Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1529
Views
1
Helpful
7
Replies

ASA on Firepower 2140 - High CPU usage

NetworkNinjaAC
Level 1
Level 1

‎10-12-2023 09:02 AM - edited ‎11-15-2023 06:59 AM

We are seeing a high CPU usage on our network firewall. Does anyone know what the DataPath process is for?

0 Helpful
7 Replies 7

marce1000
Hall of Fame
Hall of Fame

‎10-12-2023 09:46 AM

 

 - FYI : https://community.cisco.com/t5/network-security/commands-for-troubleshooting-high-cpu/m-p/4573402#M1088424

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi
Hall of Fame
Hall of Fame

‎10-12-2023 09:54 AM

what kind of traffic this FW handling?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

NetworkNinjaAC
Level 1
Level 1
In response to balaji.bandi

‎10-12-2023 10:05 AM

It sits at the perimeter of the network so all traffic traverses through it.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to NetworkNinjaAC

‎10-13-2023 01:12 AM

what kind of traffic this FW handling?   - i mean bandwidth wise, ? post interface output how much utilization.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

NetworkNinjaAC
Level 1
Level 1
In response to balaji.bandi

‎10-13-2023 05:19 AM - edited ‎11-15-2023 07:23 AM

oh ok sorry for misunderstanding, this was this morning with low traffic and cpu at 50%:

 

0 Helpful

tvotna
Spotlight

‎10-13-2023 02:10 AM

Processes CPU usage is not normal, because it is displayed incorrectly in this version due to CSCvt15348. Actually, it is very high in datapath. This can be caused by high pps rate or high drop rate, so you need to collect "clear traffic" / "show traffic" (once, but wait 1 minute after clearing) and "clear asp drop" / "show clock" + "show asp drop" (thrice) (to see how drops increase over time).

You're running out of 1550B and 80B blocks. The former can be attributed to high CPU. The latter is a bug. Do you encrypt failover link with IPsec? Provide "show run failover".

Conn rate, ACL size, number of xlates is small for this platform.

 

 

0 Helpful

MHM Cisco World
VIP
VIP

‎10-13-2023 02:16 AM

Datapath sometimes is big problem. 

Usually Datapath is for VPN (s2s or anyconnect). 

If you can open TAC with cisco it better and fast way to know why these processes utilize your FW CPU. 

0 Helpful
Review Cisco Networking for a $25 gift card
Top