Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2086
Views
5
Helpful
11
Replies

cisco ips 4270 unequal cpu utilization

srikanthmavelikara
Level 1
Level 1

‎10-27-2010 01:12 PM - edited ‎03-10-2019 05:10 AM

I am having 2 cisco IPS 4270 devices with an IOS version 7.0(2)E4. When monitoring through IPS manager, I am able to see 4 CPU's.

In CPU 1 the utilzation is showing near to 100 percent. CPU 2 is showing zero or very less utilsation. CPU 3 & CPU 4 are showing average utilization - nearly equal to 40 percent.

I doubt why i am getting zero percent CPU utilization in CPU 2 and 100 percent utilisation in CPU 1?

whether we can do a distribution of CPU among the four CPU's.?

Hey cisco folks, please help.

Labels:
0 Helpful
11 Replies 11

srikanthmavelikara
Level 1
Level 1

‎10-27-2010 10:55 PM

any body there who experienced the same issue.

0 Helpful

mikecrowe4ICS_2
Level 1
Level 1

‎10-27-2010 11:00 PM

This was mentioned in a previous post, specifically the reply by Scott Fringer.  Post here:

https://supportforums.cisco.com/message/3065777#3065777

In Scott's post, he quoted the E3 engine release notes regarding CPU utilization (highlighting mine):

  • The E3 signature engine update contains changes from CSCsu77935

The resolution of this defect modified the idle time algorithm of the sensor by applying additional CPU to polling of the NICs to decrease the polling interval and reduce latency. This results in the CPU usage being reported higher than in previous releases, including using external tools such as top and ps.

You can notice this additional CPU load on single-CPU platforms, as well as the primary CPU of multi-core systems. Since the additional CPU load that is reported while polling is actually available to process packets, and reduces as inspection load goes up, it does not negatively affect the overall throughput of the IPS.

So, what you are seeing should be considered normal, and doesn't need correction.  That is, unless you are seeing packet loss.

0 Helpful

srikanthmavelikara
Level 1
Level 1
In response to mikecrowe4ICS_2

‎10-27-2010 11:48 PM

can you please tell me why the utilisation of the cpu2 is showing very less or nearly equal to zero if at all  the utilisation of the cpu1 is crossing 100 percent.anything is related to the signatures or the scanning.

Anyway is that we can share the load accross the cpu...?

0 Helpful

srikanthmavelikara
Level 1
Level 1
In response to srikanthmavelikara

‎10-28-2010 04:49 AM

There is no document in cisco & and no bug which shows high CPU utilisation for the 7.0(2)E4 version..

All the documets are showing the high CPU utilisation for the E3 only

0 Helpful

srikanthmavelikara
Level 1
Level 1
In response to srikanthmavelikara

‎10-28-2010 10:47 PM

Anybody there who can give a reply to the note.

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to srikanthmavelikara

‎10-29-2010 03:20 AM

There has been no architectural change in terms of how drivers watch the packets in the Queue and keep punting it to sensorApp for processing thus consuming more cycles, therefore logic of high CPU applies to E4 as well, please go through the release notes of E4

To gauge the health of sensor you need to look at missed packet percentage in show stat vs0 and FIFO overruns counter in show interface, if the counter is clean/0 then you are safe, internally sensor intelligently manages the backlog/load in a non linear fashion, for customers/front end users easy interpretation we've filed an ENH requests which will go in some future release vehicle

CSCtf19088 ENH: Need means to identify how close an IPS is to overload

Hope it helps !

srikanthmavelikara
Level 1
Level 1
In response to abinjola

‎11-03-2010 12:46 AM

Whether we can find any document in cisco stating that E4 engine with the IOS 7.0(2) also causes high utilization.

0 Helpful

srikanthmavelikara
Level 1
Level 1
In response to abinjola

‎11-13-2010 03:20 AM

The CPU 2 of my ips is showing only very less or nearly equal to zero.

But the CPU1 is showing 100 percent tilisation &  CPU 2 & CPU 3 are showing average utilisation.

Why the CPU2 is showing very low or no traffic...?

0 Helpful

srikanthmavelikara
Level 1
Level 1
In response to abinjola

‎11-13-2010 03:23 AM

Hey cisco folks, any body there can respond to the query..?

0 Helpful

srikanthmavelikara
Level 1
Level 1
In response to abinjola

‎11-16-2010 03:23 AM

The CPU 2 is showing very less CPU compared to the other three. CPU 1 is showing nearly 100 percent

CPU3 & CPU 4 is showing average ( nearly 30 to 40 percent). Anybody have faced similar issues before ?

0 Helpful

Jim Thomas
Level 4
Level 4
In response to mikecrowe4ICS_2

‎02-17-2012 05:21 AM

Abinjola, are you saying here that the high CPU on processor 1 and less on Processor 2 is normal activity? Also, that link you posted is an internal link. can you pos the details to this thread?

Thanks

Jim

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card