Problem Category: Security – Network Firewalls and Intrusion Prevention Systems
Problem Subcategory: Adaptive Security Appliance (ASA) non-VPN problem
Problem Type: Product Feature/Function Question
Problem Details: We suspected there is a memory leak on our ASA 5585-X. Can you guide me where to look for the “fragment size” value from the “show memory detail” output.

TAC reply:
++ I understand that you are looking towards the fragment size value in the show mem detail output and then based on the values would determine the bin size value to be used in show mem binsize
++ From the details shared, I see that the total free memory available on the unit is 68%.
++ Also if you could observe the details pertaining to the counters “MAX CONTIGOUS FREE MEM” and “Free MEM” they values are more are less the same which indicates that the amount of memory being leaked by fragmentation is not high (almost nil).
++ Now coming to the point where you were concerned over the outputs of fragments size across the device, usually the count associated with the block size increases and decreases when the block size are released back, if we observe an abnormal increase in the count value for any blocks and continue to see that they are not released which would be indicated by the count value.
++ Depending on the block size that we see the count abnormally increasing we can specify that value in the command show mem binsize

Show Memory Detail
Gather the output of “show memory detail”
Look in the column listed “total (bytes)” under the “MEMPOOL_GLOBAL_SHARED POOL STATS” to find the 5 largest values
Issue the command “show memory binsize” using the associated value under “fragment size (bytes)”

Memory Tracking
Enable the command “memory tracking enable” to turn on memory tracking
Issue the command “show memory tracking” at regular intervals to see the change in memory allocation
Issue the command “show memory tracking address | i ” where is the pc counter (in hex) of the largest growing process from the previous step
Gather the output “show memory tracking dump
” for any of the memory address locations picked at random from the output of the previous step

Also check  http://itsecworks.wordpress.com/2010/11/23/troubleshooting-asa-high-memory-issues/

Differences between IOS and NXOS.

http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_Software_Default_Configuration_Differences

IOS to NXOS migration tool
http://tools.cisco.com/nxmt/

Minimum Recommended Code Levels.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/recommended_releases/recommended_nx-os_releases.html

Data Center switching support forums on Cisco.com.
https://supportforums.cisco.com/community/netpro/data-center/server-network

Overview

A virtual PortChannel (vPC) allows links that are physically connected to two different Cisco Nexus 5000 Series devices to appear as a single PortChannel to a third device. The third device can be a Cisco Nexus 2000 Series Fabric Extender or a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths exist.

Continue reading