High CPU Utilization on NSa 4600
We have an HA pair of NSa4600 firewalls that are seeing 75-95% CPU utilization on cores 1-7 (or 2-8 depending on what monitor you're looking at). Both units are running 18.104.22.168-86n--HFGEN6-2470-1n. We have disabled IPS/IDS and GAV/SAV on multiple zones to try and reduce load, which doesn't seem to be making a difference. DPI-SSL is not enabled on this firewall, it is not doing any client VPN.
I pulled tracelogs, and I'm not seeing anything useful there. I checked the TSR for the byte buffer count, and it's not displayed on that firewall's TSR, even when all boxes are checked.
In the GUI I'm seeing
Connections: Peak:298269 Current:35550 Max:375000which makes it seem that we're not hitting a connection limit.
I'm using the diag show cpu and getting these results (snipped)
Current 1s CPU Utilization: 3.08%
Current 10s CPU Utilization: 7.00%
Total Average CPU Utilization: 8.10%
Current MultiCore Utilization (%)
Core 0: 3
Core 1: 46
Core 2: 86
Core 3: 82
Core 4: 79
Core 5: 77
Core 6: 76
Core 7: 76
I'm seeing cores 1-7 hitting 46% to 86%, yet the 1s CPU utilization is 3.08%. We need to determine what services we can disable to reduce usage.
- Beyond the core monitors how do we determine what processes are using the resources on data plane cores?
- Is there any way we can see the processes using cycles on the data plane cores?
- Where are resources for logging allocated from? Management or data plane?
- Any suggestions on additional things to look at to bring the CPU to a more reasonable level?
I do realize these units are undersized for the use case, and we are in the process of procuring replacements, but for now I need to keep these running.