Solved: Re: Dispatch Unit - High CPU - Page 3

edward ventura · ‎01-30-2012

Hi All,

I'm trying to do some research on the Dispatch Unit process. It seems High CPU and this process go hand in hand. I haven't figured out an effective way of determining what underlying issue is the actual source. Can someone point me in the right direction to try an understand what the Dispatch Unit process is doing? I have an ASA 5550. I have seen the cpu hover around 85% +- 5% for sustained long periods, 30 - 60 min +. I have always been under the impression that around 80% cpu and you're probably dropping packets (that could be an out-dated belief).

Any help to understand this is much appreciated.

-E

delineator · ‎02-03-2012

After shutting down the second ASA last night after production hours, the first ASA process dropped to below 5% from 90%. WOW! How can I configure the failover so it will not use so many resources on our primary ASA? By the way, this is a active/active failover configuration.

edward ventura · ‎02-02-2012

Jose,

Here's the output of show traffic:

# show traffic

Outside:

received (in 75198.690 secs):

208421961 packets 37346123973 bytes

2029 pkts/sec 496004 bytes/sec

transmitted (in 75198.690 secs):

222072538 packets 205751735542 bytes

2039 pkts/sec 2736050 bytes/sec

1 minute input rate 3322 pkts/sec, 553709 bytes/sec

1 minute output rate 3548 pkts/sec, 3005054 bytes/sec

1 minute drop rate, 54 pkts/sec

5 minute input rate 3302 pkts/sec, 636971 bytes/sec

5 minute output rate 3349 pkts/sec, 2696042 bytes/sec

5 minute drop rate, 51 pkts/sec

_10.128.0.0/22:

received (in 75198.700 secs):

253751434 packets 156867639032 bytes

3031 pkts/sec 2086041 bytes/sec

transmitted (in 75198.700 secs):

265343188 packets 168304694868 bytes

3014 pkts/sec 2238018 bytes/sec

1 minute input rate 3916 pkts/sec, 2196797 bytes/sec

1 minute output rate 4152 pkts/sec, 2878909 bytes/sec

1 minute drop rate, 24 pkts/sec

5 minute input rate 3754 pkts/sec, 1926199 bytes/sec

5 minute output rate 4102 pkts/sec, 2861616 bytes/sec

5 minute drop rate, 20 pkts/sec

_10.128.8.0/22:

received (in 75200.640 secs):

1642689962 packets 498513402820 bytes

21044 pkts/sec 6629054 bytes/sec

transmitted (in 75200.640 secs):

1572945227 packets 361262655364 bytes

20002 pkts/sec 4803012 bytes/sec

1 minute input rate 28113 pkts/sec, 8903301 bytes/sec

1 minute output rate 26733 pkts/sec, 5808062 bytes/sec

1 minute drop rate, 16 pkts/sec

5 minute input rate 29663 pkts/sec, 9177910 bytes/sec

5 minute output rate 28354 pkts/sec, 6555386 bytes/sec

5 minute drop rate, 16 pkts/sec

_10.128.16.0/22:

received (in 75200.660 secs):

1319780654 packets 275137499721 bytes

17036 pkts/sec 3658025 bytes/sec

transmitted (in 75200.660 secs):

1327965762 packets 278510087425 bytes

17030 pkts/sec 3703045 bytes/sec

1 minute input rate 21974 pkts/sec, 4380562 bytes/sec

1 minute output rate 22365 pkts/sec, 5002410 bytes/sec

1 minute drop rate, 7 pkts/sec

5 minute input rate 23479 pkts/sec, 4984938 bytes/sec

5 minute output rate 23855 pkts/sec, 5312337 bytes/sec

5 minute drop rate, 7 pkts/sec

_10.128.24.0/22:

received (in 75203.440 secs):

11594726 packets 1408824361 bytes

39 pkts/sec 18048 bytes/sec

transmitted (in 75203.440 secs):

6481479 packets 5896153923 bytes

29 pkts/sec 78002 bytes/sec

1 minute input rate 131 pkts/sec, 7866 bytes/sec

1 minute output rate 76 pkts/sec, 93358 bytes/sec

1 minute drop rate, 42 pkts/sec

5 minute input rate 195 pkts/sec, 24999 bytes/sec

5 minute output rate 133 pkts/sec, 94997 bytes/sec

5 minute drop rate, 42 pkts/sec

_10.128.32.0/22:

received (in 75203.450 secs):

