Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today. On the dashboard of our asa 5510 the "outside interface" traffic usage is running constantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.
View 6 RepliesI have little experience with firewalls, what I've learned has been by dealing with issues like this that arise from time to time.I know, I need to upgrade the version. It's in the works now. Anyways, my question/problem is: Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today. On the dashboard of our asa 5510 the "outside interface" traffic usage is running contstantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.
View 2 Replies View RelatedI have a 5510 FW in multi-context mode that is showing a high drop count on the Management interface in the Admin context.
View 1 Replies View RelatedWe installed a solution with 2 Cisco 2801, BGP multihomed failover.
1) The router which is currently getting all the traffic gets to 55% to 60% of CPU usage when handling 40 SIP/RTP streams . This equals 10Mbit up/10Mbit down and it showed around 5800 packets TX and around 5800 packets RX, with a majority of them CEF switched. As those figures are way less than the performance figures published by Cisco, we wonder if we made any mistake in setting up our router, or if we can do something to improve the router setup.
2) Does it have an impact on router performance if we increase/decrease RTP packet size, thus increasing or decreasing the pps relative to the consumed bandwidth?
3) If it is not possible to improve router configuration, we also wonder about possible replacement units for those routers. Would a 2901 do a good job? By how much would it rise the capacity? What other models would you recommend if we plan to rise the number of concurrent calls by a factor of 4 or even 8 times of what we have now (so up to 48000 pps and 80Mbit).
Here is what we tried:
- ip route-cache same-interface does not seem to improve anything
- ip flow ingress on or off makes no difference
- disabling the inbound ACL on fa0/0 seems to reduce load by 10%, although I don't understand why - a very high percentage is CPU interrupts, and ACLs are process switched, or not?
- we tried following the Cisco guide for high CPU due to high interrupts, with no success
Here are some usage statistics:
The graphs that we plot via SNMP show a propotional growth/increase of CPU and bandwidth (and thus pps) At the highest loads, we had a bit more than 55% CPU utilization with more than 50% interrupt CPU.
CPU utilization for five seconds: 36%/30%; one minute: 30%; five minutes: 30%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
127 13140 954 13773 2.00% 0.29% 0.07% 194 SSH Process
[Code].....
Here is my conf:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
[Code].....
Our 2811 Edge router is having extremely high CPU problems. IP Input is consuming 70% of the process during business hours. Cisco express forwarding is enabled. It only shows 50% but its currently before business hours. Id say even 50% is still high.
CPU utilization for five seconds: 55%/16%; one minute: 70%; five minutes: 76%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
104 5310320 2813117 1887 36.92% 46.73% 51.43% 0 IP Input
The below interface is our public interface and is constantly over utilized with 100% Is there any configurations that can be done to correct this? Is there any more information that is needed?
IOS: (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T4
Show IP Interface
FastEthernet0/0 is up, line protocol is up
Internet address is x.x.x.x
Broadcast address is x.x.x.x
Address determined by non-volatile memory
[code]....
My understanding is for insight to outside we need global and NAT, and for outside to inside we need static and ACL? Traffic goes to high to low, I'm just start working with 5505 recently.
View 2 Replies View Relatedmy 3750-E Core Stack is connected to the Provider Router and is the DG for the internal LAN. I saw that the CPU is very high also in the night, but I found not the problem. I use an SVI to connect the provider due to HA reasons. I sniffered the network but saw no ecessive broadcaststorms. There was a PBR configured but I deleted it wihtout any success..
switch Version
15.0(1)SE1
10#sh proc cpu so
[Code]......
We are experiencing with high CPU input due to ARP input between 20:30 and 22:30 every day At this time we have a lot of backup operations. When I look the netflow report, I can't see anything anormal.
We are changing our backup server's NIC card from 1gig to 10Gig. The backup operation's traffic is high (approx 2Gbps level) but 6509 has to be handle this size of traffic.
We are using two 6509E in VSS mode and our image version is s72033-adventerprisek9_wan-mz.122-33.SXJ.bin
20:00
show ip arp summary
--------------
2588 IP ARP entries, with 166 of them incomplete
[Code].....
We added Site02 for redundancy and DR. Also added new SAN and ESX hosts. The CPU on device Site01Server01 is not very happy when files are being transferred between the sites. Since the setup is the same at both sites, why is the problem only at site01?
Site02 is newer and we have two 3750X-24 with IOS 12.2(55)SE3 on ipservices, for site02server01; no problem.
Site01server01 is a stack of two 3750G-24PS with IOS 12.2(58)SE on ipservices.
[Code]....
We recently added about 400 users to our network for a total of 1000. Looking at the ASDM we are holding very tight to 75% utilization and we have 256mbs. This is also running IOS 8.2(1). Our firewall recently crashed after a major download was forced through it. This was after only being booted up for about a week. We had reloaded it a week prior after having ran it for about a year without issue. We havent made any changes in the last month other than adding more users to our network.
View 3 Replies View RelatedI have configured an ASA 5510 and 2960S 48 port switch in a lab environment. I have two laptops connected to seperate subinterfaces with server 2003 as dhcp server for one network. Everything has been working fine as we have been testing the ASA while also testing the csc smm module. When we came in today we noticed the csc module cpu is running at 100% constantly and http traffic is extremely slow. I have not yet received my smartnet contracts from the vendor or I would open a TAC case and I have read on the net that this is a common problem.
View 1 Replies View RelatedWe have Cisco ME3400 switch, with configuration described below.
GE0/1 port is uplink:
interface GigabitEthernet0/1
description ***MATED-IUB_C&U-Plan***
port-type nni
switchport trunk allowed vlan 331,450,4085
switchport mode trunk
GEo/2 is configured as below:
interface GigabitEthernet0/2
description ***From NIB***
port-type nni
switchport access vlan 4085
[URL]
We have also tried Loopguard feature enabled on all ports: but after some period same problem is repeated.
version information is below:
Cisco IOS Software, ME340x Software (ME340x-METROIPACCESSK9-M), Version 12.2(25)SEG3, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 25-Jul-07 22:56 by amvarma
I have a connection that is loosing packets, my show interface output below summarises the interface where i believe the problem is occuring. My Hardware is 6509 running 12.2
View 1 Replies View RelatedWe have cisoc 2821 at one of branch and created five sub inetrfaces for different vlans.Output of Show interface shows very frequent increase in the input error count.I have changed the physical cable and switch port on the other side.But still error rate is increasing.When the traffic is less error rate is low but with high traffic it is increasing drastically.My router process is very less(4%) only.What could be possible reason. [code]
View 8 Replies View Relatedwhat's the difference between High-power and High-gain wireless USB adapters.
View 5 Replies View RelatedFTP traffic routed from outside to the inside interface works fine. I have another interface with multiple sub-interfaces and vlans configured. FTP traffic routed from the outside to vlan2_servers is not making it through the firewall. I must be missing something. I have attached my config.
View 4 Replies View RelatedI can't move traffic (isakmp udp_port: 500 & ipsec nat traverse udp_port: 4500) from my dmz to the outside interface
View 1 Replies View RelatedI have a 7206VXR router doing policy routing with CEF enabled on all interfaces, no Cache Misses, Align Errors or failed buffers. CPU peaks up to 80% every two or three minutes. I suspect it is traffic related as I have a standby box and when it becomes the active on in the HSRP pair to high CPU load and LAN interface input errors follows it. see various show command output below. The router has a NPE-G1 and I'm using a gigabit port off of this on the LAn side and a E3 Frame Relay interface on the WAN side.
UK-DHC-Policy1#show buffersBuffer elements: 1118 in free list (1000 max allowed) 3539658545 hits, 0 misses, 1119 created
Public buffer pools:Small buffers, 104 bytes (total 50, permanent 50, peak 229 @
[Code].....
We are having Cisco ASA 5540 having Cisco Adaptive Security Appliance Software Version 8.0(5)23 at certain time of moment daily wer are facing latency and packetdrop wherin when I checked for ASA Interface which gives me " Input Errors" on outside interface ,so can any one tell me what are the causes to get input errors on cisco asa outisde interface.
View 2 Replies View RelatedWe are having issues with our Cisco 2811 when there a lot of traffic on the device. Usually the router is down around 5%-10%. Total traffic might be around 2.0 MB. This is a router we are using at a remote campus. We do HD video conferencing every friday. We have a 10 MB internet connection that has our VPN connection to the main campus on it. While doing these VTC, the totall traffic is about 6 MB. The CPU Utilization then rises to approx 75% cause call issues and loss of sound. With another test with no one using the connection for anything else the utilization went up to 35%. The router has 128 MB Ram in it. Does the router need more RAM or do we need a larger internet pipe.
View 7 Replies View Relatedi recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
[URL]
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).
I am having an issue pinpointing why my 2821 router is discarding so many packets when transferring data to our second site. The traffic flows from the local lan, to the router, where it is redirected via WCCP to a WAN optimization device, back to the router and over a GRE tunnel to the second site where the same process happens. The traffic does get there, but the LAN/Repeater router interfaces have around 20,000-60,000 input drops an hour. From the output below, it looks like traffic is being dropped by the RP.
I just restarted the router as a last resort, and here is what has accumulated in the last 30 min:
FastEthernet0/0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0025.840c.7680 (bia 0025.840c.7680)
[code]....
And CPU never goes above 40%
100
90
80
70
[code]...
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 4 6 7
mls qos srr-queue output cos-map queue 2 threshold 2 3(code)
since cos 5 is mapped to dscp 46 then this traffic would go into the priority queue. is this correct ?
my office is looking in ordering a HWIC-1FE to supply our cisco 1841 router with a second ISP connection. i wanted to find out if this card support load balancing and fail over? not sure if fail over is the right terminology so ill explain, i need it so that if one ISP connection goes down (as it does often) it fails over to the second ISP.
View 3 Replies View RelatedI am in the process of installing a 3750x (IOS 12.2 (53r) SE2 IP Base) Cisco Catalyst switch in a new network of just 2 PC's (2 hosts, OS windows7 64Bits). I have enabled SVI interfaces with the both hosts installed in 2 different network segments. We then start connectivity test. The response time for the PING command between both hosts remain below 1 millisecond, whereas the response time between the hosts and their correspondent SVI interface is variable, and at all time is higher than 1 millisecond, sometimes it reaches 17 milliseconds. (Note that the switch CPU usage is only 8% at the time of testing) We have performed this same connectivity test changing the 3750x switches and in two different locations obtaining the same results.
View 2 Replies View RelatedI have a Cisco 5548 Nexus switch with 10Gbase-SR interface transceiver. This interface is connected to Server chasis.
The show interface transceiver details output shows High ++ alarm for Current. Additionally, i am getting output errors on this interface.
My Expertise with Cisco ASA is Very less. I have observed Input errors in a Couple of Interfaces in Cisco ASA 5540 Firewall. [code] I need to Clear the Input errors on this particular Interface.Will Clear interface GigabitEthernet 0/0 will work?
View 4 Replies View RelatedI have Active Standby ASA5550 setup with VPN premium license. A few days back we had a requirement of SSL VPN connection for and we got a temporary from Cisco for same, this license expired and the ASA reverted to it's original license. 3 4 days after this we saw a sudden increase in CPU utilization (upto 90% + -5%) on the ASA during production hours but were not able to figure out the reason, in order to restore the services we failovered the firewall to secondary and everything worked fine. We were suspecting one of the following but there were no logs for any of this
1. The ASA hardware was haivng problem
2. Some client was doing a DoS attack to bring down the ASA (no logs for this as well).
We took a downtime to look further by failovering the ASA back to primary and it worked fine without any issues ruling out the 1st option. We also came across a licesing doc [URL]
Downgrading any license (for example, going from 10 contexts to 2 contexts).
# Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
As per this doc, sooner or later a restart was required on the ASA. We restarted secondary ASA and everthing was fine but when we restarted the primary ASA by swtiching over to secondary some of the server (not all) in the DMZ stopped working (even ICMP unreachable) and only came back to normal when the primary ASA was restored and working fine (with failover).
The reboot was done by shuting down the physical link between the Core switch and ASA inside individually.
I am not sure what could be the issue that the servers in the DMZ wen unreachable.
I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. How I can find the root cause of the CPU high utilization?
View 2 Replies View Relatedwe have ASA 5520 with IOS 8.0 , when i am trying to add more static routes on the inside interface the CPU utilization is going up. one faced the same issue. I am configuring through the cisco ASDM 6.1(3)f.
View 1 Replies View RelatedI am facing high CPU util on my pix 515 E which is in failover mode.During peak hours the util is see rising to 60% where as in off peak hours it is normally12%.
During normal operation the average utilisation was observed to be 30% but suddenly from 2/3 days it is constantly 60% doule the value as earlier. Have gone through the logs and traffic but not able to tarce anything particular
below is the o/p of some command taken for analysis
IOS version 8.0(4)
sh cpu usage
CPU utilization for 5 seconds = 51%; 1 minute: 61%; 5 minutes: 58%
sh cpu usage
[Code]......
I am seeing high cpu utilization on 5520.
fw# sh processes cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
0x081e1e11 0x6ddc1528 70.6% 66.5% 66.0% Dispatch Unit
0x08ed170c 0x6ddb9b48 1.6% 1.7% 1.8% Logger
0x08dd5f2c 0x6ddafee0 1.5% 1.5% 1.5% SNMP Notify Thread
0x08e8d045 0x6dd99348 0.1% 0.1% 0.1% ssh