Problem Category: Security – Network Firewalls and Intrusion Prevention Systems
Problem Subcategory: Adaptive Security Appliance (ASA) non-VPN problem
Problem Type: Product Feature/Function Question
Problem Details: We suspected there is a memory leak on our ASA 5585-X. Can you guide me where to look for the “fragment size” value from the “show memory detail” output.
++ I understand that you are looking towards the fragment size value in the show mem detail output and then based on the values would determine the bin size value to be used in show mem binsize
++ From the details shared, I see that the total free memory available on the unit is 68%.
++ Also if you could observe the details pertaining to the counters “MAX CONTIGOUS FREE MEM” and “Free MEM” they values are more are less the same which indicates that the amount of memory being leaked by fragmentation is not high (almost nil).
++ Now coming to the point where you were concerned over the outputs of fragments size across the device, usually the count associated with the block size increases and decreases when the block size are released back, if we observe an abnormal increase in the count value for any blocks and continue to see that they are not released which would be indicated by the count value.
++ Depending on the block size that we see the count abnormally increasing we can specify that value in the command show mem binsize
Show Memory Detail
Gather the output of “show memory detail”
Look in the column listed “total (bytes)” under the “MEMPOOL_GLOBAL_SHARED POOL STATS” to find the 5 largest values
Issue the command “show memory binsize” using the associated value under “fragment size (bytes)”
Enable the command “memory tracking enable” to turn on memory tracking
Issue the command “show memory tracking” at regular intervals to see the change in memory allocation
Issue the command “show memory tracking address | i ” where is the pc counter (in hex) of the largest growing process from the previous step
Gather the output “show memory tracking dump
” for any of the memory address locations picked at random from the output of the previous step
Also check http://itsecworks.wordpress.com/2010/11/23/troubleshooting-asa-high-memory-issues/
Incoming search terms:
- 9 8(2)38 memory utlization issues cisco asa firewall
- Cisco asa 5585 mem pools
- cisco docs on asa high memory utilization