Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8419
Views
11
Helpful
3
Replies

FMC - device CPU monitoring

Go to solution
plwalsh
Level 1
Level 1

‎09-13-2018 04:11 AM - edited ‎02-21-2020 08:14 AM

I use FMC to monitor a HA pair of 2140s with FTD 6.2.3.3. I sometimes receive alerts for high CPU

e.g.

Health Monitor Alert from XXXX (mgmt ip of 2140 device)

Time: Mon Sep 10 09:23:48 2018 UTC

Severity: critical

Module: CPU Usage

Description: Using CPU27 92.96%

 

yet when I CLI onto the 2140 and issue 'show cpu core' there is no reference to CPU27. Core 0 to Core 15 are listed. So what CPU is FMC monitoring? Are occasional high CPU alerts acceptable/normal?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mikael.lahtela
Level 4
Level 4
In response to plwalsh

‎09-28-2018 02:09 PM - edited ‎09-28-2018 02:28 PM

Hi,

The Cavium chip is used for crypto offloading, L2-L4 fastpath traffic offloading and should be used for TLS offloading in 6.2.3.x, not sure how much it's used yet.
Haven't found a way to look at Cavium usage, but sounds like your event is from the Cavium chip.

br, Micke

View solution in original post

3 Replies 3

Go to solution
mikael.lahtela
Level 4
Level 4

‎09-19-2018 12:06 PM

Hi,

Occasional CPU spikes are nothing to worry about, can be a big file that is downloaded through the 2140.
You could try go into the 2140 cli expert mode, run top and press key 1 to see all cores live.

 

image.png

 

br, Micke

Go to solution
plwalsh
Level 1
Level 1
In response to mikael.lahtela

‎09-20-2018 05:21 AM

Thanks Micke.

 

That is useful to know. I'm still not clear on the hardware the FMC health monitor CPU task is checking on my 2140 devices.

 

The processors of the 2140 are listed here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/2100/hw/guide/b_install_guide_2100/overview.html#concept_djc_gns_1cb

A single x86 with 16 cores - so I guess the status of this may be checked with 'show cpu core' from the 2140 CLI.

A single Cavium with 16 cores - I dont think this does a whole lot in 6.2.3.3 unless one runs VPN.

 

The graph of device CPU in FMC has 32 CPUs and its trend bears no resemblance to the ouput of 'show cpu core'.

 

Can anyone tell me if snort on the 2140 with FTD image runs on dedicated cpu/RAM or does it use the same cpu/RAM as the lina(ASA) element? Can anyone tell me hwo one sees the status of the Cavium from the FTD CLI?

 

Regards,

Piaras

0 Helpful

Go to solution
mikael.lahtela
Level 4
Level 4
In response to plwalsh

‎09-28-2018 02:09 PM - edited ‎09-28-2018 02:28 PM

Hi,

The Cavium chip is used for crypto offloading, L2-L4 fastpath traffic offloading and should be used for TLS offloading in 6.2.3.x, not sure how much it's used yet.
Haven't found a way to look at Cavium usage, but sounds like your event is from the Cavium chip.

br, Micke

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card