Nokia IP380 High CPU usage, vmstat

Dear all

we have a nokia IP380, running Checkpoint FW1 NGX R60, HFA01.

Since a few weeks we notice very high CPU usage values.

Is it normal, that we have such a high "sy" (kernel) usage, but only few "us" (user) usage when the system has a lot of traffic? Could it be another problem?

here's the vmstat log:

procs memory page faults cpu r b w avm fre flt re pi po fr sr w0 in sy cs us sy id 0 0 0 6832 27924 1 0 0 0 0 0 0 1922 584 19 0 63

36 0 0 0 6780 27924 1 0 0 0 0 0 0 1515 686 22 0 13 87 0 0 0 6780 27924 1 0 0 0 0 0 0 1231 575 18 0 1 98 0 0 0 6780 27924 1 0 0 0 0 0 0 1538 667 21 0 12 88 0 0 0 7436 27924 1 0 0 0 0 0 0 1731 604 19 0 17 83 0 0 0 7436 27924 1 0 0 0 0 0 0 1683 549 18 0 27 73 0 0 0 7436 27924 1 0 0 4 0 0 10 2079 543 21 0 44 56 0 0 0 7436 27924 9 0 0 0 0 0 0 1679 1128 22 1 72 27 0 0 0 7436 27924 1 0 0 0 0 0 0 1725 610 19 0 89 11 0 0 0 7436 27924 1 0 0 0 0 0 0 1714 913 63 0 90 10 0 0 0 7436 27920 1 0 0 0 0 0 0 1927 744 23 0 92 7 0 0 0 7488 27920 1 0 0 0 0 0 0 1705 568 19 0 90 9 1 0 0 7488 27920 1 0 0 0 0 0 0 1714 648 21 0 92 7 0 0 0 7488 27920 1 0 0 0 0 0 0 1506 589 21 0 97 3 0 0 0 7488 27920 1 0 0 0 0 0 0 1678 584 19 0 94 6 0 0 0 7488 27920 1 0 0 0 0 0 0 1566 562 18 0 96 4 0 0 0 7436 27920 1 0 0 0 0 0 0 1676 696 22 0 91 8 0 0 0 7436 27920 1 0 0 0 0 0 0 1399 593 20 0 96 4 procs memory page faults cpu r b w avm fre flt re pi po fr sr w0 in sy cs us sy id 0 0 0 7436 27920 1 0 0 0 0 0 0 1835 701 22 0 96 3 0 0 0 7436 27920 1 0 0 0 0 0 0 1841 562 19 0 97 3 0 0 0 7500 27920 1 0 0 0 0 0 0 1317 628 20 0 99 1 0 0 0 7500 27920 1 0 0 0 0 0 0 1428 527 17 0 97 3 0 0 0 6844 27920 2 0 0 0 0 0 0 1763 648 22 0 97 2 0 0 0 6844 27920 1 0 0 0 0 0 0 1486 534 17 0 98 2 0 0 0 6844 27920 1 0 0 0 0 0 0 1741 598 20 0 28 72 1 0 0 6952 27920 2 0 0 0 1 0 1 1644 10689 28 2 97 1 0 0 0 6952 27920 3 0 0 0 0 0 2 1710 14903 45 1 96 3 0 0 0 6952 27920 1 0 0 0 0 0 0 1669 552 18 0 96 4 0 0 0 6588 27920 1 0 0 0 0 0 0 1620 552 18 0 97 3 0 0 0 6588 27920 1 0 0 0 0 0 0 1653 840 26 0 95 5 0 0 0 6536 27920 1 0 0 0 0 0 0 1504 548 20 0 96 4 2 0 0 6536 27920 1 0 0 0 0 0 0 1646 616 19 0 95 4 2 0 0 7192 27920 1 0 0 0 0 0 0 1966 606 21 0 94 6 1 0 0 7192 27920 1 0 0 0 0 0 0 1816 658 21 0 95 5 0 0 0 7192 27920 1 0 0 0 0 0 0 1660 525 18 0 97 3 0 0 0 7192 27920 2 0 0 4 0 0 17 1302 644 24 0 99 1

Thanks for any ideas and hints.

Reply to
Rene Obrecht
Loading thread data ...

I've seen, that this might be caused by FTP Traffic. With FTP the "user" Process usage is near 0.

When I connect to our Nokia IP380 via FTP and download a big file from there, the system usage is about 60% is that normal?

Thanks

Reply to
Rene Obrecht

You should examine the syslogs during the spike period and check for stats per interface. You may have large traffic volume on a particular interface. I saw consistent 100% CPU utilization by something as simple as a misconfigured route for a syslog server. The firewall sent the syslog message out the wrong interface and an external router bounced it back. It would then view it's own packet coming aback and report it as a spoof, which generetaed another syslog message. the loop produce 50mb/s on a single interface and 100% cpu.

Any Debug options should be turned off. Debug is often processor intensive on many platforms.

Reply to
DigitalVinyl

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.