Cisco Firewall :: Very High Memory Utilization In PIX 515e?
Feb 15, 2012
We had two PIXes in our environment and working as a active-failover mode. Its noted in now a days the active PIX memory utilization is 98% and for standby PIX it is 96%. And also in some times we were experiencing packet loss to the ip of active PIX and which reflects in the inside servers access also. During that time the active pix was not accessible via ssh as well as ASDM. We have tried reloading the PIX and changing failover state of the PIX, but it results only a temporary solution. Current memory installed is 128 MB (maximum upgraded), so a upgrade is also not possible. Please see the show command outputs from the PIX. Current Software version is 7.2(4)
sh memory output (PIX 1 - active)
Free memory: 4850944 bytes ( 4%)
Used memory: 129366784 bytes (96%)
[code]....
1) How we can pin point the root cause of this high memory utilization?
2) What might be the reason for the high memory utilization for the standby pix (96%), still the PIX is in idle state?
3) Is it a hardware issue or a memory leak issue, then how can we find out?
4) Is a software upgrade to new version resolves the memory issue?
View 10 Replies
ADVERTISEMENT
Aug 9, 2012
I am facing high CPU util on my pix 515 E which is in failover mode.During peak hours the util is see rising to 60% where as in off peak hours it is normally12%.
During normal operation the average utilisation was observed to be 30% but suddenly from 2/3 days it is constantly 60% doule the value as earlier. Have gone through the logs and traffic but not able to tarce anything particular
below is the o/p of some command taken for analysis
IOS version 8.0(4)
sh cpu usage
CPU utilization for 5 seconds = 51%; 1 minute: 61%; 5 minutes: 58%
sh cpu usage
[Code]......
View 1 Replies
View Related
Sep 13, 2012
We recently added about 400 users to our network for a total of 1000. Looking at the ASDM we are holding very tight to 75% utilization and we have 256mbs. This is also running IOS 8.2(1). Our firewall recently crashed after a major download was forced through it. This was after only being booted up for about a week. We had reloaded it a week prior after having ran it for about a year without issue. We havent made any changes in the last month other than adding more users to our network.
View 3 Replies
View Related
Oct 12, 2011
What causes LMS 4.1 to have high memory utilization?
View 4 Replies
View Related
Jul 29, 2012
We have a 7206 router which acts as a MPLS Hub router for around 100+ remote locations. Bandwidh at mpls hub(terminated on this router) is 50 Mbps.
We have noticed that Memory utilization in this router gradually increases and when it reaches 100% this router hangs. It happence in frequesncy of 10 days and we have to restart the router when memory is 100%.
CPU utilization is normal i.e below 20%, WAN bandwidth will never cross 30mbps.
We are running OSPF on this router
View 1 Replies
View Related
Oct 26, 2011
We recently installed two 2960, both of them with this fw version:
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
The switches see very few traffic (under 40MB on all interfaces, summed, so far), however, I/O memory utilization is about 80% as can be seen from the show memory command:
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 2B89A18 73969000 27198964 46770036 45060368 29367536
I/O 6200000 14680064 12185292 2494772 2323116 2380896
Driver te 1A00000 1048576 44 1048532 1048532 1048532
The memory allocated is almost all Packet Data, by init, "sho memory io dead" returns zero, the memory usage seems constant, there are no errors on the log, the switches operate correctly, no packet has ever been dropped, CPU usage is about 4%.
Here I showed info for one switch, the other is in the same situation. I just want to know if this behavior is expected, I don't want to find out problems when the switches will be in production whit real traffic.
View 5 Replies
View Related
Sep 18, 2011
I have the problem that our ciscoworks server gets out of memory after few days. The memory utilization is always getting higher an higher (above 95%). Sometimes it is only after 3 days and sometimes it is after 1 week. So it happens not regularly. I have made an screenshot from the services which use a lot of memory. And at this time the memory utilization is getting higher and higher again....I think there is a problem with tomcat or dbsrv10.exe, there are also a lot of cwjava.exe running.
View 8 Replies
View Related
Sep 6, 2012
I have a Switch WS-C3750E-48PD-SF with IOS 12.2(58)SE2 which reports more than 80% in utilization of memory I don't know what is causing the high memory utilization.
View 14 Replies
View Related
Dec 6, 2011
I've noticed that my 6509's running VSS seem to have high I/O memory utilization.
