No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ-E8160E SPU CPU high issue

Publication Date:  2015-05-12 Views:  225 Downloads:  0

Issue Description

We got following alarms for the CPU usage of the SPU slot. It lasted for a few minutes and sometimes an hour.

===============display alarm all===============
23:30:29  2015/01/25
Index  Level      Date      Time                        Info
1      Error      15-01-25  11:18:10    The CPU utilization of SPU 8/2 (Entity ) crosses the warning/critical threshold
2      Error      15-01-25  09:56:58    The CPU utilization of SPU 8/0 (Entity) crosses the warning/critical threshold
3      Error      15-01-25  09:28:31    The CPU utilization of SPU 8/3 (Entity) crosses the warning/critical threshold



Problem Analysis:-

1. While checking the logs from the firewall, we can found abnormal CPU usage information. The ASPF occupied a lot CPU source.
Jan 24 2015 11:24:55+03:00 QRN-NAT-02 %%01SRM/4/CPU_USAGE_HIGH(l)[5498]:Slot=8/1,Vcpu=0;Board 8/1  The CPU is overloaded, and the tasks with top three CPU occupancy are ASPF(76%), IPCQ(1%), TICK(1%). (CpuUsage=91%, Threshold=80%)
Jan 25 2015 12:52:56+03:00 QRN-NAT-02 %%01SRM/4/CPU_USAGE_HIGH(l)[5557]:Slot=8/3,Vcpu=0;Board 8/3  The CPU is overloaded, and the tasks with top three CPU occupancy are ASPF(81%), IPCQ(1%), TICK(0%). (CpuUsage=90%, Threshold=80%)
Jan 26 2015 16:09:01+03:00 QRN-NAT-02 %%01SRM/4/CPU_USAGE_HIGH(l)[5618]:Slot=8/1,Vcpu=0;Board 8/1  The CPU is overloaded, and the tasks with top three CPU occupancy are ASPF(64%), IPCQ(1%), TICK(1%). (CpuUsage=81%, Threshold=80%)
Jan 26 2015 10:08:42+03:00 QRN-NAT-01 %%01SRM/4/CPU_USAGE_HIGH(l)[6956]:Slot=8/2,Vcpu=0;Board 8/2  The CPU is overloaded, and the tasks with top three CPU occupancy are ASPF(77%), FIPA(3%), IPCQ(1%). (CpuUsage=90%, Threshold=80%)

 Then we used following method to collect more information about this task. There are 4 CPUs in the SPU, and considering CPU0 for example. Only the SIP packets are increasing that much at that moment. 
HRP_S[QRN-NAT-02-diagnose]display  aspf statistics         
13:57:04  2015/01/27                                       
Slot 8 cpu 0 packet count:                                 
=======================================         =====      
ptop statistics                                            
ptop node insert total           : 96458290      96458306  
ptop node delete total           : 96455555      96455589  
ptop node refresh time count     : 143143537     143143563 
ptop sync packet send            : 662317185     662317406 
ptop sync packet receive         : -114618920    -114617555 
ptop hrp packet send             : 662317185     662317406 
ptop hrp packet receive          : 753964706     753964967 
ptop node insert conflict        : 14483         14483     
=======================================         =====      
ipv4 aspf packet statistics                                
pkt recv total                   : 721054081     721054274 
pkt sent out                     : 721054081     721054274 
svrmap created                   : 660228704     660228878 
ftp pkt recv                     : 68829         68829     
ftp decode err                   : 29698         29698     
ftp svrmaps                      : 38638         38638     
ras pkt recv                     : 570779        570779    
ras svrmaps                      : 268           268       
ras decode err                   : 489646        489646    
ras pkt info err                 : 393           393       
h225 pkt recv                    : 133022        133022    
h225 svrmaps                     : 35            35        
h245 pkt recv                    : 391           391       
h245 svrmaps                     : 174           174       
pptp pkt recv                    : 42794         42794     
pptp svrmaps                     : 27948         27948     
pptp decode err                  : 70            70        
mms pkt recv                     : 16102         16102     
mms svrmaps                      : 4969          4969      
sip pkt recv                     : 720222164     720222357 
sip decode err                   : 51739034      51739037 
sip svrmaps                      : 660184647     660184821

As the SIP users will send SIP control packets to the proxy server (right now NAT device is between the endpoint and the Proxy server), and it may use several ports to communicate with the proxy server. It is possible to detect the newly added sessions to check if it matches the existed sessions, if not, these packets will be detected and generated new sessions on SPU. This will cost a lot CPU source.

Root Cause :-

we find that a lot of SIP packets are sent to the ASPF module for matching the sessions, and there is the NAT function for translating the private IP to public IP, this will cost more CPU resource to translate the private IP in application layer. So this SIP check function causes the CPU high issue.

firewall interzone trust untrust
packet-filter 2000 outbound
nat outbound 2001 address-group-set natpool1
detect ftp
detect rtsp
detect h323
detect sip
detect mms
detect dns
detect msn
detect pptp
session log enable acl-number 2002 inbound
session log enable acl-number 2002 outbound

Solution :-

it is not necessary to configure the command “detect SIP”. SIP will be supported when they are subjected to NAT traversal function. So the command “detect SIP” in the configuration file can be removed.