Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1192
Views
0
Helpful
1
Replies

Discarded Packet Message on ASA 5505

iglablues
Level 1
Level 1

‎10-05-2012 09:32 AM - edited ‎03-11-2019 05:05 PM

Hi-

We're monitoring an ASA 5505 active/standby failover pair using Logicmonitor, which uses snmp to pull metrics. On and off for the last few days I've been getting alerts about a high number of discarded packets on the inside and outside interfaces as well as Inthernal-Data0/1. In addition I've gotten an error message that the "largest contiguous memory for memory pool system memory for 1.1.1.1 is now 4.61% of that pool". I've been reading links like http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#memory, and https://supportforums.cisco.com/docs/DOC-12439, but I find myself with more questions than answers because I'm gathering a lot of info but don't know what to do with it.

I have also seen our ASA jump up to 90% CPU utilization for a long time (almost a day) and show proc mem shows high numbers (although I can't seem to sort it). Our graph in Logicmonitor shows less than 100M of free memory. When I did show processes cpu-usage and show processes cpu-hog it did show that the Dispatch_Unit was using the most amount of memory. So, off the cuff it seems to me that the ASA is running low on memory, which is also causing the CPU to spike, which is in turn causing packets to be dropped. I don't have any conclusive hard facts to support this other than a lot of large numbers that don't look right to me. For example output from show proc mem shows me that the Dispatch_Unit looks like this:

68938125 20938890314     68849600      25291353753     Dispatch Unit

That looks like a lot, and it's higher than other numbers except for maybe the snmp process, but again, just guessing.

1. I could tell my boss we need more RAM, but I'd love to have more conclusive evidence so that I can be fairly sure that that would actually resolve the issue. If it's a traffic issue for example, then more RAM will just stave off the problem and it will come back right?

2. Is the memory likely what's really causing the cpu utilization spikes or is that a different wormhole?

3. is there anything I can do to decrease the memory load on the ASA? Would someone be willing to take a look at some output from my device and weigh in? I didn't configure it so I'm open.

4. What is the Internal-Data0/1 interface? I've been able to track down the generic info that it's a backplane, but that doesn't tell me what I can do to resolve its packet-dropping issues. If it's a backplane and I have drops on both the inside and outside interfaces, does that mean the backplane will drop packets by association?

I've attached a text doc with some of the output from the various commands I've run.

Thanks!

Labels:
136332-ASA Information.zip
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-07-2012 01:19 AM

Dispatch Unit is the process responsible for packets moving between interfaces (simplification).

I would say monitor your "show block" output and check if you're not reaching CNT of "0" on any of the pools and also "show interfaces" for overruns and errors

Most likely there is some spike of traffic, whethere it's packets or frames that's something you can find out by sniffing on the switch's port connected to ASA.

If you want a fine grained answer, there's quite a bit of different information that needs to be taken/analysed - better open up a TAC case.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card