08-09-2014 09:35 AM - edited 03-11-2019 09:36 PM
Hi,
On ASA 5510 8.2.5(50)
We are contantly gettin high cpu usage for Dispatch unit process for last 10 hours. The Dispatch unit is taking approx 40% usage constantly.
We checked teh following:
1. The interfaces.
No error counts, overruns, underruns reported.
2. show perform
All connections below normal/avg. values
3.show conn and xlate
Approx 1100 and 112
4. show traffic
shows very less drop counts ( max is 3 pkts/sec) on some interfaces not all.
Traffic usage is very less . Approx 4Mbps from all interfaces cumulatively.
5. Checked inspections.
No drops in global service policy [ only global is there]
------------------------------------------------------------------
# sh cpu usage
CPU utilization for 5 seconds = 39%; 1 minute: 39%; 5 minutes: 39%
sh processes cpu-usage sorted
PC Thread 5Sec 1Min 5Min Process
081aadc4 a79aff7c 35.7% 37.5% 42.5% Dispatch Unit
0853f89e a79a0b68 0.4% 0.2% 0.2% ARP Thread
# sh conn count
1138 in use, 8777 most used
# sh xlate count
112 in use, 265 most used
# sh interface e0/0 | inc overrun
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
# sh interface e0/1 | inc overrun
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
# show perfmon detail
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 23/s 32/s
TCP Conns 20/s 28/s
UDP Conns 0/s 1/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept Established Conns 0/s 0/s
TCP Intercept Attempts 0/s 0/s
TCP Embryonic Conns Timeout 0/s 1/s
HTTP Fixup 0/s 0/s
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s
VALID CONNS RATE in TCP INTERCEPT: Current Average
N/A 85.00%
SETUP RATES:
Connections for 1 minute = 23/s; 5 minutes = 32/s
TCP Conns for 1 minute = 18/s; 5 minutes = 27/s
UDP Conns for 1 minute = 1/s; 5 minutes = 2/s
Regards,
Gurjit Singh
Network Engineer
Spooster IT Services.
08-10-2014 05:12 AM
Hi,
Do you see any logs for the specific error getting flooded to syslog?
Do you see anything on the show asp drop output?
Do you see any tcp-intercept error?
Regards
Karthik
08-12-2014 03:42 AM
Hi,
Unfortunately clients syslog server is not fully operational yet.
There are asp drops related to ACL and and non tcp-intercept errors.
08-12-2014 07:31 AM
Hi,
Do you see enormous number of blocks for acl? if so can you clear the asp drops and see if cpu utilization comes down?
clear asp drop and see
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide