[c-nsp] High memory usage of Cisco PIX 515e

Dave C dcollin4 at gmail.com
Thu Jun 2 14:37:37 EDT 2011 

There is a known memory hole with 6.x or certain versions of 7.x code.
Check the code of the PIX you are running and you may need to upgrade to a
more stable IOS.

On Thu, Jun 2, 2011 at 2:59 AM, teklay gebremichael <teklish76 at yahoo.com>wrote:

> hello,
> I am observing increased memory usage of my Cisco PIX firewall. I tried
> even to
> graph the memory usage and cpu utilization using MRTG.
> the cpu utilization seems ok but the memory is almost used up even when the
> link
> to the internet is down. the PIX has 67MB of RAM.
> i am always getting slow connection with 50Mbps link to the Internet. there
> was
> a problem in my ISP that we didn't have connection to the internet for two
> days,
> but still the memory utilization was from 4%-12%(when our users are not
> connected to the outside) during these days. there are times even when the
> free
> memory drops down to 1.5%.  Then i tried  to turn off logging in case
> logging
> could be using more memory. but i didn't see any difference. some of the
> statistics are as follows.
>
> # sh mem detail
> Free memory:                       2918496 bytes ( 4%)
> Used memory:
>     Allocated memory in use:     42545712 bytes (63%)
>     Reserved memory:             21644656 bytes (32%)
> -----------------------------   ----------------
> Total memory:                     67108864 bytes (100%)
>
> Least free memory:          69704 bytes ( 0%)
> Most used memory:        67039160 bytes (100%)
>
> and the CPU usage is like the following.
> pix# sh cpu u
> CPU utilization for 5 seconds = 30%; 1 minute: 30%; 5 minutes: 29%
>
> And the number of connections
>
> pix# sh conn count
> 9597 in use, 22745 most used
> pix# sh xlate count
> 14101 in use, 26759 most used
>
> pix# sh run timeout
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
> 0:05:00
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
> 0:02:00
> timeout uauth 0:05:00 absolute
>
>
>  So, I appreciate in advance any suggestions on how to proceed to solve
> this
> problem.
>
> Best regards,
> Teklay
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list