Cisco WAN :: 5540 - Memory Utilization Getting Higher When Adding Tunnel
Jul 21, 2011
We terminated about 25 site-to-site VPN tunnels on the Cisco ASA 5540 (2 GB RAM). It appears that the memory utilization is getting higher when adding the tunnel. We are planing to remove those 25 VPN tunnels out 5540, and soon we will add additional 40 VPN tunnels on it. So it will be total around 65 tunnels, and maybe add couple tunnels per year for the future grow, but about 25 VPN tunnels are using at all the time, the others are just backup purpose, standby only. We are looking for the new network device (router or ASA) to accommodate the needs. Which network device is better to handle VPN tunnel for this infrastructure?
We want to run ASA 8.4.x on an old ASA5540. We need to upgrade its memory to 2 GB with the following memory upgrade: ASA5540-MEM-2GB=
I suspect that we will completely remove the existing 1 GB of memory and replace it with 2 GB. If this is the case, can I use this 1 GB of memory removed from the ASA5540 and put it in a ASA5510 instead of buying a ASA5510-MEM-1GB= for the ASA5510?
I've deployed many Cisco PIX 501 v6.3.3 either as normal firewalling feature and/or with VPN features enabled. I noticed in all my deployments, regardless if it's during peak hours or after office hours, the memory utilization is always consistent 11MB utilized over the total of 16MB(memory default size).
I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. How I can find the root cause of the CPU high utilization?
Cisco 3845 router (256RAM / 64Flash), increases the cpu utilization upto 70~80 percent, during the time of high utilization, I am unable to run show command on router.The configuration is simple, this is connected with two internet links (24Mbps and 8Mbps) and its about 600~700 users are using internet.show version, show memory and show process cpu outputs are attached here.
I was looking at my CISCO ASA 5520 and i found something really strange
ciscoasa/VPN-context# sh mem detail Used memory: 4259249568 bytes (793%) ------------- ---------------- Total memory: 536870912 bytes (100%)
but when I look at the system context this is what I see
ciscoasa# sh mem Free memory: 170829000 bytes (32%) Used memory: 366041912 bytes (68%) ------------- ---------------- Total memory: 536870912 bytes (100%)
As far as I know the ASA is working good.
Info of the device Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz Internal ATA Compact Flash, 256MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB
We have a Cisco SA520 Router (Firmware 2.1.18)We are only using this for about 1 month now. Router seems ok its justI am worried about the Memory utilization which reach to 62% (144/234 MB)Is this something to worry about?How can I utilize this by lowering down the usage?
We have a 7206 router which acts as a MPLS Hub router for around 100+ remote locations. Bandwidh at mpls hub(terminated on this router) is 50 Mbps.
We have noticed that Memory utilization in this router gradually increases and when it reaches 100% this router hangs. It happence in frequesncy of 10 days and we have to restart the router when memory is 100%.
CPU utilization is normal i.e below 20%, WAN bandwidth will never cross 30mbps.
We had two PIXes in our environment and working as a active-failover mode. Its noted in now a days the active PIX memory utilization is 98% and for standby PIX it is 96%. And also in some times we were experiencing packet loss to the ip of active PIX and which reflects in the inside servers access also. During that time the active pix was not accessible via ssh as well as ASDM. We have tried reloading the PIX and changing failover state of the PIX, but it results only a temporary solution. Current memory installed is 128 MB (maximum upgraded), so a upgrade is also not possible. Please see the show command outputs from the PIX. Current Software version is 7.2(4)
sh memory output (PIX 1 - active) Free memory: 4850944 bytes ( 4%) Used memory: 129366784 bytes (96%)
[code]....
1) How we can pin point the root cause of this high memory utilization?
2) What might be the reason for the high memory utilization for the standby pix (96%), still the PIX is in idle state?
3) Is it a hardware issue or a memory leak issue, then how can we find out?
4) Is a software upgrade to new version resolves the memory issue?
We have one Catalyst 6506 ( with WS-SUP720-3B, IOS is 12.2(18)SXF14 ) and one Catalyst 6509 ( with WS-SUP720-3B, IOS is 12.2(18)SXF17a ). We used WhatsUP to collect I/O & process memory utilization for both switches. The memory utilization for Catalyst 6509 was ok, but it seems not correct for Catalyst 6506 ( show proc memory displayed the total memory is 512MB, but the WhatsUP displayed only 64MB only )
The switches see very few traffic (under 40MB on all interfaces, summed, so far), however, I/O memory utilization is about 80% as can be seen from the show memory command:
The memory allocated is almost all Packet Data, by init, "sho memory io dead" returns zero, the memory usage seems constant, there are no errors on the log, the switches operate correctly, no packet has ever been dropped, CPU usage is about 4%.
Here I showed info for one switch, the other is in the same situation. I just want to know if this behavior is expected, I don't want to find out problems when the switches will be in production whit real traffic.
I have the problem that our ciscoworks server gets out of memory after few days. The memory utilization is always getting higher an higher (above 95%). Sometimes it is only after 3 days and sometimes it is after 1 week. So it happens not regularly. I have made an screenshot from the services which use a lot of memory. And at this time the memory utilization is getting higher and higher again....I think there is a problem with tomcat or dbsrv10.exe, there are also a lot of cwjava.exe running.
We recently added about 400 users to our network for a total of 1000. Looking at the ASDM we are holding very tight to 75% utilization and we have 256mbs. This is also running IOS 8.2(1). Our firewall recently crashed after a major download was forced through it. This was after only being booted up for about a week. We had reloaded it a week prior after having ran it for about a year without issue. We havent made any changes in the last month other than adding more users to our network.
I have a Switch WS-C3750E-48PD-SF with IOS 12.2(58)SE2 which reports more than 80% in utilization of memory I don't know what is causing the high memory utilization.
We have 2 CSACS 1121 with Cisco ACS 5.2.0.26.10 The primary server manages 20000+ authentications per day. Its memory utilization increases everyday. It is now at 83% , there a limit?,What will happen when memory utilization reach this limit?,What can we do to purge memory utilization? (reboot, service restart.
I noticed on the 2960 switches we have deployed that are running the latest IOS, 12.2(58)SE2, memory utilization is really high (almost 80 percent). I have not noticed any side effects but I wanted to verify this is acceptable. My question is does the high memory utilization matter? I see this may be related to bug CSCtw83946 but no resolution is mentioned.
I did some testing various IOS revisions and below is what I have found using a WS-C2960-48TC-L with default configuration and only my laptop connected to a switchport in vlan1. You will notice memory utilization will grows with each version but jumps drastically with 58. One difference with 58 I needed to use a different command to retrieve memory utilization. The output was gathered by pasting the output of the show command into the Cisco Output Interpreter on their website.
IOS Show Command Output c2960-lanbasek9-mz.122-35.SE5.bin show memory [Code]....
I am facing high memory utilization in Cisco 2960 switch having IOS version 12.2(55)SE3.
The error we are getting is:
A "LiveHealthAlarm" event has occurred, from SwCiscoIOS device, named Switch2960. eHealth Alarm Start Time - Fri 09 Nov,2012 - 03:02:48 eHealth. Switch2960-RH-MemoryPool-Processor-Processor-1.Memory utilization high-Threshold set at 70%SPECTRUM ALARM ID|22233284 I have attached the logs also.
I have a new cisco 3750 stack comprised of 8 members (6 x 3750G-48PS and 2 x 3750V2-48PS) running 'c3750-ipservicesk9-mz.122-58.SE2.bin'. I am seeing high memory utilisation, it seems to sit fairly stable and I do not see an increase but this has only been running a few days. No errors or performance issues. Should this be a cause for concern?
We had a stack of 4 qty 3750g running IP base on ver 12.2.32, then installed a 3750x to the stack and upgraded the whole stack to 15.0.2 SE3. In doing so, we noticed that the memory utilization jumped from 60-70% to 83-84%.
We had the same issue occur when upgrading to 15.0.2 SE3 on another stack that was 6 qty 3750g running ip-services, but this one jumped to 90%. On the 6 qty stack, we downgraded to 12.2.55 and the memory util went back down to 60-70%.
On the mixed stack, we replaced the 3750x with another 3750g and downgraded the whole stack to 12.2.55, however, the memory utilization did not drop down. As far as I can tell, no config changes have changed from the original IOS.
I upgraded the newest IOS 15.0(1)SE for our SW C2960-24-TT-L, the process was succeseful. However, we found SW memory utilization raised to 82% this morning in normal situation. (Momery: Total 21341260, Used17471692) Did you guys meet the same problem after upgrading to 15.0(1)SE? I also would like to know what the normal memory utilization is? and what is the impact of memory utilization highly?
I upgrade the IOS of my switch 3560 from C3560-IPBASE-M), Version 12.2(25)SEB4, To C3560-IPBASEK9-M), Version 12.2(55)SE5 after that the utilizatio of the memory increase to 80% I attached the output of show memory statistics history
I am writing with regard to a high memory utilization that we have on a pair of line card WS-X6748-GE-TX and WS-X6724-SFP for a VSS 6500. I am enclosing a little part of the "show tech"of this VSS 6500 where is possible to see the high memory utilization of the line cards 1/1, 1/2, 2/1, and 2/2, in despite of having some ports in state connected. In addition of this, the IOS installed on VSS 6500 is s72033-ipservicesk9_wan-vz.122-33.SXI6.bin for checking if there are some bugs affecting the behaviour of the Switch for this case.
System Resources PFC operating mode: PFC3C Supervisor redundancy mode: administratively sso, operationally sso Switching resources: Sw/Mod Part number Series CEF mode 1/1 WS-X6748-GE-TX CEF720 CEF 1/2 WS-X6724-SFP CEF720 CEF
i have cisco asa 5540, users access vpn through anyconnect, i have applied split tunnel so that all users accessing internal network (10.0.0.0) grows through tunnel and other traffic through internet.. working fine.i want to fully tunnel one user so that all his traffic goes through the tunnel, what is the best way to do it, "is there any guide (step by step)"
We have ASA 5540. We setup Site-to-Site VPN and Remote Access VPN (Cisco VPN client). If are running full tunnel on the Cisco VPN client, the internet access is slow. For example, when we are running full-tunnel, the internet speed is 16 Mbps based on Speedtest.net. When we go to Speedtest.net, some of the graphics do not load. If we are running Split-tunnel, the internet access speed is 78 Mbps based on Speedtest.net and the Speedtest.net web site loads all the graphics.
This has to be the most weirdest issue I have seen since the past year on my ASA. I have an ASA 5540 running the 8.4(2) code without any issues until I stumbled upon this problem last week and I have spent sleepless nights with no resolution! So, take a deep breath and here is a brief description of my setup and the problem:
A Simple IPSEC tunnel between my ASA 5540 8.4(2) and a Juniper SSG 140 screen OS 6.3.0r9.0(route based VPN)
The tunnel comes up without any issues but the ASA refuses to encrypt the traffic but decrypts it with GLORY! below are some debug outputs, show outputs and a packet tracer output which also has an explanation of my WEIRD NAT issue:
My setup - ( I wont get into the tunnel encryption details as my tunnel negotiations are **** perfect and comes up right off the bat when the ASA is configured as answer only)
As you can see, there is no echo reply packet at all as the packet is not being encapsulated while it is being sent back. I have been going mad with this. Also, this is a live production multi tenant firewall with no issues at all apart from this ****** ip sec tunnel to a juniper!!
Also, the 192.168.10.0/24 is another IP Sec tunnel remote network to this 10.2.4.0/28 network and this IP SEC tunnel has a similar Juniper SSG 140 screen os 6.3.0r9.0 at the remote end and this woks like a charm without any issues, but the 171 is not being encrypted by the ASA at all.
We have a Cisco ASA 5520 supporting multiple VPNs - both remote-access and Lan-to-Lan. We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels.
We have an ASA5520 version 8.3(1) We have an existing VPN tunnel between us and our partner site. We need to add a new vlan to our existing VPN tunnel.
Where do we need to add the new vlan to in ASDM interface? Looking through using ASDM, I found 3 places.
We have a Cisco 3845 router for Site 2 Site VPN tunnels to external business partners. The IOS is (C3845-ADVIPSERVICESK9-M), Version 12.4(15)T8.One of our partners is doing a DR test and needs to have us swing the VPN traffic to another peer in a test location temporarily. I plan on adding the test hosts to our existing encryption ACL, but instead of building another crypto map, I was wondering if I can add a secondary peer to the existing one?
I am having issues getting my ASA 5540 at site A, to pass TFTP and SYSLOG from itself across the IPSEC tunnel to our SYSMON servers (Syslog and TFTP) that live at site B. I have followed the suggestions of other threads and I am still not getting anywhere. Here is a quick topology diagram.
