Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1753
Views
5
Helpful
5
Replies

PIX - High CPU load issue

Thomas Panicker
Level 1
Level 1

‎03-14-2013 11:54 PM - edited ‎03-11-2019 06:14 PM

Hi ,

My PIX CPU load was normally 30 - 35% and suddenly it got peaked to more than 90%. I did a comparison of CPU process (taken at two intervals of time). Please see the below comparison results of CPU Process:

Process NameΔ Runtime
IKE Receiver300
vpnfol_thread_unsent6465
IP Thread2881
listen/ssh1
fover_rep206
fover_serial_tx291
listen/https40
lu_ctl28
tcp_slow474
udp_thread301
e1091
vpnlb_ti609
uauth_urlb clean5
EAPoUDP-sock2
fover_thread1
qos_431
557479
vpnfol_thread_ti1386
IKE Ti2905
route_process29
fover_FSM_thread1
fover_health_14703
SSL15
fover_ifc_test11
ssh/ti6
tcp_thread520
IP Background148
NIC status poll911
udp_ti6
ssh14
arp_ti3427
update_cpu_usage2791
tcp_fast995
ppp_ti101
ic479
t3431
IP Address Assign3
Dispatch Unit34007507
vPif_stats_cleaner9
Logger689216
ha_trans_ctl_tx616
ci/console1096
sn3806
IPsec 50
fover_serial_rx3312
PIX Garbage Collector1274
IKE Dae1325
Checkheaps28874
fover_ip83
SNMP Notify Thread5319
aaa32
fover_parse1831
fover_tx136
Session Manager73
CTM 8591
p566
fover_rx1053
NTP2066
RADIUS Proxy Listener1
ARP Thread17271


Seeing the above i have disabled Syslog, but still issue exist and also not sure of the dispatch unit process showing.  Also I ahve noticed that there is no output for the command " sh processes cpu-hog".

Also in the "show interface" command i could see errors in the inside and outside interfaces. Please see the below;

# sh interface
Interface Ethernet0 "outside", is up, line protocol is up
99282 input errors, 0 CRC, 0 frame, 99282 overrun, 0 ignored, 0 abort


Interface Ethernet1 "inside", is up, line protocol is up
603003 input errors, 0 CRC, 0 frame, 603003 overrun, 0 ignored, 0 abort

Could anyone PLEASE provide some suggestion on what might be the problem and how to troubleshoot further ?

Thanks

Labels:
0 Helpful
5 Replies 5

jocamare
Level 4
Level 4

‎03-15-2013 03:43 PM

If you clear the interfaces, do the errors keep increasing?  If so, at what rate?

Have you tried to reload the unit?

Thomas Panicker
Level 1
Level 1
In response to jocamare

‎03-16-2013 12:28 AM

Hi Jocamare,

Thanks for the check. After your comment I did a interface reset and after the same while checked found there is no input errors. Monitored the same more than one hour but still the input errors are 0. I believe this might be due to disabling the logging option.

Yes, during high CPU utilization i have tried reloading the PIX firewall. But it didn't fixed the issue. Some how it came down after few hours (may be 1.5 - 3hrs). I have did a comparison of CPU process and the runtime. Please see the below comparison output;

Process NameΔ Runtime
IKE Receiver1
vpnfol_thread_unsent139
IP Thread346
fover_serial_tx19
listen/https1
tcp_slow124
udp_thread11
e26
vpnlb_ti20
EAPoUDP-sock1
qos_130
55712
vpnfol_thread_ti23
IKE Ti82
route_process2
fover_health_1003
SSL1
ssh/ti3
tcp_thread443
IP Background44
NIC status poll320
VAC+ rando2
ssh3843
arp_ti98
update_cpu_usage203
tcp_fast279
ppp_ti4
ic2
Dispatch Unit340659
vPif_stats_cleaner1
ha_trans_ctl_tx16
ci/console27
sn345
fover_serial_rx107
PIX Garbage Collector28
IKE Dae32
Checkheaps10569
fover_ip12
aaa1
fover_parse63
fover_tx12
Session Manager14
CTM 154
p24
fover_rx34
NTP58
ARP Thread311

Seeing the CPU runtime above, is there anything need to be checked in the configuration ?


Regards,

Thomas

0 Helpful

mabuarja
Level 1
Level 1

‎03-16-2013 06:54 AM

hi,

if the high cpu re-occurs, try to "clear traffic" , and "show traffic" after few seconds , and try to do this (clear/show traffic) many times.

after that you can sum the transmitted & received Mbps and compare  the results with the throughput limit value mentioned in the device specifications , as the device might be loaded .

Regards,

Mohammad

0 Helpful

Thomas Panicker
Level 1
Level 1
In response to mabuarja

‎03-17-2013 12:10 AM

Hi mohammad,

Thank you for the suggestion. Will do the same and update soon.

Regards,

Thomas

0 Helpful

jocamare
Level 4
Level 4
In response to Thomas Panicker

‎03-17-2013 12:17 PM

Mind sharing the configuration from the PIX? The idea is to determine if any of the enabled features might be causing the problem.

0 Helpful
Related community topics
Review Cisco Networking for a $25 gift card
Top