Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3701
Views
0
Helpful
5
Replies

Inspection load at 0% and CPU at 100%

mahuen.soto
Level 1
Level 1

‎10-23-2012 06:44 AM - edited ‎03-10-2019 05:48 AM

Hi, I have an ASA firewall 5585X with IPS SSP60 module, the issue here is that in the IPS module with IME, IDM and CLI, the staticts show that the inspection load is ever at 0% and the CPU(the 24 cores) are at 100% of use, i Think that is not so real, because I can see alerts and I able to access to the module.

so here are some evidence:

Inspection load:

show statistics virtual-sensor

Virtual Sensor Statistics

   Statistics for Virtual Sensor vs0

      Name of current Signature-Defintion instance = sig0

      Name of current Event-Action-Rules instance = rules0

      List of interfaces monitored by this virtual sensor =

      General Statistics for this Virtual Sensor

         Number of seconds since a reset of the statistics = 128767

         MemoryAlloPercent = 3

         MemoryUsedPercent = 3

         MemoryMaxCapacity = 45000000

         MemoryMaxHighUsed = 1054898

         MemoryCurrentAllo = 1566870

         MemoryCurrentUsed = 1506030

        Inspection Load Percentage = 0

         Total packets processed since reset = 38248606

         Total IP packets processed since reset = 38248606

CPU usage:

CPU Statistics

   Note: CPU Usage statistics are not a good indication of the sensor processing load. The Inspection Load Percentage in the output of 'show inspection-load' should be used instead.

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

   Usage over last 5 seconds = 100

   Usage over last minute = 100

   Usage over last 5 minutes = 100

attached are the tech support file

someone know this problem?

Labels:
137320-IPS_A_tech_support.txt.zip
0 Helpful
5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-23-2012 04:08 PM

Hello Mahuen,

This is the expected behavior.

Let me explain myself.

The explanation being that that the CPU polls the NIC more frequently, hence
decreasing the polling interval and reducing latency. The additional CPU
load that is reported while polling is actually available to process packets, and
reduces as inspection load goes up, it does not negatively affect the
overall throughput of the IPS.

 
This anomaly is discussed under the defect CSCtl74475

Hope this helps,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

mahuen.soto
Level 1
Level 1
In response to Julio Carvajal

‎10-24-2012 08:34 AM

ok, that explain the issue with the cpu, but what about the inspection-load?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahuen.soto

‎10-24-2012 10:18 AM

Hello Mahuen,

Well, there is no much traffic generating inspection across the box. That's all

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

mahuen.soto
Level 1
Level 1
In response to Julio Carvajal

‎10-24-2012 11:43 AM

which informatio do you read to say that?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahuen.soto

‎10-24-2012 12:41 PM

Hello Mahuen,

Well that is what the ouptut means!

Have you check the service policy to check how many packets are being send to the module?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card