 90 percent, PIX starts to drop packets.
If the CPU usage is high, you can check the processes to see what eats up the CPU time. Issue a show processescommand and then use that information to reduce some of the time eaten up by the heavy processes such as logging. You can disable logging on the PIX to decrease the CPU usage.
If the CPU does not run high but packets stil get dropped, check the PIX interface for collisions and issue the show interface command, possibly caused by a duplex mismatch, and check for no buffers. If the no buffer count increments but the CPU usage is not low, then the interface is not able to keep up with the traffic that goes through it.
If the buffers are fine, check the blocks. If the current (CNT) column in the show blocks output is close to 0 on the 1550-byte blocks (16384-byte blocks for 66 MHz Gig cards), then the PIX most likely drops Ethernet packets because it is too busy. In this instance, the CPU also spikes high.
While you experience trouble with the creation of new connections through the PIX, you can check the current count of connections through the PIX with the use of the show conn count command. If the current count is high, check the show memory output to ensure that the PIX does not run out of memory. If memory is low, start to investigate the source of the connections and do a show conn or show local-host command in order to see if the network experiences a denial-of-service attack. This can also mean a virus attack in the network.
Other commands can also be used to measure the amounts of traffic that passes through the PIX. The show traffic command displays the aggregate packets and bytes per interface, and the show perfmon command breaks the traffic down into different types that the PIX inspects.
Another reason for high CPU usage can be due to too many multicast routes. Issue the show mroute command in order to check if PIX/ASA is getting too many multicast routes.