08-30-2017 12:27 PM - edited 02-21-2020 06:15 AM
Hi,
We recently encountered an issue with one of our clients with their ASA 5555-X appliance is experiencing high CPU utiliization. We're encounting as high as 90%
Per investigation of TAC, the biggest process that is eating away CPU resources is DATAPATH. We have already troubleshooted possible reasons for CPU utilization but to no avail. Even the usual suspects such as SSH, SNMP connections were checked and it is normal.
However, the appliance is currently using Firepower 6.0.0.1, currently set-up as monitor-only mode as they are still finetuning the policies before fully implementing it. Upon removal of redirection of traffic to SFR module, CPU utilization went down drastically, now just hovering at 40-50%.
Now, my question would be this:
1. Why is the monitor-only option for SFR traffic redirection causes the High CPU utilization? At what part of ASA (or Firepower) is causing the high CPU utilization?
2. Documentation-wise, I have not seen any bug or issue regarding to this. Anyone has encountered my same issue or concern?
3. What alternatives or best practices that we can do to monitor the traffic so that we can properly test the policies set in Firepower Module?
Thanks!
-Christopher Q
08-30-2017 06:55 PM
08-31-2017 12:15 AM
I agree with Philip. I wouldn't spend time troubleshooting 6.0.0.1.
Move to Firepower 6.2.0.x and ASA 9.6.3 (or its latest interim update) and test from there.
08-31-2017 07:38 AM
I'm already quite traumatized (sorry for the lack of word) of 6.2.0.x codebase for now. Will await for the advise of my colleagues if 6.2.0 codebase is stable enough for our daily driver.
We're going to go on the latest train version (6.0.1.3) as advised.
For the CPU utilization, it's really questionable why it almost double the CPU utilization whenever monitor_only option is enabled. Any thoughts?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide