https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922396#M458675 <P>My FWSM is having high cpu utilization and only happen in the morning around 8am-9am. From the show process, I can tell the fixup feature is occupying the highest runtime. Question is ... is there any show command to tell which particular fixup feature is using the most?</P> Mon, 11 Mar 2019 22:36:36 GMT ricky.eng 2019-03-11T22:36:36Z https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922396#M458675 <P>My FWSM is having high cpu utilization and only happen in the morning around 8am-9am. From the show process, I can tell the fixup feature is occupying the highest runtime. Question is ... is there any show command to tell which particular fixup feature is using the most?</P> Mon, 11 Mar 2019 22:36:36 GMT https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922396#M458675 ricky.eng 2019-03-11T22:36:36Z https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922397#M458678 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>show perfmon </P><P>show service-policy</P><P>show np 3 stats | i FIX </P></PRE><P>Could be useful (not syntax checked). </P><P></P><P>Due to the way FWSM's hardware architecure is designed typical fixups (ICMP,TCP,UDP) should be done on NP3 and not in CPU. </P><P></P><P>Can I suggest opening a TAC case. TAC will collect:</P><P>- CPU profiler</P><P>- show proc a few times </P><P>(others)</P><P></P><P>And will tell you exectly what's going on. </P></BODY></HTML> Wed, 29 Feb 2012 10:20:38 GMT https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922397#M458678 Marcin Latosiewicz 2012-02-29T10:20:38Z https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922398#M458682 <HTML><HEAD></HEAD><BODY><P>Thanks Marcin,</P><P>I understand the three NP...What I notices is all three NP block threshold are hit and base on Cisco documentation, it said the FWSM is oversubsribed. </P><P></P><P># sh np block</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; MAX&nbsp;&nbsp; FREE&nbsp;&nbsp; THRESH_0&nbsp;&nbsp; THRESH_1&nbsp;&nbsp; THRESH_2</P><P>NP1 (ingress)&nbsp; 32768&nbsp; 32768&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 17&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 899&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 36385</P><P>&nbsp;&nbsp;&nbsp; (egress)&nbsp; 521206 521206&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</P><P>NP2 (ingress)&nbsp; 32768&nbsp; 32768&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 41&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1344&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 41968</P><P>&nbsp;&nbsp;&nbsp; (egress)&nbsp; 521206 521206&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</P><P>NP3 (ingress)&nbsp; 32768&nbsp; 32768&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 99&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5519&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 34275</P><P>&nbsp;&nbsp;&nbsp; (egress)&nbsp; 521206 521206&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0</P><P></P><P>If I go TAC, they probably will conclude the firewall is oversubsribed and require hardware upgrade and increase of capacity. </P><P>So, I am more interested to find out exactly what traffic causing the CPU statistis to go up but limited to know that the top run time is the fixup. </P><P>So, my next step is to find out which interface is the most congested so that I can SPAN the traffic to Sniffer/Ethereal for more detail traffic analysis. However, base on many of the #show traffic output gathered during CPU went high/down, the pkts/s counter didn't really fluactuate according to CPU.</P></BODY></HTML> Thu, 01 Mar 2012 09:15:55 GMT https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922398#M458682 ricky.eng 2012-03-01T09:15:55Z https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922399#M458686 <HTML><HEAD></HEAD><BODY><P>Give the guys in TAC some credit <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Oversubscription might be contributing to your CPU problemem, but ...</P><P> Consider that traffic should not hit the CPU on FWSM unless it's inspected/IPv6 (and several other conditions). </P><P></P><P>From the looks of it, the box is not that oversubscribed ... thr 0 was only reached a few times doublesigits don't indicte a heavy oversubscription. </P><P></P><P>show perfmon </P><P>and </P><P>show service-policy</P><P>is where you should start&nbsp; <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>M.</P></BODY></HTML> Thu, 01 Mar 2012 09:22:05 GMT https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922399#M458686 Marcin Latosiewicz 2012-03-01T09:22:05Z https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922400#M458689 <HTML><HEAD></HEAD><BODY><P>diasble syslog and check once </P></BODY></HTML> Fri, 07 Mar 2014 07:02:02 GMT https://community.cisco.com/t5/network-security/fwsm-hight-cpu-utilization/m-p/1922400#M458689 sumani1984 2014-03-07T07:02:02Z