cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1055
Views
0
Helpful
2
Replies

IDSM-2 inspection load high

shibi.ravindran
Level 1
Level 1

We have an IDSM-2 installed in our core switch and we are facing problem now, The module is hanging randomly and we can not login through session or GUI at that time. The version running is 7.0(4) E4 and we need to restart the module to recover the same. After the reload we have found that the Inspection load is touching 100 % continuosly , It is working in promiscous mode and only two vlans (server vlans behing FWSM) are monitoring. One of the Vlan is having more number of  servers when I removed the same Vlan  from the capture the inspection load comes back to normal ... Did some one face this problem before ? Is it really a through put issue ?? How can I confirm that ? Or is it due to any bug?

2 Replies 2

Dustin Ralich
Cisco Employee
Cisco Employee

Check the 'show interface' command output (on the sensor itself), specifically the Total Receive Errors, Total Receive FIFO Overruns,  and Missed Packet Percentage counters for its sensing interfaces. If those counters are non-zero (0) values and/or incrementing _and_ the Inspection Load (aka "Processing Load Percentage") metric is high, then the sensor is oversubscribed.

The IDSM-2 sensor module's absolute maximum inspection throughput rate (in Promiscuous Mode) is 600 Mbps total (combined for both sensing interfaces). If the two VLANs you are monitoring are populated mostly with GigabitEthernet-connected servers, then there is an elevated potential for sensor oversubscription. You may need to monitor traffic entering/leaving the VLAN(s) instead of attempting to monitor all traffic in both VLANs, etc.

Hello Dustin,

Thanks for the reply, I have checked the interface status aqd found that FIFO overuns in the sensing interface 0/7 but it is not increasing. Also found that inspection load normal at this point of time, I think when it reaches 100 % it will increase the FIFO counters. Below are the interface status..

IDSM2_Secondary# sh interfaces | in Missed

   Missed Packet Percentage = 0

   Missed Packet Percentage = 0

   Missed Packet Percentage = 0

IDSM2_Secondary# sh interfaces | in Errors

   Total Receive Errors = 0

   Total Transmit Errors = 0

   Total Receive Errors = 1

   Total Transmit Errors = 0

   Total Receive Errors = 0

   Total Transmit Errors = 0

IDSM2_Secondary# sh interfaces | in FIFO

   Total Receive FIFO Overruns = 0

   Total Transmit FIFO Overruns = 0

   Total Receive FIFO Overruns = 11828560

   Total Transmit FIFO Overruns = 0

   Total Receive FIFO Overruns = 3

   Total Transmit FIFO Overruns = 0

IDSM2_Secondary# sh interfaces | in FIFO

   Total Receive FIFO Overruns = 0

   Total Transmit FIFO Overruns = 0

   Total Receive FIFO Overruns = 11828560

   Total Transmit FIFO Overruns = 0

   Total Receive FIFO Overruns = 3

   Total Transmit FIFO Overruns = 0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: