Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1377
Views
0
Helpful
3
Replies

ASA SFR Redirection in monitor-only mode causes high CPU utilization

c_quijano
Level 1
Level 1

‎08-30-2017 12:27 PM - edited ‎02-21-2020 06:15 AM

Hi,

 

We recently encountered an issue with one of our clients with their ASA 5555-X appliance is experiencing high CPU utiliization. We're encounting as high as 90%

 

Per investigation of TAC, the biggest process that is eating away CPU resources is DATAPATH. We have already troubleshooted possible reasons for CPU utilization but to no avail. Even the usual suspects such as SSH, SNMP connections were checked and it is normal.

 

However, the appliance is currently using Firepower 6.0.0.1, currently set-up as monitor-only mode as they are still finetuning the policies before fully implementing it. Upon removal of redirection of traffic to SFR module, CPU utilization went down drastically, now just hovering at 40-50%.

 

Now, my question would be this:

1. Why is the monitor-only option for SFR traffic redirection causes the High CPU utilization? At what part of ASA (or Firepower) is causing the high CPU utilization?

2. Documentation-wise, I have not seen any bug or issue regarding to this. Anyone has encountered my same issue or concern?

3. What alternatives or best practices that we can do to monitor the traffic so that we can properly test the policies set in Firepower Module?

 

Thanks!

 

-Christopher Q

 

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎08-30-2017 06:55 PM

I don't think I would use that version. That is very early on in the 6.x code series. We have been using 6.2.0.1-59 without issue.
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-31-2017 12:15 AM

I agree with Philip. I wouldn't spend time troubleshooting 6.0.0.1.

 

Move to Firepower 6.2.0.x and ASA 9.6.3 (or its latest interim update) and test from there.

0 Helpful

c_quijano
Level 1
Level 1
In response to Marvin Rhoads

‎08-31-2017 07:38 AM

I'm already quite traumatized (sorry for the lack of word) of 6.2.0.x codebase for now. Will await for the advise of my colleagues if 6.2.0 codebase is stable enough for our daily driver.

 

We're going to go on the latest train version (6.0.1.3) as advised.

 

For the CPU utilization, it's really questionable why it almost double the CPU utilization whenever monitor_only option is enabled. Any thoughts?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card