Cisco Cisco ASA 5512-X Adaptive Security Appliance - No Payload Encryption 문제 해결 가이드
for longer than it should, the ASA records this as a CPU hog event since the process "hogged" the
CPU. The CPU hog threshold is set in milliseconds, and is different for each hardware appliance
model. The threshold is based on how long it could take to fill the interface FIFO queue given the
CPU power of the hardware platform and the potential traffic rates the device can handle.
CPU. The CPU hog threshold is set in milliseconds, and is different for each hardware appliance
model. The threshold is based on how long it could take to fill the interface FIFO queue given the
CPU power of the hardware platform and the potential traffic rates the device can handle.
CPU hogs sometimes cause interface overrun errors on single-core ASAs, such as the 5505,
5510, 5520, 5540, and 5550. The long hogs, that last for 100 milliseconds or more, can especially
cause overruns to occur for relatively low traffic levels and non-bursty traffic rates. The problem
does not impact multi-core systems as much, since other cores can pull packets off of a Rx ring if
one of the CPU cores is hogged by a process.
5510, 5520, 5540, and 5550. The long hogs, that last for 100 milliseconds or more, can especially
cause overruns to occur for relatively low traffic levels and non-bursty traffic rates. The problem
does not impact multi-core systems as much, since other cores can pull packets off of a Rx ring if
one of the CPU cores is hogged by a process.
A hog that lasts more than the device threshold causes a syslog to be generated with id 711004,
as shown here:
as shown here:
Feb 06 2013 14:40:42: %ASA-4-711004: Task ran for 60 msec, Process = ssh, PC = 90b0155, Call
stack = Feb 06 2013 14:40:42: %ASA-4-711004: Task ran for 60 msec, Process = ssh, PC = 90b0155,
Call stack = 0x090b0155 0x090bf3b6 0x090b3b84 0x090b3f6e 0x090b4459 0x090b44d6 0x08c46fcc
0x09860ca0 0x080fad6d 0x080efa5a 0x080f0a1c 0x0806922c
CPU hog events are also recorded by the system. The output of the show proc cpu-hog
command displays these fields:
command displays these fields:
Process - the name of the process that hogged the CPU.
●
PROC_PC_TOTAL - the total number of times that this process hogged the CPU.
●
MAXHOG - the longest CPU hog time observed for that process, in milliseconds.
●
LASTHOG - the amount of time the last hog held the CPU, in milliseconds.
●
LASTHOG At - the time the CPU hog last occurred.
●
PC - the program counter value of the process when the CPU hog occurred. (Information for
the Cisco Technical Assistance Center (TAC))
the Cisco Technical Assistance Center (TAC))
●
Call stack - the call stack of the process when the CPU hog occurred. (Information for the
Cisco TAC)
Cisco TAC)
●
This example shows the show proc cpu-hog command output:
ASA# show proc cpu-hog
Process: ssh, PROC_PC_TOTAL: 1, MAXHOG: 119, LASTHOG: 119
LASTHOG At: 12:25:33 EST Jun 6 2012
PC: 0x08e7b225 (suspend)
Process: ssh, NUMHOG: 1, MAXHOG: 119, LASTHOG: 119
LASTHOG At: 12:25:33 EST Jun 6 2012
PC: 0x08e7b225 (suspend)
Call stack: 0x08e7b225 0x08e8a106 0x08e7ebf4 0x08e7efde 0x08e7f4c9 0x08e7f546 0x08a7789c
0x095a3f60 0x080e7e3d 0x080dcfa2 0x080ddf5c 0x0806897c
CPU hog threshold (msec): 10.240
Last cleared: 12:25:28 EST Jun 6 2012
ASA#
The ASA SSH process held the CPU for 119ms on 12:25:33 EST June 6th 2012.
If overrun errors continually increase on an interface, check the output of the show proc cpu-hog
command in order to see if CPU hog events correlate with an increase in the interface overrun
counter. If you find that the CPU hogs contribute to the interface overruns errors, it is best to
search for bugs with the
command in order to see if CPU hog events correlate with an increase in the interface overrun
counter. If you find that the CPU hogs contribute to the interface overruns errors, it is best to
search for bugs with the
, or raise a case with the Cisco TAC. The output of the show
tech-support command also includes the show proc cpu-hog command output.