High CPU usage in Object Store on Edge SWG
search cancel

High CPU usage in Object Store on Edge SWG

book

Article ID: 165611

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

CPU Monitor on the Edge SWG (formerly ProxySG) reports high CPU utilization on the Object Store.

Resolution

Common reasons for seeing high CPU in Object Store include:

The ProxySG has a bad disk

The Object Store's main functionality is to create, remove and maintain objects on disk.  If the ProxySG has a bad disk or a missing disk this could affect Object Store's ability to function properly.  The ending result could be high CPU usage like in the above example.  

To check if this issue is the cause of the high utilization:

  • Verify the state of the ProxySG's disks - In the ProxySG's management console GUI, go to Statistics > Health Monitoring > Status tab.
  • Replace "bad" disks - The states are:
    • Present
    • Not present
    • Empty
    • Bad

IMPORTANT! Any disks that are listed as "bad" should be replaced as soon as possible.

The ProxySG has a missing disk

Besides bad disks, missing disks could also pose a problem.

To verify if a disk is missing please confirm which disks are present in the ProxySG's chassis, then verify from the management console GUI whether the disks are "present" or "not present."

Any disks that are physically in the ProxySG but are showing up as "not present" should be replaced as soon as possible.

The ProxySG is processing excessive bandwidth

Each ProxySG platform is sized to be able to process a certain amount of bandwidth.  If that bandwidth is exceeded the result could be a high CPU in Object Store because it is very busy reading, writing, and processing objects on disk.  

Using the management console, verify the bandwidth under the Statistics > Traffic Mix section. Confirm if the processed bandwidth for the SG is "typical" for the ProxySG or if it corresponds to the CPU spikes.

If there is a correlation, lower the amount of bandwidth that the ProxySG processes and see if the CPU drops.

Next steps

If you suspect malware or request looping, or a poorly authenticating application, then check the Edge SWG Event Logs. If nothing stands out you can enable attack detection in monitor mode which will report clients who are sending a high number of  requests to the ProxySG. See How do I configure the ProxySG appliance to detect DoS and or DDoS traffic from a client without enforcing actions on the client(s)?

Other reasons for high CPU utilization in the HTTP process group:

  • Policy Coverage is enabled. To disable policy coverage see Enabling and Disabling Policy Coverage
  • Regex policy matching frequently. Review your CPL and VPM policies to see if regex policy can be replaced with substring matches.

If you go through these steps and still have issues with high CPU utilization in the HTTP or FTP process group, open a ticket with Broadcom Support.

In addition to the details from the CPU Monitor, you may also be asked to provide the following:

SysInfo

  • The SysInfo information should be captured after the CPU utilization has returned to normal, or after 20 minutes of high utilization for a persistent utilization spike.
  • This information can be uploaded through the management console Maintenance tab or captured from the URL https://<proxy_ip>:8082/Sysinfo

Event log

  • The Event Log should be captured after the CPU utilization has returned to normal or after 20 minutes of high utilization for a persistent utilization spike.
  • This information can be uploaded through the management console Maintenance tab or captured from the URL https://<proxy_ip>:8082/Eventlog/Statistics

TCP users

While the CPU utilization is high, copy the output from the URL https://<proxy_ip>:8082/TCP/Users

SysInfo_stats snapshots

Configure snapshots on the Edge SWG to occur every five minutes (default is 60), and run for at least 20 minutes during the CPU spike.

Full core (optional)

Depending on the nature and symptoms of the high utilization issue, you may be asked to provide a full core dump of the Edge SWG (ProxySG).