11-19-2008 01:39 AM - edited 03-11-2019 07:15 AM
Hello,
I have a PIX 515E and it shows constantly high CPU usage and not sure which process exactly eats that.
----------------
sh cpu usa
CPU utilization for 5 seconds = 90%; 1 minute: 89%; 5 minutes: 84%
---------------
I did show process
-------------
sh proc
PC SP STATE Runtime SBASE Stack Process
Hsi 001eaee9 008c4f7c 005588b0 7500 008c3ff4 3628/4096 arp_timer
Lsi 001f048d 00968174 005588b0 501880 009671fc 3664/4096 FragDBGC
Lwe 00119a57 009e9364 0055c018 0 009e84fc 3688/4096 dbgtrace
Lwe 003e6385 009eb4f4 005511d8 6418730 009e95ac 6464/8192 Logger
Hwe 003ea51c 009ee5ec 00551488 970 009ec674 7760/8192 tcp_fast
Hwe 003ea495 009f069c 00551488 670 009ee724 7636/8192 tcp_slow
Lsi 003020e1 00b26e1c 005588b0 250 00b25e94 3680/4096 xlate clean
Lsi 00301fef 00b27ebc 005588b0 1260 00b26f44 3384/4096 uxlate clean
Mwe 002f99fb 00cc02bc 005588b0 27750 00cbe324 7640/8192 tcp_intercept_timer_process
Lsi 0043ccf5 00d6ab74 005588b0 1000 00d69bec 3632/4096 route_process
Hsi 002e97fc 00d6bc04 005588b0 102570 00d6ac9c 2244/4096 PIX Garbage Collector
Hwe 002177d1 00d76134 005588b0 4640 00d721cc 15824/16384 isakmp_time_keeper
Lsi 002e739c 00d8fe9c 005588b0 90 00d8ef14 3708/4096 perfmon
Mwe 0020edf9 00dba2cc 005588b0 5110 00db8354 7680/8192 IPsec timer handler
Hrd 0039c643 00dced54 00558898 179220 00dcce0c 6784/8192 qos_metric_daemon
Mwe 00261fe5 00de988c 005588b0 329290 00de5924 15344/16384 IP Background
Lwe 002fa672 00e9c1dc 0056ecf8 0 00e9b364 3704/4096 pix/trace
Lwe 002fa8aa 00e9d28c 0056f428 0 00e9c414 3704/4096 pix/tconsole
H* 0011f1af 0009ff2c 00558898 56550 00ea577c 12664/16384 ci/console
Csi 002f26fb 00eaa784 005588b0 65440 00ea982c 3280/4096 update_cpu_usage
Hwe 002ddfc1 00f4e71c 00537c50 0 00f4a894 15884/16384 uauth_in
Hwe 003e8f8d 00f5081c 0099d448 0 00f4e944 7896/8192 uauth_thread
Hwe 003ff49a 00f5196c 005517d8 10 00f509f4 3848/4096 udp_timer
Hsi 001e2ab6 00f53634 005588b0 4650 00f526bc 3664/4096 557mcfix
Crd 001e2a6b 00f546f4 00558d28 191740320 00f5376c 3536/4096 557poll
Lsi 001e2b25 00f55794 005588b0 1610 00f5481c 3584/4096 557timer
Cwe 001e46a9 00f6b86c 00558d28 70342810 00f69974 6128/8192 pix/intf0
Mwe 003ff20a 00f6c97c 009e6070 0 00f6ba44 3896/4096 riprx/0
Msi 003a5bf9 00f6da8c 005588b0 220 00f6cb14 3664/4096 riptx/0
Cwe 001e46a9 00f73c94 00558d28 103716960 00f71d9c 5968/8192 pix/intf1
Mwe 003ff20a 00f74da4 009e6028 0 00f73e6c 3896/4096 riprx/1
Msi 003a5bf9 00f75eb4 005588b0 330 00f74f3c 3768/4096 riptx/1
Cwe 001e46a9 00f7c0bc 0081b548 0 00f7a1c4 7928/8192 pix/intf2
Mwe 003ff20a 00f7d1cc 009e5fe0 0 00f7c294 3896/4096 riprx/2
Msi 003a5bf9 00f7e2dc 005588b0 280 00f7d364 3768/4096 riptx/2
Mrd 00258938 010009ac 005588e8 57730 00fffa44 3160/4096 ntp
Mwe 00372856 0100af5c 005588b0 0 01008fe4 7960/8192 Crypto CA
Mwe 003e2e75 00ea153c 005588b0 20 00e9f5c4 7164/8192 ssh/timer
-----------------------------
sh int e1
interface ethernet1 "inside" is up, line protocol is up
Hardware is i82559 ethernet, address
MTU 1500 bytes, BW 100000 Kbit full duplex
68102337 packets input, 4212188675 bytes, 0 no buffer
Received 146892 broadcasts, 0 runts, 0 giants
3510 input errors, 0 CRC, 0 frame, 3510 overrun, 0 ignored, 0 abort
76845298 packets output, 3337696473 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (128/188)
output queue (curr/max blocks): hardware (0/128) software (0/529)
Is there a way to find which eats the most CPU since i have performance problems because of this.
11-20-2008 05:52 AM
Hello
are you analyse yours logs ?
Cordialy
11-23-2008 11:37 PM
Hi - bit late and hope you haven't been running at 90% since the 20th but check out
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009456c.shtml
for some useful info on the various processes running and why. Your 557poll does seem a bit large although it's generally the largest.
1. Are you running a debug or capture? It's a commom mistake.
2. Look at your acls - are they huge in the "show access-list xxx" form (i.e. not what they look like in the running-config). Over use of object-groups and nesting of object-groups is bad form and can really stress your FW
3. How much are you logging? Worth turning it down especilly those logs you don't look at (console?) to see if it makes a difference.
Hope it helps and pls rate this post
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide