Preview Tool

Cisco Bug: CSCvi07313 - CPU Hogs in DATAPATH and performance impact with high conn creation rate to one local-host

Last Modified

Oct 30, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.7(1) 9.8(2)

Description (partial)

When an ASA firewall is creating a high rate of connections that are sourced from or destined to a single IP address, the multiple DATAPATH threads may wait for an extended period of time trying to acquire a lock, assess the data structure and release the lock when reading the local-host data structure. 

This may result in CPU Hogs in DATAPATH threads, high CPU, and potentially leading to packet loss or jitter.

This problem is observed when both of the following occurs:
- The ASA has a high number of connections per second to a specific local-host (IP) object
- The majority of the new connections per second are destined to, or sourced from, that specific local-host object
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.