cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1468
Views
0
Helpful
4
Replies
Nikhil5
Beginner

Cisco ASA5555-X Threat Defense high CPU usage

Hi,

We noticed 'high CPU usage on the ASA 5555-X series firepower device. We checked the configuration and logs and there are no symptoms of CPU usages. Could someone please advise?

 

Model : Cisco ASA5555-X Threat Defense (75) Version 6.6.1 (Build 91)

Cisco Adaptive Security Appliance Software Version 9.14(1)150
SSP Operating System Version 2.8(1.129)

 

============================================================

Break down of per-core data path versus control point cpu usage:
Core 5 sec 1 min 5 min
Core 0 98.2 (98.2 + 0.0) 98.1 (98.1 + 0.0) 96.8 (96.7 + 0.0)
Core 1 98.4 (98.4 + 0.0) 98.3 (98.2 + 0.0) 96.9 (96.8 + 0.0)

Current control point elapsed versus the maximum control point elapsed for:
5 seconds = 0.0%; 1 minute: 0.4%; 5 minutes: 1.6%


CPU utilization of external processes for:
5 seconds = 0.0%; 1 minute: 0.0%; 5 minutes: 0.0%


Total CPU utilization for:
5 seconds = 98.4%; 1 minute: 98.4%; 5 minutes: 97.0%

 

====================================================================

top - 08:23:28 up 4 days, 4:06, 1 user, load average: 5.20, 4.97, 4.83
Tasks: 178 total, 3 running, 175 sleeping, 0 stopped, 0 zombie
%Cpu(s): 51.1 us, 5.0 sy, 0.2 ni, 43.5 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st
KiB Mem : 16425648 total, 4092236 free, 8258020 used, 4075392 buff/cache
KiB Swap: 5654332 total, 5056104 free, 598228 used. 7591664 avail Mem

PID     USER   PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5394 root 0 -20 2767100 607100 138972 S 200.0 3.7 12021:10 lina
21201 root 1 -19 2753520 912584 35612 R 54.5 5.6 1219:32 snort
21203 root 1 -19 2746812 898528 34900 S 53.5 5.5 1241:15 snort
21204 root 1 -19 2747728 895500 35068 S 49.8 5.5 1207:23 snort
21205 root 1 -19 2748224 889096 34788 S 45.8 5.4 1210:43 snort
21202 root 1 -19 2749924 915188 34844 S 44.5 5.6 1220:48 snort
5312 root 25 5 532292 6432 4532 S 13.6 0.0 652:25.30 loggerd
5335 root 20 0 833196 3460 2780 S 5.3 0.0 88:02.55 sfhassd

1 ACCEPTED SOLUTION

Accepted Solutions
Nikhil5
Beginner

SSL Policy was configured along with the Access policy (as a sub policy) which reduces overall throughput to half i.e. 600 gig causing cpu spike.

View solution in original post

4 REPLIES 4
balaji.bandi
VIP Master

check below thread may help you :  ( what kind of traffic this box handling ?)

 

https://community.cisco.com/t5/network-security/firepower-cpu-high/td-p/2965789

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Thank you for your response.

The given thread is not much helpful. We noticed from the "top" command, "Lina" process is consuming a '200%' CPU.

This box is handling mainly layer 4 traffic, there are no VPN clients, no URL filtering/SSL decryption, etc.  Only custom IPS policy is configured. Any suggestions, please?

Nikhil5
Beginner

Thank you for your response.

The given thread is not much helpful. We noticed from the "top" command, "Lina" process is consuming a '200%' CPU.

This box is handling mainly layer 4 traffic, there are no VPN clients, no URL filtering/SSL decryption, etc.  Only custom IPS policy is configured. Any suggestions, please?

 

Nikhil5
Beginner

SSL Policy was configured along with the Access policy (as a sub policy) which reduces overall throughput to half i.e. 600 gig causing cpu spike.

View solution in original post