11-23-2010 12:42 AM - edited 03-11-2019 12:13 PM
Hi,
I have upgraded my firewall OS from asa707-k8.bin to asa804-39-k8.bin after which the memory utilization has suddenly shoot to 90-95%.
Have tried many options available to identify the cause such as disabling threat detection,shortening the access-list however end up with with no resolution.
Current the DRAM is 256 MB
sh version and sh mem output are attch alongwith.
Kindly let me know is there any bug related to OS.
11-23-2010 01:01 AM
this depend on lot of factors,
firstly wht was the mem utilization in 7.0 code
any particular reason why you went to 8.0.4.39
how many xlates and conn entries do you have in fw,
if nothing has changed and ur mem was very low like 60 to 70 % free in 7.0 code, i would suggest open a tac and investigate
11-23-2010 01:06 AM
Answering your concern
the mem utilization with 7.0 code was 45 to 50 %
Upgraded to 8.0 for getting eth 0/0 and eth 0/1 transformed to Gig
NINMUM03-DGTL-FIREWALL-00001# sh xlate count
14 in use, 14 most used
Yeah in process of raising a TAC with Cisco.
11-23-2010 04:04 AM
NINMUM03-DGTL-FIREWALL-00001# sh processes mem
--------------------------------------------------------------
Allocs Allocated Frees Freed Process
(bytes) (bytes)
--------------------------------------------------------------
906 4080690 13 2860 *System Main*
1 2097188 0 0 PIX Garbage Collector
0 0 0 0 RADIUS Proxy Time Keeper
1578 521656 2786 927980 tmatch compile thread
0 0 0 0 L2TP data daemon
0 0 0 0 emweb/cifs_timer
0 0 0 0 DHCPD Timer
0 0 0 0 tcp_thread
0 0 0 0 Uauth_Proxy
135 66515 64 16236 fover_FSM_thread
0 0 0 0 IP Address Assign
3 4272 0 0 fover_rx
7 14144 0 0 Integrity FW Task
0 0 0 0 Crypto PKI RECV
0 0 0 0 netfs_vnode_reclaim
0 0 0 0 CMGR Server Process
0 0 0 0 L2TP mgmt daemon
97782140 24206173102 97769122 24127070566 Dispatch Unit
3 8356 0 0 netfs_mount_handler
51 816 106 2544 npshim_thread
243 10764 2 280 lu_rx
0 0 0 0 QoS Support Module
2 64 2 64 fover_tx
28 17971 3 1527 ci/console
0 0 0 0 557mcfix
0 0 0 0 Crypto CA
0 0 0 0 CMGR Timer Process
0 0 0 0 ppp_timer_thread
2 152 0 0 CF OIR
2 24 1 60 arp_timer
1 24 0 0 EAPoUDP-sock
0 0 0 0 lu_dynamic_sync
0 0 0 0 Client Update Task
14 7264 0 0 fover_ip
29 842435 0 0 netfs_thread_init
82 219608 17 10277 fover_thread
0 0 0 0 557statspoll
0 0 0 0 uauth_urlb clean
0 0 0 0 vpnlb_timer_thread
0 0 0 0 lina_int
0 0 0 0 arp_forward_thread
521 162597 728 148633 vpnfol_thread_msg
0 0 0 0 EAPoUDP
0 0 0 0 SSL
1506 71072 1605 55916 SNMP Notify Thread
0 0 0 0 Checkheaps
0 0 0 0 fover_rep
7 40751 0 0 lu_ctl
0 0 0 0 pm_timer_thread
0 0 70 2002 ssh/timer
2 321068 0 0 IPsec message handler
0 0 0 0 Lic TMR
1073415 54999740 1073415 54999740 vpnfol_thread_timer
3 105 109 1744 tacplus_get
0 0 0 0 SMTP
273 6823906 122 4325634 rtcli async executor process
4810 3521516 2905 2634342 fover_parse
32571 1514632 32547 1498996 ssh
1 40 0 0 update_cpu_usage
0 0 0 0 IKE Timekeeper
14721 638576 14372 621920 CTM message handler
0 0 0 0 tcp_fast
0 0 0 0 vpnfol_thread_sync
3 8356 0 0 vpnlb_thread
380 86288 266 34692 tacplus_snd
0 0 3 8356 Logger
0 0 0 0 IP Thread
0 0 0 0 fover_ifc_test
0 0 0 0 vPif_stats_cleaner
0 0 0 0 IKE Daemon
0 0 0 0 listen/telnet
0 0 0 0 NAT security-level reconfiguration
3 4272 0 0 NTP
0 0 0 0 tcp_slow
0 0 0 0 vpnfol_thread_unsent
665526 29394987 661657 22130614 snmp
0 0 0 0 Syslog Retry Thread
29 21396 1 32 ARP Thread
4 744 0 0 Quack process
9 668 1 32 fover_health_monitoring_thread
11 4876 15 67663 NIC status poll
0 0 0 0 RADIUS Proxy Event Daemon
150 417800 50 800 listen/ssh
0 0 0 0 dbgtrace
0 0 0 0 ICMP event handler
0 0 0 0 Reload Control Thread
0 0 0 0 udp_timer
0 0 0 0 Integrity Fw Timer Thread
0 0 0 0 Thread Logger
3 3840 0 0 icmp_thread
0 0 0 0 Session Manager
0 0 0 0 ha_trans_ctl_tx
0 0 0 0 Chunk Manager
4 4160 0 0 RADIUS Proxy Listener
0 0 0 0 IP Background
55 1540 57 1617 aaa
0 0 0 0 CTCP Timer process
0 0 0 0 block_diag
0 0 0 0 TLS Proxy Inspector
0 0 0 0 udp_thread
3 15119 0 0 uauth
2 236 1 32 ha_trans_data_tx
11-23-2010 01:43 PM
Padmabhushan Sawant, I I have looked into this issue because I am having some issues with my VPN and a Smart Net tech told me that the new OS has some fixes in it that may fix my problem. However i was only running 256 on my ASA5510 and the smart Net tech said that I needed 1 gig min to run the new OS. You may want to look into that some more...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide