All Cisco-Network Study Notes: High CPU Issues

High CPU Issues

FWSM may experience high CPU utilization for many reasons: misconfiguration, fixup of certain protocols, and too much traffic going across the FWSM. Work through the following steps to correct the high CPU utilization problems on the FWSM:

Step 1.	Take two "show processes" command outputs, about one minute apart. This will give you the difference in CPU utilization at intervals of one minute.
Step 2.	Calculate the difference in the number of processes taking the maximum amount of CPU in a one-minute interval. The values displayed are in milliseconds (ms). Be sure to exclude any polling thread.
Step 3.	Because the CPU shown is what is running on the CP (not the NPs), this limits the scope to: - Traffic sourced from the FWSM (mgmt, routing protocols, AAA, websense, syslog, and so on) - Traffic requiring L7 fixups (VoIP, PortMapper, ils, and so on)
Step 4.	Find out what and how many connections are on the CP by issuing the show pc conn command.
Step 5.	Typically high CPU utilization is caused by syslog, or the type of traffic hitting the CPU. Disable syslog or disable individual fixups until you uncover the utilization problem.

Remember that if the CP is experiencing high CPU utilization, this should not affect the flow of traffic across the FWSM that is processed by the NPs. However, if the NPs become busy (high CPU), then you could experience packet drops. There is no command available to show the CPU utilization on the NPs. However, if the NPs start sending PAUSE frames towards the two Pinnacle ASICs, that indicates how busy they are. You can get this information by using the following command:

FWSM(config)# show np 1 stats | include pause
! The following number should stay 0
PF_MNG: pause frames sent (x3)                     : 0
FWSM(config)# sh np 2 stats | include pause
PF_MNG: pause frames sent (x3)                     : 0
FWSM#

Ideally, you should see zero in the output of the previous command. If you see a number higher than zero, you should check the command output a few times to see if the number is incrementing. If it is incrementing, you might consider sniffing the traffic to analyze what is causing this extra overload.

Additionally, you can check the ingress queue on NP1 and NP2, as shown in Example 4-15, to see if they are filling up (another indication of high CPU utilization).