Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
14102
Views
10
Helpful
7
Replies

ASA 5506 9.6(1) high CPU usage 100% (99.6% DATAPATH-0-1723)

BiolodjiSou
Level 1
Level 1

ā€Ž04-16-2017 05:35 AM - edited ā€Ž03-12-2019 02:13 AM

Hello team 

i have deployed new Firewall 5506 9.6(1) in my network , the traffic Up/Down is not so high (less 100Mb/s) , but just few hours after migration traffic to this new firewall , i noticed high CPU usage :

show cpu usage

CPU utilization for 5 seconds = 100%; 1 minute: 100%; 5 minutes: 100%

show processes cpu-usage sorted non-zero 

PC Thread 5Sec 1Min 5Min Process
- - 99.5% 99.6% 99.6% DATAPATH-0-1723
0x00007f01e4dedfbb 0x00007f01cafd2680 0.2% 0.1% 0.1% ssh
0x00007f01e4e2e7be 0x00007f01cb0cc4e0 0.1% 0.1% 0.1% Logger
0x00007f01e398c0f2 0x00007f01cb0bd940 0.1% 0.1% 0.1% CP Processing

Please can someone support in this issue ? (even ASDM access is too slow and sometimes doesnt work )

4 people had this problem
Labels:
0 Helpful
7 Replies 7

Akhil.Balachandran
Level 1
Level 1

ā€Ž04-17-2017 07:46 AM

Hi BiolodjiSou

The issue should be traffic related. Is high CPU noticed at a particular time of the day or is it constantly at 100% ?  what is the traffic profile like?

What is the connection count on this ASA ? Run the command "show conn count ".  How many interfaces are passing traffic ?

Regards

Akhil

0 Helpful

romarroca1234
Level 1
Level 1
In response to Akhil.Balachandran

ā€Ž06-23-2017 01:17 AM

Hi,

Was this solved already? I also have this issue and from the bug search it says to disable threat detection by :

no threat-detection basic-threat
no threat-detection statistics

after entering this command my CPU-USAGE gradually drops to almost 5% usage to 10% but out of nowhere the threat-detection commands keep enabling by themselves without user interaction and clogs again the cpu-usage upto 86%.

Im also using 5506-X version 9.6.1 with ASA firepower services running version 6.1.0

Please Help,

regards,

Romar

zch1
Level 1
Level 1
In response to romarroca1234

ā€Ž08-02-2019 06:38 AM

2 years later, but I ran into a similar problem running version 9.8(2).  Disabling threat-detection only solved the problem temporarily.  I upgraded to 9.9(2) and it has been stable averaging 15% for about 24 hours so far, with a peak of 25% during peak business hours.   HTH for anyone else who may be still dealing with this.

Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž04-17-2017 07:45 PM

If you are using the FirePOWER service module, 100 Mbps is right around the maximum expected throughput for a 5506-X.

0 Helpful

BiolodjiSou
Level 1
Level 1
In response to Marvin Rhoads

ā€Ž04-18-2017 02:19 AM

hi marvin , yes i am using FirePower but still my traffic less than 30Mb. my issue was resolved after rebooting the firewall but still i am not getting what was the issue exactly ! since tow days , CPU usage looks normal
0 Helpful

nanjidjamts
Level 1
Level 1

ā€Ž01-01-2023 08:33 PM

no threat-detection basic-threat
no threat-detection statistics

Not solved after entering this command

 

0 Helpful

Marius Gunnerud
VIP
VIP

ā€Ž01-03-2023 01:48 AM

How many access rules do you have configured?  I have seen a similar issue with FTD1010 where the issue was related to the number of access rules configured.  Keep in mind that you need to use show access-list command and not show running-config as object groups that contain several subnets or IPs are expanded when the ASA is looking for a match.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card