92815175 packets 26235059135 bytes

1005 pkts/sec 348054 bytes/sec

transmitted (in 75203.450 secs):

89803120 packets 20612026075 bytes

1022 pkts/sec 274026 bytes/sec

1 minute input rate 520 pkts/sec, 162533 bytes/sec

1 minute output rate 478 pkts/sec, 89568 bytes/sec

1 minute drop rate, 14 pkts/sec

5 minute input rate 663 pkts/sec, 250859 bytes/sec

5 minute output rate 587 pkts/sec, 113413 bytes/sec

5 minute drop rate, 14 pkts/sec

_10.128.40.0/22:

received (in 75203.870 secs):

80316956 packets 23201250355 bytes

1010 pkts/sec 308054 bytes/sec

transmitted (in 75203.870 secs):

77343096 packets 13738098832 bytes

1028 pkts/sec 182049 bytes/sec

1 minute input rate 376 pkts/sec, 62748 bytes/sec

1 minute output rate 381 pkts/sec, 61449 bytes/sec

1 minute drop rate, 5 pkts/sec

5 minute input rate 373 pkts/sec, 62327 bytes/sec

5 minute output rate 383 pkts/sec, 62409 bytes/sec

5 minute drop rate, 5 pkts/sec

_10.128.48.0/22:

received (in 75203.880 secs):

844561 packets 65150815 bytes

11 pkts/sec 9 bytes/sec

transmitted (in 75203.880 secs):

580216 packets 213830752 bytes

7 pkts/sec 2043 bytes/sec

1 minute input rate 8 pkts/sec, 506 bytes/sec

1 minute output rate 4 pkts/sec, 336 bytes/sec

1 minute drop rate, 5 pkts/sec

5 minute input rate 13 pkts/sec, 1254 bytes/sec

5 minute output rate 10 pkts/sec, 5263 bytes/sec

5 minute drop rate, 5 pkts/sec

_10.128.56.0/22:

received (in 75204.260 secs):

5840632 packets 806587116 bytes

20 pkts/sec 10039 bytes/sec

transmitted (in 75204.260 secs):

4914756 packets 2795547551 bytes

8 pkts/sec 37001 bytes/sec

1 minute input rate 69 pkts/sec, 9491 bytes/sec

1 minute output rate 48 pkts/sec, 14357 bytes/sec

1 minute drop rate, 12 pkts/sec

5 minute input rate 63 pkts/sec, 8624 bytes/sec

5 minute output rate 44 pkts/sec, 12250 bytes/sec

5 minute drop rate, 12 pkts/sec

_10.128.64.0/22:

received (in 75204.260 secs):

2185810 packets 320219661 bytes

29 pkts/sec 4029 bytes/sec

transmitted (in 75204.260 secs):

1823817 packets 1037118395 bytes

24 pkts/sec 13048 bytes/sec

1 minute input rate 41 pkts/sec, 7173 bytes/sec

1 minute output rate 36 pkts/sec, 17012 bytes/sec

1 minute drop rate, 7 pkts/sec

5 minute input rate 38 pkts/sec, 7202 bytes/sec

5 minute output rate 33 pkts/sec, 16085 bytes/sec

5 minute drop rate, 7 pkts/sec

_10.128.72.0/22:

received (in 75204.640 secs):

177402493 packets 116856273193 bytes

2016 pkts/sec 1553044 bytes/sec

transmitted (in 75204.640 secs):

197227038 packets 70383945234 bytes

2051 pkts/sec 935042 bytes/sec

1 minute input rate 2981 pkts/sec, 1889127 bytes/sec

1 minute output rate 3282 pkts/sec, 1150724 bytes/sec

1 minute drop rate, 1 pkts/sec

5 minute input rate 3138 pkts/sec, 2032268 bytes/sec

5 minute output rate 3433 pkts/sec, 1221316 bytes/sec

5 minute drop rate, 1 pkts/sec

_10.128.128.0/22:

received (in 75204.650 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75204.650 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

_10.128.136.0/22:

received (in 75205.130 secs):

53627165 packets 7014820460 bytes

27 pkts/sec 93047 bytes/sec

transmitted (in 75205.130 secs):

72758537 packets 26011371282 bytes

53 pkts/sec 345015 bytes/sec

1 minute input rate 843 pkts/sec, 124047 bytes/sec

1 minute output rate 1096 pkts/sec, 373609 bytes/sec

1 minute drop rate, 14 pkts/sec

5 minute input rate 860 pkts/sec, 122931 bytes/sec

5 minute output rate 1139 pkts/sec, 389460 bytes/sec

5 minute drop rate, 14 pkts/sec

_10.128.144.0/22:

received (in 75205.130 secs):

11151104 packets 9034746371 bytes

34 pkts/sec 120020 bytes/sec

transmitted (in 75205.130 secs):

10570043 packets 5107144743 bytes

26 pkts/sec 67052 bytes/sec

1 minute input rate 108 pkts/sec, 81740 bytes/sec

1 minute output rate 87 pkts/sec, 25425 bytes/sec

1 minute drop rate, 6 pkts/sec

5 minute input rate 85 pkts/sec, 57718 bytes/sec

5 minute output rate 71 pkts/sec, 20822 bytes/sec

5 minute drop rate, 6 pkts/sec

_10.128.152.0/22:

received (in 75205.740 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75205.740 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

_10.128.160.0/22:

received (in 75206.450 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75206.450 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

_10.128.168.0/22:

received (in 75206.460 secs):

546653 packets 101448382 bytes

7 pkts/sec 1006 bytes/sec

transmitted (in 75206.460 secs):

452861 packets 121512503 bytes

6 pkts/sec 1044 bytes/sec

1 minute input rate 8 pkts/sec, 1775 bytes/sec

1 minute output rate 7 pkts/sec, 2220 bytes/sec

1 minute drop rate, 2 pkts/sec

5 minute input rate 6 pkts/sec, 1119 bytes/sec

5 minute output rate 5 pkts/sec, 1422 bytes/sec

5 minute drop rate, 2 pkts/sec

_10.128.176.0/22:

received (in 75207.280 secs):

1654399 packets 104226916 bytes

21 pkts/sec 1043 bytes/sec

transmitted (in 75207.280 secs):

5 packets 140 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 22 pkts/sec, 1387 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 22 pkts/sec

5 minute input rate 21 pkts/sec, 1385 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 21 pkts/sec

_10.128.184.0-22:

received (in 75207.290 secs):

9451429037 packets 963167754265 bytes

125043 pkts/sec 12806040 bytes/sec

transmitted (in 75207.290 secs):

9449637158 packets 964365936576 bytes

125019 pkts/sec 12822029 bytes/sec

1 minute input rate 142944 pkts/sec, 14968100 bytes/sec

1 minute output rate 142929 pkts/sec, 15001761 bytes/sec

1 minute drop rate, 22 pkts/sec

5 minute input rate 142935 pkts/sec, 16263929 bytes/sec

5 minute output rate 142946 pkts/sec, 16369497 bytes/sec

5 minute drop rate, 22 pkts/sec

_10.128.254.0/24:

received (in 75208.310 secs):

5 packets 210 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75208.310 secs):

5 packets 140 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

_10.128.4.0/24:

received (in 75208.310 secs):

301765 packets 20868161 bytes

4 pkts/sec 49 bytes/sec

transmitted (in 75208.310 secs):

184444 packets 61681415 bytes

2 pkts/sec 20 bytes/sec

1 minute input rate 3 pkts/sec, 185 bytes/sec

1 minute output rate 1 pkts/sec, 101 bytes/sec

1 minute drop rate, 2 pkts/sec

5 minute input rate 5 pkts/sec, 523 bytes/sec

5 minute output rate 4 pkts/sec, 2280 bytes/sec

5 minute drop rate, 2 pkts/sec

_10.128.12.0/24:

received (in 75210.220 secs):

22745947 packets 3639962309 bytes

16 pkts/sec 48054 bytes/sec

transmitted (in 75210.220 secs):

22903577 packets 5248957258 bytes

18 pkts/sec 69048 bytes/sec

1 minute input rate 15 pkts/sec, 1053 bytes/sec

1 minute output rate 8 pkts/sec, 604 bytes/sec

1 minute drop rate, 6 pkts/sec

5 minute input rate 17 pkts/sec, 1344 bytes/sec

5 minute output rate 11 pkts/sec, 2017 bytes/sec

5 minute drop rate, 6 pkts/sec

_10.128.20.0/24:

received (in 75210.240 secs):

114444 packets 8931404 bytes

1 pkts/sec 4 bytes/sec

transmitted (in 75210.240 secs):

39356 packets 21604411 bytes

0 pkts/sec 1 bytes/sec

1 minute input rate 1 pkts/sec, 75 bytes/sec

1 minute output rate 0 pkts/sec, 26 bytes/sec

1 minute drop rate, 1 pkts/sec

5 minute input rate 1 pkts/sec, 76 bytes/sec

5 minute output rate 0 pkts/sec, 27 bytes/sec

5 minute drop rate, 1 pkts/sec

management:

received (in 75211.170 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75211.170 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

Failover:

received (in 75211.170 secs):

122235 packets 9462594 bytes

1 pkts/sec 11 bytes/sec

transmitted (in 75211.170 secs):

104695462 packets 122719152012 bytes

1049 pkts/sec 1631033 bytes/sec

1 minute input rate 1 pkts/sec, 132 bytes/sec

1 minute output rate 1878 pkts/sec, 2209723 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 1 pkts/sec, 125 bytes/sec

5 minute output rate 1864 pkts/sec, 2191041 bytes/sec

5 minute drop rate, 0 pkts/sec

----------------------------------------

Aggregated Traffic on Physical Interface

----------------------------------------

GigabitEthernet0/0:

received (in 75213.390 secs):

208545871 packets 41317080799 bytes

2030 pkts/sec 549045 bytes/sec

transmitted (in 75213.390 secs):

222124681 packets 209881403010 bytes

2039 pkts/sec 2790022 bytes/sec

1 minute input rate 3323 pkts/sec, 617355 bytes/sec

1 minute output rate 3548 pkts/sec, 3070853 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 3303 pkts/sec, 700108 bytes/sec

5 minute output rate 3349 pkts/sec, 2758109 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet0/1:

received (in 75215.180 secs):

13130672114 packets 2374554306559 bytes

174003 pkts/sec 31570033 bytes/sec

transmitted (in 75215.180 secs):

13102757674 packets 2214951524662 bytes

174032 pkts/sec 29448026 bytes/sec

1 minute input rate 202068 pkts/sec, 37244150 bytes/sec

1 minute output rate 201678 pkts/sec, 34955424 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 205320 pkts/sec, 39446332 bytes/sec

5 minute output rate 205116 pkts/sec, 37554821 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet0/2:

received (in 75215.190 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75215.190 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet0/3:

received (in 75216.150 secs):

122244 packets 11700024 bytes

1 pkts/sec 41 bytes/sec

transmitted (in 75216.150 secs):

104705012 packets 124615107776 bytes

1049 pkts/sec 1656017 bytes/sec

1 minute input rate 1 pkts/sec, 169 bytes/sec

1 minute output rate 1878 pkts/sec, 2243149 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 1 pkts/sec, 154 bytes/sec

5 minute output rate 1864 pkts/sec, 2224601 bytes/sec

5 minute drop rate, 0 pkts/sec

Internal-Data0/0:

received (in 75216.160 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75216.160 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

Management0/0:

received (in 75216.970 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75216.970 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet1/0:

received (in 75216.970 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75216.970 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet1/1:

received (in 75217.600 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75217.600 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet1/2:

received (in 75217.600 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75217.600 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

GigabitEthernet1/3:

received (in 75218.330 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75218.330 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

Internal-Data1/0:

received (in 75218.830 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

transmitted (in 75218.830 secs):

0 packets 0 bytes

0 pkts/sec 0 bytes/sec

1 minute input rate 0 pkts/sec, 0 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 0 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

----------------------------------------

Per Slot Throughput Profile (1 minute)

----------------------------------------

Packets-per-second profile:

Slot 0: 412496 100%|**************************************************

Slot 1: 0 0%|

Bytes-per-second profile:

Slot 0: 78131100 100%|**************************************************

Slot 1: 0 0%|

Julio Carvajal · ‎02-02-2012

Hello Edward,

Its Julio no Jose.

It is not oversubscribed, can you prodide the following:

show interface | i errors

show conn count

show resource usage

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

edward ventura · ‎02-02-2012

Julio,

Sorry about that. Not sure why I wrote Jose.

# show interface | i errors

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 0 interface resets

271529 input errors, 0 CRC, 0 frame, 271529 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 2 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 2 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 1 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 0 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 0 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 0 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 0 interface resets

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 output errors, 0 collisions, 0 interface resets

# show conn count

115639 in use, 139617 most used

# show resource usage

Resource Current Peak Limit Denied Context

SSH 1 5 5 0 System

Syslogs [rate] 11891 101524 N/A 0 System

Conns 114891 139617 650000 0 System

Xlates 534 2033 N/A 0 System

Hosts 12642 15480 N/A 0 System

Conns [rate] 1477 12858 N/A 0 System

Inspects [rate] 76 753 N/A 0 System

# show cpu

CPU utilization for 5 seconds = 62%; 1 minute: 63%; 5 minutes: 67%

First time I've used show resource usage. I like.

-E

Julio Carvajal · ‎02-02-2012

Hello,

Glad you like the command, As we can see there are a lot of connections, next thing would be to check if there is a host consuming a lot of connections (zombie or a PC with a virus)

I am quite sure you are going to like this command:

sh local | in host|count/limit

This will tell us the amount of connections per host, if you see one with a high number of connectios go inmediatly to that PC turn it off and check the CPU on the ASA,

Regards,

Do rate all the helpful posts!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

edward ventura · ‎02-03-2012

Julio,

I'm trying to understand what is considered too many connections and how those connections impact the ASA. I'm assuming to a degree resources are consumed to maintain a state table of all the connections but wouldn't think that would reflect in CPU usage.

Also, the 'sh local | i host|count/limit' is awesome! Is there by any chance a way to sort by highest count. I have over a thousand to sort through. I was hoping I could do it via cli but if not I can get creative with notepad++.

Thanks again for your help!

-Eddie

edward ventura · ‎02-03-2012

Julio,

Would you consider this suspicious?

local host: ,

TCP flow count/limit = 47/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 18121/unlimited

Julio Carvajal · ‎02-03-2012

Hello,

Yeap, look at the amount of UDP sessions!!! 18121 that is way tooooooooooo much!

regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

edward ventura · ‎02-03-2012

Julio,

The only issue is that the cpu usage and high connections don't match up. The cpu was at 46%. My cpu just spiked to 91%.

same host

local host: ,

TCP flow count/limit = 53/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 7670/unlimited

0x081d8531 0x1bdc1528 89.7% 88.9% 84.5% Dispatch Unit

This is troubling

Julio Carvajal · ‎02-03-2012

Can you remove that host from your network then do a

clear conn address ,

And then check the cpu

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

jyothydas · ‎02-02-2012

Can you also tell the total memory of your asa?

edward ventura · ‎02-02-2012

Free memory: 3358598679 bytes (78%)

Used memory: 936368616 bytes (22%)

------------- ------------------

Total memory: 4294967295 bytes (100%)

Zeusrandeep · ‎02-05-2012

Hello Edward,

Thank you very much for the post.

I also had a same experience in ASA 5520, it shows a cpu utilization of 95% where 90% is due to dispatch unit.

After checking with ASA and Edge router(cache-flow) we found that it's due to mass traffic generated from a host inside our network.

As soon as we moved the host from our network, suddenly everything starts working fine .

Thanks

Randeep.A.R

Julio Carvajal · ‎02-05-2012

Correct, That is what it seems to be happening here as well:

local host: ,

TCP flow count/limit = 53/unlimited

TCP embryonic count to host = 0

TCP intercept watermark = unlimited

UDP flow count/limit = 7670/unlimited

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Maykol Rojas · ‎02-06-2012

Hello,

Would you be able to provide the show conn of the ASA? Based on the first service policy that you guys put (the inspection should have not been removed) ICMP has a huge amount of packets. I need to take a look at some details on that specific output and then I will ask you to take some packet captures.

Let me know.

Mike