High cpu load - burst traffic

giuseppe parlato · ‎09-11-2013

Hello,

I have high cpu load on ASA 5520, I'm supposing there is burst traffic (even though I do not have many interface overrun errors). How can I detect burst traffic ? I've tryied to use a netflow collector but I could configure on ASA a timeout rate of 1 minute and probably burst traffic is restricted to some milliseconds.

ps. throughput is quite low

Thanks

JORGE RODRIGUEZ · ‎09-11-2013

Hello,

Have you reviewed this link bellow - referencing the high CPU session check list can help isolate.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

Generally netflow in asa could still provide you with ingrees traffic giving some clues of high traffic utiliaziton but usually high CPU is cause by other factors, review the link provided.

Jorge Rodriguez

giuseppe parlato · ‎09-11-2013

Thanks for your answer,

the link you provided doesn't work, maybe you were referring to

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080b8e100.shtml#CPU which I've already reviewed.

You sure burst traffic can't affect cpu load ? I really don't know what to search for, connections? inspection service policy? asp drops? intefaces throughput .. nothing has really much changed. Issue has started after I upgraded from 7.2 to 8.2. The only difference is basic threat detection which now is enabled but actually it doesn't impact cpu load at all.

sokakkar · ‎09-11-2013

Hi,

Is the ASA running high on CPU constantly or do you see CPU spikes?

Can you post 'show tech' from ASA (hide the IP's if you want)?

What is the normal CPU usage on your ASA and how much is it using now?

I will review the output and let you know the next step.

-

Regards,

Sourav Kakkar