cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2523
Views
0
Helpful
4
Replies

Cisco ASA5555-X Threat Defense high CPU usage

Nikhil5
Level 1
Level 1

Hi,

We noticed 'high CPU usage on the ASA 5555-X series firepower device. We checked the configuration and logs and there are no symptoms of CPU usages. Could someone please advise?

 

Model : Cisco ASA5555-X Threat Defense (75) Version 6.6.1 (Build 91)

Cisco Adaptive Security Appliance Software Version 9.14(1)150
SSP Operating System Version 2.8(1.129)

 

============================================================

Break down of per-core data path versus control point cpu usage:
Core 5 sec 1 min 5 min
Core 0 98.2 (98.2 + 0.0) 98.1 (98.1 + 0.0) 96.8 (96.7 + 0.0)
Core 1 98.4 (98.4 + 0.0) 98.3 (98.2 + 0.0) 96.9 (96.8 + 0.0)

Current control point elapsed versus the maximum control point elapsed for:
5 seconds = 0.0%; 1 minute: 0.4%; 5 minutes: 1.6%


CPU utilization of external processes for:
5 seconds = 0.0%; 1 minute: 0.0%; 5 minutes: 0.0%


Total CPU utilization for:
5 seconds = 98.4%; 1 minute: 98.4%; 5 minutes: 97.0%

 

====================================================================

top - 08:23:28 up 4 days, 4:06, 1 user, load average: 5.20, 4.97, 4.83
Tasks: 178 total, 3 running, 175 sleeping, 0 stopped, 0 zombie
%Cpu(s): 51.1 us, 5.0 sy, 0.2 ni, 43.5 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st
KiB Mem : 16425648 total, 4092236 free, 8258020 used, 4075392 buff/cache
KiB Swap: 5654332 total, 5056104 free, 598228 used. 7591664 avail Mem

PID     USER   PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5394 root 0 -20 2767100 607100 138972 S 200.0 3.7 12021:10 lina
21201 root 1 -19 2753520 912584 35612 R 54.5 5.6 1219:32 snort
21203 root 1 -19 2746812 898528 34900 S 53.5 5.5 1241:15 snort
21204 root 1 -19 2747728 895500 35068 S 49.8 5.5 1207:23 snort
21205 root 1 -19 2748224 889096 34788 S 45.8 5.4 1210:43 snort
21202 root 1 -19 2749924 915188 34844 S 44.5 5.6 1220:48 snort
5312 root 25 5 532292 6432 4532 S 13.6 0.0 652:25.30 loggerd
5335 root 20 0 833196 3460 2780 S 5.3 0.0 88:02.55 sfhassd

1 Accepted Solution

Accepted Solutions

Nikhil5
Level 1
Level 1

SSL Policy was configured along with the Access policy (as a sub policy) which reduces overall throughput to half i.e. 600 gig causing cpu spike.

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

check below thread may help you :  ( what kind of traffic this box handling ?)

 

https://community.cisco.com/t5/network-security/firepower-cpu-high/td-p/2965789

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you for your response.

The given thread is not much helpful. We noticed from the "top" command, "Lina" process is consuming a '200%' CPU.

This box is handling mainly layer 4 traffic, there are no VPN clients, no URL filtering/SSL decryption, etc.  Only custom IPS policy is configured. Any suggestions, please?

Nikhil5
Level 1
Level 1

Thank you for your response.

The given thread is not much helpful. We noticed from the "top" command, "Lina" process is consuming a '200%' CPU.

This box is handling mainly layer 4 traffic, there are no VPN clients, no URL filtering/SSL decryption, etc.  Only custom IPS policy is configured. Any suggestions, please?

 

Nikhil5
Level 1
Level 1

SSL Policy was configured along with the Access policy (as a sub policy) which reduces overall throughput to half i.e. 600 gig causing cpu spike.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: