Solved: ASA Show Blocks

doylepaul · ‎10-06-2015

Hi, I have been researching a little about ASA memory because of what I could see below. The fourth row down suggests a high count of over four thousand million! I thought the max would be 5684? I started looking here because my Free Memory was at 4% (below). Not sure how long it has been like this to be honest?

Any ideas or input greatly welcome :-)

I see exactly the same value in the High column for a size value of 256 across several contexts but not all contexts?

------------------ show blocks ------------------

SIZE MAX LOW CNT INUSE HIGH
0 1450 1430 1450 0 0
4 100 99 99 0 0
80 1000 934 1000 0 13
256 5684 4981 5679 4 429496729
1550 6289 5695 6260 26 54
2048 7100 6651 7100 0 0
2560 164 163 164 0 0
4096 100 99 100 0 0
8192 100 100 100 0 0
9344 100 100 100 0 0
16384 102 102 102 0 0

------------------ show interface ------------------

------------------ show memory ------------------

Free memory: 185907632 bytes ( 4%)
Used memory: 4109059664 bytes (96%)
------------- ------------------
Total memory: 4294967296 bytes (100%)

Many thanks again.

Maykol Rojas · ‎10-06-2015

Hello;

This is a good place to look in case there are performance issue, most problems related to high memory utilization (90% of the times) do not have to do with memory blocks.

When you see the memory this high, it can be due to a couple of factors:

1-Device oversubscription

2-Memory issue due to a process not freeing memory (possibly a bug)

The fact that you see block 256 this high can be normal if you have intensive logging and/or failover with HTTP replication.

From this point forward you can do the following:

Check if http replication is enable (disable it)

Check the configuration for threat detection (it would be best if it has its defaults)

Check the amount of ACLs configured (try rebooting the device, if after the reboot the memory continues hight), you can check the amount of entries by doing "show access-list | inc elements"

Last, if none of them show the issue, contact Cisco TAC with the output of "show memory detail".

If you have any questions, let me know.

Mike.

Mike

View solution in original post

Maykol Rojas · ‎10-06-2015

Hello;

This is a good place to look in case there are performance issue, most problems related to high memory utilization (90% of the times) do not have to do with memory blocks.

When you see the memory this high, it can be due to a couple of factors:

1-Device oversubscription

2-Memory issue due to a process not freeing memory (possibly a bug)

The fact that you see block 256 this high can be normal if you have intensive logging and/or failover with HTTP replication.

From this point forward you can do the following:

Check if http replication is enable (disable it)

Check the configuration for threat detection (it would be best if it has its defaults)

Check the amount of ACLs configured (try rebooting the device, if after the reboot the memory continues hight), you can check the amount of entries by doing "show access-list | inc elements"

Last, if none of them show the issue, contact Cisco TAC with the output of "show memory detail".

If you have any questions, let me know.

Mike.

Mike

doylepaul · ‎10-06-2015

Thanks Mike I really appreciate your response!

I promise this is the last question ;-) But I also noticed (below) that only one of the RX rings and one of the TX rings appears to be being used! I would have thought that the ASA would load balance the RX and TX rings, unless of course one specific device is sending a massive amount of data? Does this sound right?

I am not on site now so can't investigate any further but will check out your suggestions when I return to site.

Many thanks again :-)

Interface Internal-Data0/1 "", is up, line protocol is up

Hardware is ivshmem rev03, BW 1000 Mbps, DLY 10 usec

(Auto-duplex), (1000 Mbps)

Input flow control is unsupported, output flow control is unsupported

MAC address 0000.0001.0002, MTU not set

IP address unassigned

548911 packets input, 42815058 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 pause input, 0 resume input

0 L2 decode drops

548911 packets output, 42815058 bytes, 0 underruns

0 pause output, 0 resume output

0 output errors, 0 collisions, 0 interface resets

0 late collisions, 0 deferred

0 output decode drops

0 input reset drops, 0 output reset drops

Queue Stats:

RX[00]: 548911 packets, 42815058 bytes, 0 overrun

Blocks free curr/low: 2687/2677

RX[01]: 0 packets, 0 bytes, 0 overrun

Blocks free curr/low: 2687/2687

RX[02]: 0 packets, 0 bytes, 0 overrun

Blocks free curr/low: 2687/2687

TX[00]: 548911 packets, 42815058 bytes, 0 underruns

Blocks free curr/low: 2687/2545

TX[01]: 0 packets, 0 bytes, 0 underruns

Blocks free curr/low: 2687/2687

TX[02]: 0 packets, 0 bytes, 0 underruns

Blocks free curr/low: 2687/2687

Control Point Interface States:

Interface number is 11

Interface config status is active

Interface state is active

Maykol Rojas · ‎10-06-2015

Excellent question.

Is this an ASA 5550?

Mike.

Mike

doylepaul · ‎10-07-2015

Hi Mike, haha yes its a 5525 with 4Gb of ram! How did you know that?