Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
3
Replies

PIX 525 running 7.04-8 issues with CPU/memory

jharnold
Level 1
Level 1

‎02-21-2006 08:28 AM - edited ‎02-21-2020 12:43 AM

We upgraded our 525 active/failover cluster to 7.X and immediately began having issues with the devices failing over and back and CPU spiking. When this happened the telnet and enable passwords would become corrupt and we had to reset the passwords. TAC first said to upgrade to the latest code, 7.1(1) but that didn't help the situation. Downgrading to 7.04-8 has stopped the failovers and password issues, but the boxes are using 85%-90% memory and turning on syslogs with anything higher than warning will spike the cpu.

We never had any of these issues with 6.X train of code and I'm seriously considering downgrading to that code level again.

The high memory usage has me concerned. This box is fed by 2 OC3s (one very active and one not so much) aggregated via a 3550 and is our edge connection. I'm not fond of it having problems!

Any words of wisdom?

0 Helpful
3 Replies 3

bernhardb
Level 1
Level 1

‎02-23-2006 02:53 AM

We have this problem with a 535 pix.

Cisco sais that the pix can handle 1.7GBit of traffic.

With a tac case lasting for nearly a month, five different TAC engineers, one sales and dev included, we found out that with version 7.0 (and 7.1), TCP traffic and multiple context's (we use three), pix is only able to handle 300-450MBit's of traffic. The cpu is bordering traffic. 7.0 and above has much more features, and though can handle not so much traffic.

7.0.4(8) (interim release) is a optimized version, but the difference in cpu utilization is not very big. You see the difference in show processes, the processes "557poll" and "snp_timer_thread" are not there.

How much traffic must you handle?

Feed a TAC engineer with the following output:

show cpu usage context all

show cpu usage context admin

show cp usage

show process

show log

show xlate count

show conn count

show local-host | include host | count/limit

show traffic

show tech

capture abc type asp-drop all

wait for 1 minute

no capture abc type asp-drop all

show capture abc

best regards

Bernhard

0 Helpful

p.ramesh
Level 1
Level 1
In response to bernhardb

‎03-02-2006 09:41 AM

We are Facing the Same problem with pix 535. Can you please let me know the Cisco TAC case ID

Regards

Brijesh Kumar

0 Helpful

dro
Level 1
Level 1

‎03-20-2006 07:40 PM

I'm running into the same types of problems. I upgraded two 525's to 7.1(2) over the weekend from 6.3(5), and had to back down to 7.0(4) instead due to constant crashing and failovers.

Prior to the upgrade, I was sitting around 50% CPU usage during the day, handling 12 Mb of ICA traffic over 3DES/AES VPNs. Post "upgrade", they're running between the 75 and 80% range.

-Joshua

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card