I Posted this @bkoch1 5 or

mparas_04 · ‎05-07-2012

After installing the new anti virus on all PCs in our company, the CPU usage of our Cisco firewalls increased up to 92%. How can we upgrade the CPU of the device to lower the CPU usage? Thanks.

varrao · ‎05-07-2012

Hi,

You cannot upgrade the CPU of the ASA, you would need to troubleshoot what is eating the CPU cycles, just as an initial pointer, I would request you to check the following:

show process cpu-hog non-zero

Chcek the traffic hitting the ASA as well.

Thanks,

Varun

Thanks,
Varun Rao

mparas_04 · ‎05-07-2012

Hi,

Thanks for the reply. I'm not really into security, I'm more on router & switches. Here is the result of the show command I enter on the ASA. May I ask again for your help.

INTFW# show process cpu-usage non-zero

PC Thread 5Sec 1Min 5Min Process

081aa324 6bdaf870 78.6% 79.0% 78.9% Dispatch Unit

08bd08d6 6bda9210 5.6% 5.6% 5.6% Logger

INTFW# show process cpu-h

Process: snp flow bulk sync, PROC_PC_TOTAL: 12, MAXHOG: 16, LASTHOG: 16

LASTHOG At: 11:27:08 PHST Aug 8 2011

PC: 86badfe (suspend)

Process: vpnfol_sync/Bulk Sync - Import , NUMHOG: 23, MAXHOG: 6, LASTHOG: 6

LASTHOG At: 11:27:17 PHST Aug 8 2011

PC: 80635a5 (suspend)

Traceback: 80635a5 8d9ff96 8062413

Process: vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 23, MAXHOG: 5, LAS THOG: 5

LASTHOG At: 11:27:17 PHST Aug 8 2011

PC: 8da1592 (suspend)

Process: vpnfol_sync/Bulk Sync - Import , NUMHOG: 23, MAXHOG: 5, LASTHOG: 5

LASTHOG At: 11:27:17 PHST Aug 8 2011

PC: 8da1592 (suspend)

Traceback: 8da1c7e 8d9ff8f 8062413

Process: ssh_init, PROC_PC_TOTAL: 4, MAXHOG: 4, LASTHOG: 3

LASTHOG At: 07:41:20 PHST Aug 18 2011

PC: 806dcd5 (suspend)

Process: ssh_init, NUMHOG: 4, MAXHOG: 4, LASTHOG: 3

LASTHOG At: 07:41:20 PHST Aug 18 2011

<--- More --->

PC: 806dcd5 (suspend)

Traceback: 8b9d3e6 8bab837 8ba024a 8062413

Process: ssh_init, PROC_PC_TOTAL: 90801, MAXHOG: 5, LASTHOG: 2

LASTHOG At: 04:47:28 PHST Apr 5 2012

PC: 8b9ac8c (suspend)

Process: ssh_init, NUMHOG: 90801, MAXHOG: 5, LASTHOG: 2

LASTHOG At: 04:47:28 PHST Apr 5 2012

PC: 8b9ac8c (suspend)

Traceback: 8b9ac8c 8ba77ed 8ba573e 8ba58e8 8ba6971 8ba02b4 8062413

Process: telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At: 08:43:18 PHST Apr 16 2012

PC: 8870ba5 (suspend)

Process: telnet/ci, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At: 08:43:18 PHST Apr 16 2012

PC: 8870ba5 (suspend)

Traceback: 8870ba5 9298bf1 92789fe 9279191 80ca7e7 80cacbb 80c14b5

80c1c5f 80c2da6 80c3850 8062413

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 5, MAXHOG: 3, LASTHOG: 2

LASTHOG At: 20:23:09 PHST Apr 27 2012

PC: 8c0e8e5 (suspend)

Process: Unicorn Proxy Thread, NUMHOG: 5, MAXHOG: 3, LASTHOG: 2

LASTHOG At: 20:23:09 PHST Apr 27 2012

PC: 8c0e8e5 (suspend)

Traceback: 8c0e8e5 8c23428 8c24561 8cff99d 8cfdb0c 8cf9f81 8cf9ef5

8cfa9b0 8cec6c9 8cebf7b 8cec22c 8ce5e2f 8d00cfb 8d01d67

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 12, MAXHOG: 5, LASTHOG: 4

LASTHOG At: 20:23:09 PHST Apr 27 2012

PC: 8c2bb4d (suspend)

Process: Unicorn Proxy Thread, NUMHOG: 12, MAXHOG: 5, LASTHOG: 4

LASTHOG At: 20:23:09 PHST Apr 27 2012

PC: 8c2bb4d (suspend)

Traceback: 8c2bb4d 8c0ef7a 8c11576 8c11625 8c12748 8c140f8 8c0f074

8c23bae 8f2f1f1 8062413

Process: vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 488, MAXHOG: 100, LASTHOG: 2

LASTHOG At: 02:44:29 PHST May 6 2012

PC: 80635a5 (suspend)

Process: ssh_init, NUMHOG: 461, MAXHOG: 3, LASTHOG: 2

LASTHOG At: 02:44:29 PHST May 6 2012

PC: 80635a5 (suspend)