I/O memory: Sw/Mod Bytes: Total Used %Used
1/1 8126344 7886544 97%
1/2 11796240 11442472 97%
1/5 RP 12058384 10715832 89%
1/5 SP 8388608 8104304 97%
1/7 8126344 7886544 97%
[code]....
View 5 Replies
View Related
May 2, 2013
I noticed on the 2960 switches we have deployed that are running the latest IOS, 12.2(58)SE2, memory utilization is really high (almost 80 percent). I have not noticed any side effects but I wanted to verify this is acceptable. My question is does the high memory utilization matter? I see this may be related to bug CSCtw83946 but no resolution is mentioned.
I did some testing various IOS revisions and below is what I have found using a WS-C2960-48TC-L with default configuration and only my laptop connected to a switchport in vlan1. You will notice memory utilization will grows with each version but jumps drastically with 58. One difference with 58 I needed to use a different command to retrieve memory utilization. The output was gathered by pasting the output of the show command into the Cisco Output Interpreter on their website.
IOS
Show Command
Output
c2960-lanbasek9-mz.122-35.SE5.bin
show memory
[Code]....
View 8 Replies
View Related
Nov 9, 2012
I am facing high memory utilization in Cisco 2960 switch having IOS version 12.2(55)SE3.
The error we are getting is:
A "LiveHealthAlarm" event has occurred, from SwCiscoIOS device, named Switch2960. eHealth Alarm Start Time - Fri 09 Nov,2012 - 03:02:48 eHealth. Switch2960-RH-MemoryPool-Processor-Processor-1.Memory utilization high-Threshold set at 70%SPECTRUM ALARM ID|22233284 I have attached the logs also.
View 3 Replies
View Related
Jan 21, 2012
I have a new cisco 3750 stack comprised of 8 members (6 x 3750G-48PS and 2 x 3750V2-48PS) running 'c3750-ipservicesk9-mz.122-58.SE2.bin'. I am seeing high memory utilisation, it seems to sit fairly stable and I do not see an increase but this has only been running a few days. No errors or performance issues. Should this be a cause for concern?
View 3 Replies
View Related
Jun 11, 2013
We had a stack of 4 qty 3750g running IP base on ver 12.2.32, then installed a 3750x to the stack and upgraded the whole stack to 15.0.2 SE3. In doing so, we noticed that the memory utilization jumped from 60-70% to 83-84%.
We had the same issue occur when upgrading to 15.0.2 SE3 on another stack that was 6 qty 3750g running ip-services, but this one jumped to 90%. On the 6 qty stack, we downgraded to 12.2.55 and the memory util went back down to 60-70%.
On the mixed stack, we replaced the 3750x with another 3750g and downgraded the whole stack to 12.2.55, however, the memory utilization did not drop down. As far as I can tell, no config changes have changed from the original IOS.
View 4 Replies
View Related
Nov 8, 2011
I upgraded the newest IOS 15.0(1)SE for our SW C2960-24-TT-L, the process was succeseful. However, we found SW memory utilization raised to 82% this morning in normal situation. (Momery: Total 21341260, Used17471692) Did you guys meet the same problem after upgrading to 15.0(1)SE? I also would like to know what the normal memory utilization is? and what is the impact of memory utilization highly?
View 8 Replies
View Related
Mar 5, 2013
I upgrade the IOS of my switch 3560 from C3560-IPBASE-M), Version 12.2(25)SEB4, To C3560-IPBASEK9-M), Version 12.2(55)SE5 after that the utilizatio of the memory increase to 80% I attached the output of show memory statistics history
View 5 Replies
View Related
Apr 15, 2012
I am writing with regard to a high memory utilization that we have on a pair of line card WS-X6748-GE-TX and WS-X6724-SFP for a VSS 6500. I am enclosing a little part of the "show tech"of this VSS 6500 where is possible to see the high memory utilization of the line cards 1/1, 1/2, 2/1, and 2/2, in despite of having some ports in state connected. In addition of this, the IOS installed on VSS 6500 is s72033-ipservicesk9_wan-vz.122-33.SXI6.bin for checking if there are some bugs affecting the behaviour of the Switch for this case.
System Resources
PFC operating mode: PFC3C
Supervisor redundancy mode: administratively sso, operationally sso
Switching resources: Sw/Mod Part number Series CEF mode
1/1 WS-X6748-GE-TX CEF720 CEF
1/2 WS-X6724-SFP CEF720 CEF
[code]....
View 1 Replies
View Related
Mar 29, 2013
My Pix seems to have a memory leak ?
Result of the command: "sh memory"
Free memory: 6088072 bytes ( 9%)
Used memory: 61020792 bytes (91%)
------------- ----------------
Total memory: 67108864 bytes (100%)
This is 30mins after a restart. Seem like it gets worse and worse until i cant even connect to the ASDM.
I have Tried turning off loggin as well as some connection timeout commands.
View 1 Replies
View Related
Mar 17, 2011
I am using a Pix515E with 8.0(3) and 128MB RAM. It ran OK for months but has recently had several episodes during which it produced streams of memory allocation failures (syslog 211001). When in this condition I could not log into the VPN. It was still operating but some users were having problems and I eventually had to restart it.
The traffic load is typically 10Mbps, and the max number of connections is around 10,000 but typically 5,000. The CPU usage is 10%-20%. There is 1 VPN with normally 1 client. The memory usage is always high, between 115MB and 120MB but during these problems it creeps higher.
Why might the memory usage be so high when my network load is quite light for the 515E? What circumstances cause the memory usage to increase during operation? Is there anything I can do to prevent the memory usage increasing to the point where the PIX crashes?
I have a second 515E with 8.0(4)32 and 64MB RAM, loaded with the same config. I have not had this one in service, but off-line it is using 53MB of memory. If the spare pix needs 53MB to load the firmware and my config, why does the other one use 115MB?
View 3 Replies
View Related
Jul 6, 2011
I've deployed many Cisco PIX 501 v6.3.3 either as normal firewalling feature and/or with VPN features enabled. I noticed in all my deployments, regardless if it's during peak hours or after office hours, the memory utilization is always consistent 11MB utilized over the total of 16MB(memory default size).
View 3 Replies
View Related
May 2, 2013
I was looking at my CISCO ASA 5520 and i found something really strange
ciscoasa/VPN-context# sh mem detail
Used memory: 4259249568 bytes (793%)
------------- ----------------
Total memory: 536870912 bytes (100%)
but when I look at the system context this is what I see
ciscoasa# sh mem
Free memory: 170829000 bytes (32%)
Used memory: 366041912 bytes (68%)
------------- ----------------
Total memory: 536870912 bytes (100%)
As far as I know the ASA is working good.
Info of the device
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
View 3 Replies
View Related
Nov 21, 2012
Just want to check with you about memory utilization on the Asa 5510 ..
Free memory: 19%
Used Memory: 81%
Is this normal? Because we hade a problem this morning and the memory was at 100%..
Device Manager version 6.1(5) 57
Hardware: ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
View 4 Replies
View Related
Dec 14, 2011
I am facing high cpu util issue 80% in pix 515E with IOS 7.2(4).When a syslog is enable for informational/warnings level traps the util goes to 80% where as other wise it is observed to be 36-37%.When i changed the trap level to alert the util seems to be normal, only the issue is when warning and info traps are configured, prior to the issue the same settings were working absolutely fine ,suddendly the util issue has occured.
View 3 Replies
View Related
Jul 3, 2012
Come across pix 525 with 7.2.4 , 256 MB RAM, experienceing high memory utilization ?.show memory was giving used memory = 97%.All I had done was, i did a reboot of the firewall since we were not able to take the control of the f/w.I wonder why only the standby f/w had this issue and not the primary does not have, just to rule out that it was not due to Traffic.I have searched in bugtool kits and support forums and did not find anything relevant except for a similar issue for ASA CSCsg43844.
View 3 Replies
View Related
Mar 10, 2013
I have Active Standby ASA5550 setup with VPN premium license. A few days back we had a requirement of SSL VPN connection for and we got a temporary from Cisco for same, this license expired and the ASA reverted to it's original license. 3 4 days after this we saw a sudden increase in CPU utilization (upto 90% + -5%) on the ASA during production hours but were not able to figure out the reason, in order to restore the services we failovered the firewall to secondary and everything worked fine. We were suspecting one of the following but there were no logs for any of this
1. The ASA hardware was haivng problem
2. Some client was doing a DoS attack to bring down the ASA (no logs for this as well).
We took a downtime to look further by failovering the ASA back to primary and it worked fine without any issues ruling out the 1st option. We also came across a licesing doc [URL]
Downgrading any license (for example, going from 10 contexts to 2 contexts).
# Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
As per this doc, sooner or later a restart was required on the ASA. We restarted secondary ASA and everthing was fine but when we restarted the primary ASA by swtiching over to secondary some of the server (not all) in the DMZ stopped working (even ICMP unreachable) and only came back to normal when the primary ASA was restored and working fine (with failover).
The reboot was done by shuting down the physical link between the Core switch and ASA inside individually.
I am not sure what could be the issue that the servers in the DMZ wen unreachable.
View 0 Replies
View Related
May 11, 2008
I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. How I can find the root cause of the CPU high utilization?
View 2 Replies
View Related
Dec 22, 2012
we have ASA 5520 with IOS 8.0 , when i am trying to add more static routes on the inside interface the CPU utilization is going up. one faced the same issue. I am configuring through the cisco ASDM 6.1(3)f.
View 1 Replies
View Related
Sep 25, 2012
I am seeing high cpu utilization on 5520.
fw# sh processes cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
0x081e1e11 0x6ddc1528 70.6% 66.5% 66.0% Dispatch Unit
0x08ed170c 0x6ddb9b48 1.6% 1.7% 1.8% Logger
0x08dd5f2c 0x6ddafee0 1.5% 1.5% 1.5% SNMP Notify Thread
0x08e8d045 0x6dd99348 0.1% 0.1% 0.1% ssh
View 2 Replies
View Related
Feb 22, 2013
Would like to ask for everyones assistance with regards to the problems we are encountering on our PIX525 firewall. Our encountered problem is as follow."PIX 525 experience sudden high CPU utilization every time a Vulnerability System Scan (third part app) is conducted. Based on the previous experiences, the high CPU utilization where experience when a host on a particular VLAN (214) is being scanned. Whenever we removed the said VLAN (214) in the network the CPU utilization of PIX 525 comes back to normal and all connectivity were resumed."The problem just recently appeared, we are conducting vulnerability system scan before and it goes successfully.
View 5 Replies
View Related
May 22, 2012
We have a 6509 core with the below modules running for a long time and the utilization used to be always 10 to 13 percent checking with the supplier it was told to us that due to the firewall modue we have and its normal Now 2 days back i noticed the utilzation had jumped to 90 % and now it happened again
I see that on runnung proc cpu
16407 56.1% 56.5% 55.9% ios-base
16430 35.3% 35.2% 33.9% iprouting.iosproc
the modules present
Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 6 Firewall Module WS-SVC-FWM-1 SAD140901XA 3 16 16 port 1000mb GBIC ethernet
[Code].....
View 1 Replies
View Related
Nov 7, 2011
We have an active-active pair of cisco ASA5580-20 with software version 8.4(1)9. There are 8 contexts on it (including admin and system). 1 context is active on Primary node and other 7 are active on Secondary node. User traffic is going through this 1 context (2 interfaces - inside to users, outside to internet) and there are peaks to 1.16M concurrent connections, max bandwidth is 1.25Gbps. CPU usage for this context in peak hours is 63%, but we noticed that when we run "show cpu usage context all" from system it shows that system context is using 25% of CPU and "Total CPU utilization" (form output of show cpu detailed - on system context) is 88% which is bad. In non peak hours - user context use 33.6% CPU, system use 14.5%, total CPU usage is 50.5% So, is it normal this cpu utilization on system context (system on Primary node)?
View 1 Replies
View Related
May 30, 2011
We have several ASA5540s and 5510s (v8.4.1) being managed by CSM (4.1) Every so often several of the ASAs will send SNMP messages to CSM stating very high CPU utilization reached, usually between 150% and 400% - sometimes as high as 4million %.Obviously you can't get greater than 100%.
View 1 Replies
View Related
Feb 13, 2013
I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error..So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
View 2 Replies
View Related
Jun 1, 2011
Cisco 3845 router (256RAM / 64Flash), increases the cpu utilization upto 70~80 percent, during the time of high utilization, I am unable to run show command on router.The configuration is simple, this is connected with two internet links (24Mbps and 8Mbps) and its about 600~700 users are using internet.show version, show memory and show process cpu outputs are attached here.
View 7 Replies
View Related
