One session is utilizing 5-12% of CPU of my 5220 firewall

Reply
Highlighted

One session is utilizing 5-12% of CPU of my 5220 firewall

One session is utilizing 5-12% of CPU of my 5220 firewall.

 

Session ID: 2155872259

 

show session id 2155872259

 

 

Session 2155872259

Bad Key: c2s: 'c2s'
Bad Key: s2c: 's2c'
index(local): : 8388611

I am not able to check the session information. Getting bad Key error.

 

This session causing me extra 5-12 CPU utilazation. I tried clear the session but still its comming back.

NpN

Accepted Solutions
Highlighted
L2 Linker

Re: One session is utilizing 5-12% of CPU of my 5220 firewall

Since it is in the Slowpath stage, it has the session ID generated in the ingress-backlogs command but this is NOT searchable with CLI command ‘show session id id’ and will always give the error message below:

Bad Key: c2s: 'c2s' 
Bad Key: s2c: 's2c' 
index(local): : index number

 

This is of course because the session is not fully established and has not generated a session ID.

 

When investigating the ingress-backlogs command for spikes in traffic that cause latency or outages, finding the offender can be crucial in knowing the resolution path to take

Seeing a large amount of sessions that are in Group-ID 2 Slowpath stage lets you know that it is not currently being allowed, but may be generating large amounts of information which are impacting your buffers

 

Hope that answers your question.

 

Cheers!

Suresh

 

View solution in original post


All Replies
Highlighted
L2 Linker

Re: One session is utilizing 5-12% of CPU of my 5220 firewall

Since it is in the Slowpath stage, it has the session ID generated in the ingress-backlogs command but this is NOT searchable with CLI command ‘show session id id’ and will always give the error message below:

Bad Key: c2s: 'c2s' 
Bad Key: s2c: 's2c' 
index(local): : index number

 

This is of course because the session is not fully established and has not generated a session ID.

 

When investigating the ingress-backlogs command for spikes in traffic that cause latency or outages, finding the offender can be crucial in knowing the resolution path to take

Seeing a large amount of sessions that are in Group-ID 2 Slowpath stage lets you know that it is not currently being allowed, but may be generating large amounts of information which are impacting your buffers

 

Hope that answers your question.

 

Cheers!

Suresh

 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!