01-25-2007 09:30 AM - edited 03-11-2019 02:24 AM
Hi,
First a bit of history
A few months ago we upgraded our PIX 515 from version 6.3(5) to version 7.2.1. we then suffered the consequences with a very heavily utilised CPU and packet loss.. the thing was idling around 50% cpu..
Anyway we have just recently replaced out PIX failover pair with a pair of ASA 5540 running version 7.2(2). Initially the replacement went fine and things seem to work ok. However we now seem to have the same problem we had before???!!! I would say total firewall throughput across all 12 physical and logical interfaces is less than 100Mbps , xlates and connections are low and all interfaces are good..
The ASA's initially seemed to be good and idle along most of the time at around 5% cpu however we have started so noticed a few issues with some of our VOIP (this goes inside a dmvpn tunnel that passes through the PIX)... so I enabled prioriry queues on the ASA
Looking into the VOIP problems it seems that the ASA CPU seems to spike at around 99% for maybe a second (long enough for voip) and then drops..... not sure why this is happening... the ASA 5540 are supposed to be able to handle 650Mbps...???
Could this be some sort of bug? If I show CPU hog on the ASA we get the following?
Process: Dispatch Unit, NUMHOG: 1406, MAXHOG: 9084, LASTHOG: 1010
LASTHOG At: 17:12:59 UTC Jan 25 2007
PC: 89cd5d
Traceback: 2f16b3 2f0f4d 2f4b81 2ed253 74bbd7 7411ce c3a905
c3ae4f c3b334 740fab 74bf38 74e086 62b970 21906a
I know that this unit is more than capable of handling this.. our old 515E was... can anyone shed any light on this?
Thanks
Matt
02-01-2007 07:15 AM
It looks like a bug, I suggest you rio change the encryption type. If you are AES -128, changed to 3DES encryption for the VPN traffic.
02-01-2007 07:28 AM
Hi,
I got to the bottom of this, it seemed to be related to esmtp fixup. I turned this off and cpu hog went away... Looking in the logs fixup was not liking some of our mail...
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide