Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

FWSM high cpu utilization

Hello,

We are experiencing some high cpu utlilization in our FWSM blade and i would like your opinion if this is normal. Sometimes the CPU touches 90% utilization.

FWSM/act# sh ver

FWSM Firewall Version 4.0(7)

Device Manager Version 6.2(3)F

Compiled on Tue 08-Sep-09 20:48 by fwsmbld

FWSM up 59 days 17 hours

failover cluster up 59 days 17 hours

Hardware:   WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz

Flash STI Flash 8.0.0 @ 0xc321, 20MB

0: Int: GigabitEthernet0    : address is 0021.d80c.e300, irq 5

1: Int: GigabitEthernet1    : address is 0021.d80c.e300, irq 7

2: Int: EOBC0               : address is 0000.1100.0000, irq 11

Licensed features for this platform:

Maximum Interfaces          : 256

Inside Hosts                : Unlimited

Failover                    : Active/Active

VPN-DES                     : Enabled

VPN-3DES-AES                : Enabled

Cut-through Proxy           : Enabled

Guards                      : Enabled

URL Filtering               : Enabled

Security Contexts           : 2

GTP/GPRS                    : Disabled

BGP Stub                    : Disabled

Service Acceleration        : Disabled

VPN Peers                   : Unlimited

Serial Number:

FWSM/act#

FWSM/act# sh cpu usage

CPU utilization for 5 seconds = 34%; 1 minute: 39%; 5 minutes: 40%

HC-6500-FWSM/act# show processes cpu-hog

    MAXHOG             NUMHOG             LASTHOG             Process

--------------     ---------------     ---------------       ---------

       120                  7                110              fast_fixup

       200                  1                200              fover_rep

       200                  6                190              ssh

       160                  7                150              ssh

       160                  2                160              accept/http

       200                  1                200              qos_metric_daemon

FWSM/act# sh conn count

9137 in use, 41843 most used

FWSM/act# sh processes memory | e 0

------------------------------------------------------------

Allocs   Allocated       Frees         Freed         Process

          (bytes)                      (bytes)

------------------------------------------------------------

59715    5185868         83348         6187656       accept/http

29       174224          6             264           fover_thread

2        14              1             2             sqlnet

967      192942          967           192942        aaa

4        4297            1             13            ScpIncomingThread

6        5372            6             24972         Session Manager

6        44162           4             16648         route_process

9        396             9             396           fover_FSM_thread

26       17725           1             1281          ci/console

1336     88358           32            133184        websns_keepalive

4        8412            2             88            fover_ip

3252     26528           971           258742        tacplus_snd

8        352             8             352           fover_rx

8        352             8             352           lu_rx

On the MSFC:

WAN#sh module

Mod Ports Card Type                              Model             

--- ----- -------------------------------------- ------------------

  1    6  Firewall Module                        WS-SVC-FWM-1

  2    6  Firewall Module                        WS-SVC-FWM-1

  5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  1  001f.ca08.74c2 to 001f.ca08.74c9   4.3   7.2(1)       4.0(7)       Ok

  2  001f.6c88.6232 to 001f.6c88.6239   4.2   7.2(1)       4.0(7)       Ok

  5  0017.9444.d3bc to 0017.9444.d3bf   5.4   8.4(2)       12.2(33)SXI9 Ok

Mod  Sub-Module                  Model              Hw     Status

---- --------------------------- ------------------ ------- -------

  3  Centralized Forwarding Card WS-F6700-CFC       4.1    Ok

  5  Policy Feature Card 3       WS-F6K-PFC3B       2.3    Ok

  5  MSFC3 Daughterboard         WS-SUP720          3.0    Ok

WAN#sh ver

Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Fri 24-Feb-12 21:38 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)

WAN uptime is 8 weeks, 3 days, 17 hours, 32 minutes

Uptime for this control processor is 8 weeks, 3 days, 17 hours, 27 minutes

Time since GB-LON-HC-01-WAN switched to active is 8 weeks, 3 days, 17 hours, 26 minutes

System returned to ROM by reload (SP by reload)

System restarted at 19:40:39 BST Thu Aug 8 2013

System image file is "sup-bootdisk:s72033-advipservicesk9_wan-mz.122-33.SXI9.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory.

Processor board ID

SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

Last reset from s/w reset

6 Virtual Ethernet interfaces

120 Gigabit Ethernet interfaces

4 Ten Gigabit Ethernet interfaces

1917K bytes of non-volatile configuration memory.

8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

Any ideas?

TIA,

Nicos Nicolaides       

TIA, Nicos Nicolaides
337
Views
0
Helpful
0
Replies
CreatePlease to create content