Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1069
Views
0
Helpful
4
Replies

FWSM hight cpu utilization

ricky.eng
Level 1
Level 1

‎02-28-2012 10:59 PM - edited ‎03-11-2019 03:36 PM

My FWSM is having high cpu utilization and only happen in the morning around 8am-9am. From the show process, I can tell the fixup feature is occupying the highest runtime. Question is ... is there any show command to tell which particular fixup feature is using the most?

Labels:
123538-firewall high CPU.zip
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎02-29-2012 02:20 AM 

show perfmon 
show service-policy
show np 3 stats | i FIX

Could be useful (not syntax checked).

Due to the way FWSM's hardware architecure is designed typical fixups (ICMP,TCP,UDP) should be done on NP3 and not in CPU.

Can I suggest opening a TAC case. TAC will collect:

- CPU profiler

- show proc a few times

(others)

And will tell you exectly what's going on.

0 Helpful

ricky.eng
Level 1
Level 1
In response to Marcin Latosiewicz

‎03-01-2012 01:15 AM

Thanks Marcin,

I understand the three NP...What I notices is all three NP block threshold are hit and base on Cisco documentation, it said the FWSM is oversubsribed.

# sh np block

                 MAX   FREE   THRESH_0   THRESH_1   THRESH_2

NP1 (ingress)  32768  32768         17        899      36385

    (egress)  521206 521206          0          0          0

NP2 (ingress)  32768  32768         41       1344      41968

    (egress)  521206 521206          0          0          0

NP3 (ingress)  32768  32768         99       5519      34275

    (egress)  521206 521206          0          0          0

If I go TAC, they probably will conclude the firewall is oversubsribed and require hardware upgrade and increase of capacity.

So, I am more interested to find out exactly what traffic causing the CPU statistis to go up but limited to know that the top run time is the fixup.

So, my next step is to find out which interface is the most congested so that I can SPAN the traffic to Sniffer/Ethereal for more detail traffic analysis. However, base on many of the #show traffic output gathered during CPU went high/down, the pkts/s counter didn't really fluactuate according to CPU.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to ricky.eng

‎03-01-2012 01:22 AM

Give the guys in TAC some credit :-)

Oversubscription might be contributing to your CPU problemem, but ...

Consider that traffic should not hit the CPU on FWSM unless it's inspected/IPv6 (and several other conditions).

From the looks of it, the box is not that oversubscribed ... thr 0 was only reached a few times doublesigits don't indicte a heavy oversubscription.

show perfmon

and

show service-policy

is where you should start  ;-)

M.

0 Helpful

sumani1984
Level 1
Level 1

‎03-06-2014 11:02 PM

diasble syslog and check once

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card