06-23-2021 02:38 AM
Hi,
We noticed 'high CPU usage on the ASA 5555-X series firepower device. We checked the configuration and logs and there are no symptoms of CPU usages. Could someone please advise?
Model : Cisco ASA5555-X Threat Defense (75) Version 6.6.1 (Build 91)
Cisco Adaptive Security Appliance Software Version 9.14(1)150
SSP Operating System Version 2.8(1.129)
============================================================
Break down of per-core data path versus control point cpu usage:
Core 5 sec 1 min 5 min
Core 0 98.2 (98.2 + 0.0) 98.1 (98.1 + 0.0) 96.8 (96.7 + 0.0)
Core 1 98.4 (98.4 + 0.0) 98.3 (98.2 + 0.0) 96.9 (96.8 + 0.0)
Current control point elapsed versus the maximum control point elapsed for:
5 seconds = 0.0%; 1 minute: 0.4%; 5 minutes: 1.6%
CPU utilization of external processes for:
5 seconds = 0.0%; 1 minute: 0.0%; 5 minutes: 0.0%
Total CPU utilization for:
5 seconds = 98.4%; 1 minute: 98.4%; 5 minutes: 97.0%
====================================================================
top - 08:23:28 up 4 days, 4:06, 1 user, load average: 5.20, 4.97, 4.83
Tasks: 178 total, 3 running, 175 sleeping, 0 stopped, 0 zombie
%Cpu(s): 51.1 us, 5.0 sy, 0.2 ni, 43.5 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st
KiB Mem : 16425648 total, 4092236 free, 8258020 used, 4075392 buff/cache
KiB Swap: 5654332 total, 5056104 free, 598228 used. 7591664 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5394 root 0 -20 2767100 607100 138972 S 200.0 3.7 12021:10 lina
21201 root 1 -19 2753520 912584 35612 R 54.5 5.6 1219:32 snort
21203 root 1 -19 2746812 898528 34900 S 53.5 5.5 1241:15 snort
21204 root 1 -19 2747728 895500 35068 S 49.8 5.5 1207:23 snort
21205 root 1 -19 2748224 889096 34788 S 45.8 5.4 1210:43 snort
21202 root 1 -19 2749924 915188 34844 S 44.5 5.6 1220:48 snort
5312 root 25 5 532292 6432 4532 S 13.6 0.0 652:25.30 loggerd
5335 root 20 0 833196 3460 2780 S 5.3 0.0 88:02.55 sfhassd
Solved! Go to Solution.
07-07-2021 09:11 AM
SSL Policy was configured along with the Access policy (as a sub policy) which reduces overall throughput to half i.e. 600 gig causing cpu spike.
06-23-2021 03:03 AM
check below thread may help you : ( what kind of traffic this box handling ?)
https://community.cisco.com/t5/network-security/firepower-cpu-high/td-p/2965789
06-23-2021 03:52 AM
Thank you for your response.
The given thread is not much helpful. We noticed from the "top" command, "Lina" process is consuming a '200%' CPU.
This box is handling mainly layer 4 traffic, there are no VPN clients, no URL filtering/SSL decryption, etc. Only custom IPS policy is configured. Any suggestions, please?
06-23-2021 03:26 AM
Thank you for your response.
The given thread is not much helpful. We noticed from the "top" command, "Lina" process is consuming a '200%' CPU.
This box is handling mainly layer 4 traffic, there are no VPN clients, no URL filtering/SSL decryption, etc. Only custom IPS policy is configured. Any suggestions, please?
07-07-2021 09:11 AM
SSL Policy was configured along with the Access policy (as a sub policy) which reduces overall throughput to half i.e. 600 gig causing cpu spike.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: