ASA cluster with high bandwidth on Failover link

Chris Bennetts · ‎05-28-2017

I have inherited a 5510 cluster in an Active-Passive cluster.

Occasionally, I see the CPU spikes to 70%+, which is well above what is normal for traffic flow at any time. So far my only clue has been that the Failover ethernet link jumps from 1-1.5Mbps up to ~20-30Mbps (Active sending to Standby). This usually is sustained for many hours.

Firewall config is fairly simple. 3 Ethernet ports active. Outside, Inside, and Failover. Failover is a direct cable, no switch.

Up until now I have not been able to rule out unusual traffic during the event. However the last event happened at 1am this time. So far it has been happening for 12+ hours.

There was no change in Inside<->Outside traffic, which was normal, sitting about 5Mbps so additional traffic would have been easy to see.

There was no change in Connection Count.

There was no change in xlate count.

The only good thing is there is no massive impact on user experience. There is a slight latency increase cost, but that is it.

So far I cannot figure what might be causing this jump.

If anyone has some good ideas I would be very happy to read them.

Thanks!

Marvin Rhoads · ‎05-28-2017

That sounds like behavior that a bug would cause.

What is the ASA software version that the pair is running?

Chris Bennetts · ‎05-28-2017

Running 8.4(7).

I did have a search around for bug's, but didn't find anything matching.

Marvin Rhoads · ‎05-28-2017

I checked as well and didn't see anything - even in the 8.4(7) interim relelase notes:

http://www.cisco.com/web/software/280775065/107031/ASA-847-Interim-Release-Notes.html

If you have support, the TAC can take a look at unpublished bugIDs and perhaps give a more definitive answer.