Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3033
Views
0
Helpful
3
Replies

High Memory Utilization of ASA 5510 and getting few packet drops for firewall.

k.narendranath
Level 1
Level 1

‎03-21-2011 12:49 AM

We are observing high memory utilization of 71% now and getting few packet drops for firewall.

I have tried many options available to identify the cause.

Correct me if IKE Daemon is consuming more memory and which resulting to memory leak?

CINBLR01-SQDR-FIREWALL-00002# sh processes memory

--------------------------------------------------------------
Allocs   Allocated       Frees         Freed           Process
          (bytes)                      (bytes)
--------------------------------------------------------------
840      4045912         13            2860            *System Main*
0        0               0             0               557mcfix
0        0               0             0               uauth_urlb clean
523854   25076852        14463         633918          CTM message handler
0        0               0             0               udp_timer
0        0               0             0               vpnfol_thread_sync
0        0               0             0               block_diag
0        0               2             8324            emweb/cifs_timer
7778377  256606597       7778375       256606505       snmp
1        24              0             0               EAPoUDP-sock
0        0               0             0               SSL
216      5202772         83            2996944         rtcli async executor process
0        0               0             0               fover_health_monitoring_thread
0        0               0             0               Chunk Manager
26       17042           1             598             ci/console
0        0               0             0               557statspoll
0        0               0             0               pm_timer_thread
0        0               10            41620           NAT security-level reconfiguration
0        0               0             0               Reload Control Thread
0        0               0             0               CTCP Timer process
0        0               0             0               vpnfol_thread_unsent
2        8324            0             0               netfs_mount_handler
3196018  182681820       0             0               IKE Receiver
0        0               0             0               EAPoUDP
0        0               0             0               SMTP
0        0               0             0               IP Thread
4        744             0             0               Quack process
0        0               0             0               ha_trans_ctl_tx
1        2097188         0             0               PIX Garbage Collector
0        0               0             0               fover_rx
36       197416          0             0               fover_thread
0        0               0             0               IKE Timekeeper
0        0               0             0               ICMP event handler
95833    87407960        95834         87407995        aaa
0        0               0             0               L2TP data daemon
789965   315767407       787681        292412947       Dispatch Unit
2        24              0             0               arp_timer
512      2130944         256           4096            listen/ssh
1        35              414           6624            tacplus_get
3167570  308313356       27            12964           Logger
5        504             0             0               ARP Thread
86       48848           0             0               Session Manager
0        0               0             0               ha_trans_data_tx
0        0               0             0               IP Address Assign
0        0               0             0               fover_tx
26       830367          0             0               netfs_thread_init
5        40687           0             0               lu_ctl
27337955 5469174290      30262913      5814671955      IKE Daemon
0        0               0             0               dbgtrace
0        0               0             0               IP Background
0        0               0             0               L2TP mgmt daemon
0        0               0             0               Integrity Fw Timer Thread
2        152             0             0               CF OIR
0        0               0             0               arp_forward_thread
13       1992            24            4000            NTP
2        8324            0             0               vpnlb_thread
833      305072          415           111920          tacplus_snd
0        0               0             0               Thread Logger
2        68              1             32              icmp_thread
3        15119           0             0               uauth
0        0               2             8324            fover_FSM_thread
0        0               0             0               QoS Support Module
0        0               0             0               fover_ip
1        40              0             0               update_cpu_usage
0        0               0             0               RADIUS Proxy Event Daemon
13503596 915695012       14353832      1020081754      tmatch compile thread
0        0               0             0               CMGR Server Process
0        0               0             0               ppp_timer_thread
0        0               0             0               netfs_vnode_reclaim
0        0               0             0               lina_int
0        0               0             0               Lic TMR
181599   143042928       173705        55036112        Unicorn Admin Thread
0        0               0             0               udp_thread
0        0               0             0               Uauth_Proxy
0        0               0             0               lu_rx
0        0               0             0               Client Update Task
0        0               0             0               fover_rep
4        4160            0             0               RADIUS Proxy Listener
0        0               0             0               Crypto PKI RECV
0        0               94            2835            ssh/timer
767643   35708638        767596        35691566        ssh
0        0               0             0               CMGR Timer Process
0        0               0             0               vpnlb_timer_thread
0        0               0             0               tcp_fast
0        0               0             0               vpnfol_thread_msg
2        236             0             0               tcp_thread
19385    911596          19361         895960          ssh
0        0               0             0               lu_dynamic_sync
0        0               0             0               Checkheaps
0        0               0             0               fover_parse
8        2912            3             36              NIC status poll
0        0               0             0               RADIUS Proxy Time Keeper
0        0               0             0               Crypto CA
3339897  350782706       2988264       217508934       IPsec message handler
0        0               0             0               tcp_slow
0        0               0             0               vpnfol_thread_timer
0        0               0             0               TLS Proxy Inspector
256      4096            463           11112           npshim_thread
654      37954           3460991       311844290       SNMP Notify Thread
0        0               0             0               fover_ifc_test
6        14112           0             0               Integrity FW Task
CINBLR01-SQDR-FIREWALL-00002#

CINBLR01-SQDR-FIREWALL-00002#   sh memory
Free memory:        76565400 bytes (29%)
Used memory:       186987496 bytes (71%)
-------------     ----------------
Total memory:      263552896 bytes (100%)
CINBLR01-SQDR-FIREWALL-00002#

CINBLR01-SQDR-FIREWALL-00002# sh xlate
7 in use, 149 most used

CINBLR01-SQDR-FIREWALL-00002# sh conn count
128 in use, 956 most used
CINBLR01-SQDR-FIREWALL-00002#

Labels:
0 Helpful
3 Replies 3

padatta
Level 1
Level 1

‎03-21-2011 02:24 AM

It seems IKE is using a lot of memory cycles. It would be a memory leak only if you observer increasing memory utilization with time, else it would be high memory.

Apart from IKE, snmp and logging seems to use a lot of memory as well.

Paps

0 Helpful

k.narendranath
Level 1
Level 1
In response to padatta

‎03-21-2011 02:35 AM

Thx… paps, is there any way to release this allotted memory from these process without reboot ?

0 Helpful

padatta
Level 1
Level 1
In response to k.narendranath

‎03-21-2011 02:53 AM

Hi,

Most probably the memory allocated is for genuine reasons. Unless, you see memory used increasing with time.

In case of memory leak, a reboot only will clear the memory allocations. If you do not see the memory used increasing with time, then it is not a memory leak and a case of high memory utilization.

You may want to reduce snmp and logging activity and check if the problem alleviates.

Paps

0 Helpful
Customers Also Viewed These Support Documents