ASA CPU and MEM usage percentages
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2013 01:49 AM - edited 03-11-2019 06:51 PM
Hi Everyone.
I am looking for Cisco Recommended values for opperational enviroments of ASA's. Example CPU 0-30% Low , 31-60% Meduim and 60-100% High.
When is it considered low meduim or high usage on ASA's? As I can custom create a document. but would like to know what Cisco Themselfs recommend?
Kind Regards
Daniel
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2013 04:44 AM
I am not Cisco but this is my experience.
CPU
0-20% - low
20-50% - medium
50-90% - high
90+% - means you are in trouble
Memory is completely different. The tool I use for monitoring my systems suggests the amount of memory used rarely changes. Each device model uses a different amount of memory. Excluding any memory leaks, the memory used statistic doesn't change.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2013 04:57 AM
Hi,
I would have to say that the environment I manage the typical CPU usage is around 0-40%.
I would also have to say that 0-10% is the more typical range where the ASA CPU usage usually is.
All this ofcourse depends on the device model used.
Ours are all the way from 5505 to 5585-X SSP20
For example on a virtualized ASA5585-X one context has currently 80k active connections through it and its CPU usage is at 5%
Some firewall used in hospital and school environments are at about 5-20% with few thousand active connections. ASA models used might be ASA5540.
I would have to agree with the values you have mentioned. I would say anything between 0-30% in our environments is pretty normal. Anything around 50% or more I would already consider unusual.
With regards to the ASA memory usage, I for example have the VERY basic model ASA5505 with no additional licensing at home. Its constantly using around 85% of the memory (running 8.4(5)) but it works just fine. Though as this is a home environment I am not concerned.
However if it were a production environment at a customer we would probably be looking at hardware replacement or memory upgrade. Most of the time it would mean completely replacing the hardware.
I would imagine the new ASA models have a lot more resources and dont really suffer from any of these problems.
Still waiting for my first ASA5500-X model for testing
- Jouni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2013 06:23 AM
Thanks for the feedback peeps. Currently i am working on a 5585X SSP60 Yes it is awesome. But yeah was wondering if there is any official Cisco documentation on device parameters.
Thanks Again for the imput it helps alot.