Traceback: 80635a5 8133d0b 9224474 923d3c8 9239045 9238e95 9226f50

92263d8 92158bf 920530c 922564a 92254c1 9214606 92050bc

Process: snmp, PROC_PC_TOTAL: 52, MAXHOG: 3, LASTHOG: 3

LASTHOG At: 12:39:15 PHST May 7 2012

PC: 8b37300 (suspend)

Process: snmp, NUMHOG: 52, MAXHOG: 3, LASTHOG: 3

LASTHOG At: 12:39:15 PHST May 7 2012

PC: 8b37300 (suspend)

Traceback: 8b37300 8b35d27 8b32e39 8b358c8 8b10b5e 8b0f7bc 8062413

Process: ssh_init, PROC_PC_TOTAL: 43117, MAXHOG: 4, LASTHOG: 2

LASTHOG At: 10:35:55 PHST May 8 2012

PC: 83cf301 (suspend)

Process: ssh_init, NUMHOG: 43117, MAXHOG: 4, LASTHOG: 2

LASTHOG At: 10:35:55 PHST May 8 2012

PC: 83cf301 (suspend)

Traceback: 83cfb25 83c9883 812ea45 89e51b2 89b8dda 8ba0e44 8ba0278

8062413

Process: Dispatch Unit, PROC_PC_TOTAL: 4911194, MAXHOG: 1010, LASTHOG: 3

LASTHOG At: 14:22:15 PHST May 8 2012

PC: 81aa50f (suspend)

Process: Dispatch Unit, NUMHOG: 4501175, MAXHOG: 1010, LASTHOG: 3

LASTHOG At: 14:22:15 PHST May 8 2012

PC: 81aa50f (suspend)

Traceback: 81aa50f 8062413

Process: snmp, PROC_PC_TOTAL: 82902, MAXHOG: 4, LASTHOG: 3

LASTHOG At: 14:25:09 PHST May 8 2012

PC: 8c09598 (suspend)

Process: snmp, NUMHOG: 82902, MAXHOG: 4, LASTHOG: 3

LASTHOG At: 14:25:09 PHST May 8 2012

PC: 8c09598 (suspend)

Traceback: 8b300cd 8b1086d 8b0f7bc 8062413

Process: snmp, PROC_PC_TOTAL: 41500, MAXHOG: 4, LASTHOG: 3

LASTHOG At: 14:25:09 PHST May 8 2012

PC: 8b3709e (suspend)

Process: snmp, NUMHOG: 41500, MAXHOG: 4, LASTHOG: 3

LASTHOG At: 14:25:09 PHST May 8 2012

PC: 8b3709e (suspend)

Traceback: 8b3709e 8b35dcb 8b32e39 8b358c8 8b10b5e 8b0f7bc 8062413

Process: Dispatch Unit, PROC_PC_TOTAL: 50136, MAXHOG: 46, LASTHOG: 2

LASTHOG At: 14:25:12 PHST May 8 2012

PC: 81aa324 (suspend)

Process: Dispatch Unit, NUMHOG: 50136, MAXHOG: 46, LASTHOG: 2

LASTHOG At: 14:25:12 PHST May 8 2012

PC: 81aa324 (suspend)

Traceback: 81aa324 8062413

Process: Dispatch Unit, NUMHOG: 13985647, MAXHOG: 1012, LASTHOG: 3

LASTHOG At: 14:25:43 PHST May 8 2012

PC: 81aa5f9 (suspend)

Traceback: 81aa5f9 8062413

Process: Dispatch Unit, PROC_PC_TOTAL: 18866757, MAXHOG: 1012, LASTHOG: 4

LASTHOG At: 14:25:44 PHST May 8 2012

PC: 81aa5f9 (suspend)

CPU hog threshold (msec): 2.844

Last cleared: None

Thank,

varrao · ‎05-08-2012

Hi,

This tells me that the dispatch unit is running high, dispatch unit is responsible for handling traffic between different interfaces, so higher the amount of traffic this is bound to increase. I would suggest opening a TAC case for it and verify what traffic is hitting your firewall due to which the CPU is going high. You might need to troubleshoot on the traffic front.

Thanks,

Varun

Thanks,
Varun Rao

daniel.messana · ‎10-04-2012

I have an ASA5510 Sec Plus Bundle in my home lab. Though it isn't supported by Cisco, I upgraded the ram to 2GB using non-cisco memory along with the CPU to a 3.4Ghz P4. I ran a bandwidth test and reached gigabit speeds maxing out the gigabit interface. the cpu never went over 5% utilization while doing so unlike the bigger brother 5520 that i tested at work which maxed out at ~400Mbs and had the CPU spike during that time to 100%.

bkoch1 · ‎02-17-2016

What bandwidth test are you using? I upgraded a 5540 from the 2 GHz P4 to a 3 GHz P4, and the iperf results were the same: CPU hit 45% and bandwidth maxed at 650Mbps.

NETWORK OIT · ‎08-04-2017

I Posted this bkoch1 5 or so years ago, and performed the upgrade before that, wondering if Cisco saw this and put a software limitation on one of their updates. this wouldn't surprise me. your box seemed to top off at the advertised throughput even after the upgrade while using the same testing method i had used. it is also possible that the security plus license removes said software limitation.

Matt Wilson · ‎04-14-2020

What family was the Pentium 4 from?

How to upgrade the CPU of Cisco ASA 5520?