Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2047
Views
0
Helpful
3
Replies

ASA Dispatch unit high CPU

Gurjit Singh Sra
Level 1
Level 1

‎08-09-2014 09:35 AM - edited ‎03-11-2019 09:36 PM

Hi,

On ASA 5510 8.2.5(50)

We are contantly gettin high cpu usage for Dispatch unit process for last 10 hours. The Dispatch unit is taking approx 40% usage constantly.

We checked teh following:

1. The interfaces.

    No error counts, overruns, underruns reported.

2. show perform

    All connections below normal/avg. values

3.show conn and xlate

   Approx 1100 and 112

4. show traffic

    shows very less  drop counts ( max is 3 pkts/sec) on some interfaces not all.

    Traffic usage is very less . Approx 4Mbps from all interfaces cumulatively.

5. Checked inspections.

  No drops in global service policy [ only global is there]

------------------------------------------------------------------

# sh cpu usage 
CPU utilization for 5 seconds = 39%; 1 minute: 39%; 5 minutes: 39%

sh processes cpu-usage sorted 
PC         Thread       5Sec     1Min     5Min   Process
081aadc4   a79aff7c    35.7%    37.5%    42.5%   Dispatch Unit
0853f89e   a79a0b68     0.4%     0.2%     0.2%   ARP Thread

# sh conn count 
1138 in use, 8777 most used

# sh xlate count 
112 in use, 265 most used

# sh interface e0/0 | inc overrun
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
# sh interface e0/1 | inc overrun
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 

# show perfmon detail 

PERFMON STATS:                     Current      Average
Xlates                                0/s          0/s
Connections                          23/s         32/s
TCP Conns                            20/s         28/s
UDP Conns                             0/s          1/s
URL Access                            0/s          0/s
URL Server Req                        0/s          0/s
TCP Fixup                             0/s          0/s
TCP Intercept Established Conns       0/s          0/s
TCP Intercept Attempts                0/s          0/s
TCP Embryonic Conns Timeout           0/s          1/s
HTTP Fixup                            0/s          0/s
FTP Fixup                             0/s          0/s
AAA Authen                            0/s          0/s
AAA Author                            0/s          0/s
AAA Account                           0/s          0/s

VALID CONNS RATE in TCP INTERCEPT:    Current      Average
                                       N/A         85.00%

SETUP RATES:
Connections for 1 minute = 23/s; 5 minutes = 32/s
TCP Conns for 1 minute = 18/s; 5 minutes = 27/s
UDP Conns for 1 minute = 1/s; 5 minutes = 2/s

Regards,
Gurjit Singh
Network Engineer
Spooster IT Services.

Labels:
0 Helpful
3 Replies 3

nkarthikeyan
Level 7
Level 7

‎08-10-2014 05:12 AM

Hi,

 

Do you see any logs for the specific error getting flooded to syslog?

Do you see anything on the show asp drop output?

Do you see any tcp-intercept error?

 

Regards

Karthik

0 Helpful

Gurjit Singh Sra
Level 1
Level 1
In response to nkarthikeyan

‎08-12-2014 03:42 AM

Hi,

 

Unfortunately clients syslog server is not fully operational yet.

There are asp drops related to ACL and  and non tcp-intercept errors.

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to Gurjit Singh Sra

‎08-12-2014 07:31 AM

Hi,

 

Do you see enormous number of blocks for acl? if so can you clear the asp drops and see if cpu utilization comes down?

 

clear asp drop and see

 

Regards

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card