06-12-2019 09:16 AM - edited 06-12-2019 10:42 AM
Hello can anyone provide there assistance in guiding me as to what I can do to resolve this issue if you have experienced this issue in your career. I'm at a complete lost. I would be grateful. I try to fail over to the second same issue took place. failed back over still the same high cpu spike.
my logs are displaying please review attachment
# sh cpu detailed
Break down of per-core data path versus control point cpu usage:
Core 5 sec 1 min 5 min
Core 0 99.0 (0.0 + 99.0) 98.8 (0.0 + 98.8) 99.1 (0.0 + 99.1)
Current control point elapsed versus the maximum control point elapsed for:
5 seconds = 99.0%; 1 minute: 99.8%; 5 minutes: 100.0%
CPU utilization of external processes for:
5 seconds = 0.2%; 1 minute: 0.0%; 5 minutes: 0.0%
Total CPU utilization for:
5 seconds = 99.2%; 1 minute: 98.9%; 5 minutes: 99.1%
------------------------------------------------------------
# sh processes cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
0x0915f0f1 0x6edcb07c 52.7% 52.7% 53.2% Logger
0x082a445c 0x6edd4ee4 42.3% 41.2% 41.3% Dispatch Unit
0x090451e4 0x6edbeb8c 3.8% 3.7% 3.7% SNMP Notify Thread
0x0911079d 0x6edbcfb8 0.2% 0.1% 0.1% ssh
0x087cb14e 0x6edc00f4 0.1% 0.1% 0.1% ARP Thread
0x091b4cd9 0x6edbba50 0.0% 0.1% 0.0% snmp
0x098da690 0x6edcce74 0.0% 0.1% 0.0% Checkheaps
----------------------------------------------------------
# sh asp drop
Frame drop:
Invalid encapsulation (invalid-encap) 6125
Invalid TCP Length (invalid-tcp-hdr-length) 19
No valid adjacency (no-adjacency) 1
No route to host (no-route) 8432
Flow is denied by configured rule (acl-drop) 566916559
First TCP packet not SYN (tcp-not-syn) 3624
TCP failed 3 way handshake (tcp-3whs-failed) 26012
TCP RST/FIN out of order (tcp-rstfin-ooo) 26153
TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 43
TCP SYNACK on established conn (tcp-synack-ooo) 23
TCP packet SEQ past window (tcp-seq-past-win) 1517
TCP Out-of-Order packet buffer full (tcp-buffer-full) 339663
TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 47233
TCP RST/SYN in window (tcp-rst-syn-in-win) 42
TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue) 16653
TCP packet failed PAWS test (tcp-paws-fail) 11
Slowpath security checks failed (sp-security-failed) 959
Expired flow (flow-expired) 20
ICMP Inspect bad icmp code (inspect-icmp-bad-code) 136
DNS Inspect id not matched (inspect-dns-id-not-matched) 3280
IPS Module requested drop (ips-request) 23
FP L2 rule drop (l2_acl) 271555
Interface is down (interface-down) 382
Dropped pending packets in a closed socket (np-socket-closed) 106
Connection to PAT address without pre-existing xlate (nat-no-xlate-to-pat-pool) 34142
Received a multicast packet in the non-active device (mcast-in-nonactive-device) 167
Last clearing: Never
Flow drop:
Flow terminated by IPS (ips-request) 2
Inspection failure (inspect-fail) 336
SSL handshake failed (ssl-handshake-failed) 1
Last clearing: Never
--------------------------------------
# sh int gig0/0
Interface GigabitEthernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 0018.199e.170b, MTU 1500
IP address 199.x.x.202, subnet mask 255.255.255.248
598178974 packets input, 118399863686 bytes, 0 no buffer
Received 2185 broadcasts, 0 runts, 0 giants
1474192 input errors, 0 CRC, 0 frame, 1474192 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
591417100 packets output, 82812234733 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 2 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (234/168)
Traffic Statistics for "outside":
598178890 packets input, 107605901731 bytes
591417100 packets output, 72125301733 bytes
567431045 packets dropped
1 minute input rate 7972 pkts/sec, 1151620 bytes/sec
1 minute output rate 7983 pkts/sec, 995376 bytes/sec
1 minute drop rate, 7763 pkts/sec
5 minute input rate 8092 pkts/sec, 1263597 bytes/sec
5 minute output rate 8101 pkts/sec, 1003485 bytes/sec
5 minute drop rate, 7801 pkts/sec
06-12-2019 10:57 AM
06-12-2019 11:30 AM - edited 06-12-2019 11:32 AM
Hello RJI,
Thanks for reaching out I did perform "clear asp drop" here is the output after the clear asp drop:
Frame drop:
Invalid encapsulation (invalid-encap) 4
No route to host (no-route) 2
Flow is denied by configured rule (acl-drop) 189268
First TCP packet not SYN (tcp-not-syn) 3
TCP failed 3 way handshake (tcp-3whs-failed) 3
TCP RST/FIN out of order (tcp-rstfin-ooo) 11
TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 1
TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue) 70
Slowpath security checks failed (sp-security-failed) 1
FP L2 rule drop (l2_acl) 95
Connection to PAT address without pre-existing xlate (nat-no-xlate-to-pat-pool) 23
Last clearing: 14:26:28 EDT Jun 12 2019 by enable_15
Flow drop:
Last clearing: 14:26:28 EDT Jun 12 2019 by enable_15
------------------------------------------------
# sh run logging
logging enable
logging standby
logging trap informational
logging history informational
logging asdm informational
logging queue 4096
logging host management 172.x.x.253
logging host outside 172.x.x.50
no logging message 110003
---------------------------
# sh capture asp-drop
0 packet captured
0 packet shown
06-12-2019 12:19 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide