I've dealt with the same

Andy White · ‎12-29-2014

Hello,

we have 2 ASA 5520s (active/standby) which have a throughput of 450mbps and we have been hitting this recently and the CPU goes through the roof and I see overruns too.

I've been using this method to gather the stats, but it is too manual and I need this automated so I can show the bosses we may need to upgrade our ASAs the the x range...

-clear the traffic

-after a minutes take the outputs of "show traffic".

-add the received bytes/sec output and the transmitted bytes/sec output for each interface.

-divide that aggregated value by 1024 (to convert it into Kbps) and then divide the result again by 1024 (to convert it into Mbps) and then multiply by 8 to have the result in bit/sec.

-the results will be for the both ways sent and receive for this particular interface.

Any tool (SNMP) that may do this calculation for me so I can get a trend going?

Thanks

nspasov · ‎12-29-2014

Hello Andy-

There are many paid tools that would do this for you nicely. In my previous company I have used Orion/SolarWinds and were able to track and resolve exactly the same issue (Throughput issue with ASA 5520) 🙂

If you don't have the budget for a paid solution you can check out Cacti (for Unix savvy users) and CaciEZ (for non-savvy Unix users). CactiEZ is not perfect but it is very easy to setup and it is free 🙂

http://cactiez.cactiusers.org/

Hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!

Andy White · ‎12-30-2014

Hi,

We've actually got Solarwinds Orion NPM, but out of the box I can't see this information, did you have to run a mib walk and pull the info out?

Thanks

will · ‎01-02-2015

SW's actually has a way to show aggregate BW running across the total box. Kind of a weird metric and I cannot remember how to get it, but I think its default if you drill down enough under network | vitals, etc.

Andy White · ‎01-07-2015

Hi, was that via web site or one of the tools sa I can' find it.

Cisco did say use:

1.3.6.1.2.1.2.2.1.10

Object===fInOctets

OID====1.3.6.1.2.1.2.2.1.10

Type====Counter32

Permission ===read-only

Status====current

Description ==="The total number of octets received on the interface,

including framing characters.Discontinuities in the value of this counter can occur at

re-initialization of the management system, and at othertimes as indicated by the value of

ifCounterDiscontinuityTime."

And

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.2.1.2.2.1.16&translate=Translate&submitValue=SUBMIT&submitClicked=true

1.3.6.1.2.1.2.2.1.16

Object===ifOutOctets

OID ===1.3.6.1.2.1.2.2.1.16

Type ===Counter32

Permission ===read-only

Status===current

MIB ===IF-MIB

Description=== "The total number of octets transmitted out of the

interface, including framing characters.Discontinuities in the value of this counter can occur at

re-initialization of the management system, and at other times as indicated by the value of

ifCounterDiscontinuityTime."

When I run a MIB walk it returns all the physical interfaces and virtual ones and does show the interface names so I can't work out which is which.

nspasov · ‎01-05-2015

Sorry for the delayed reply Andy. It has been a while and I could not recall exactly what I had to do so I was digging through my old e-mails to see if I had an old e-mail that contained a weekly/monthly report by SWs that showed the total throughput. Unfortunately, I was not able to find one.

So I went ahead and installed the demo/free PRTG to it and was unable to get the total throughput 😕 I was able to get data for the "Internal-Data" based interfaces that looked promising but after further research it appears that those are used for other functions and are not related to the total throughput.

Perhaps someone else here can provide some additional recommendations/solutions.

Thank you for rating helpful posts!

Andy White · ‎12-30-2014

Tried a mib walk but getting the add the received bytes/sec output and the transmitted bytes/sec output for each physical interface is hard as there are thousands of values that have come back.

will · ‎01-02-2015

here's and idea that may work: open up ASDM, go to "Monitoring". Go to Interfaces | interfaces graphs.

now here is the trick:

1. click on LAN interface | bit rate

2. click on DMZ interface | bit rate

3. click on WAN interface | bit rate

Should be able to get simultaneous bit rate graphs for up to 4 interfaces at a time. Screen shot that sucker and send it over to mgmt. 🙂

internodetech · ‎01-06-2015

I've dealt with the same issues on the 5520 and 5550 series. IME, you'll always get overruns before you hit the marketing throughput numbers.

Cacti and MRTG are good tools, but they only provide 5 minute sampling rates so you miss a lot of the peak bursts in traffic. PRTG is better for this type of monitoring because it'll do 1 minute sampling and you can export the graphs to management. http://www.paessler.com/prtg . The freeware is good for 30 sensors. I recommend graphing in/out traffic, CPU, PPS, and input errors for each interface. Overruns get reported as input errors in the SNMP MIB.

Even better is SPAN'ing the switchport where the overrrun interface is connected. Collect the packets with Wireshark and analyze which host/or protocol is causing the overruns. The capture can't be done on the ASA itself because it's getting dropped before a capture can even be done. It has to be done on the switch before it gets to the ASA.

ASA 5520 throughput