RSA Authentication Manager shows high memory utilization when running top or vmstat and some SNMP traps
4 years ago
Originally Published: 2010-03-23
Article Number
000045836
Applies To
RSA Product Set: SecurID 
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 SP4/3.0, 8.x
 
Issue
  • RSA Authentication Manager 7.1 SP4 and RSA SecurID Appliance 3.0.4 show low free memory, with either the top or vmstat command.
  • Some SNMP traps for high memory utilization are being triggered even when the system is idle.  This affects both Dell and Intel hardware appliances as well as virtual machines.
  • Free memory displayed with vmstat consistently reading low at between 95-100mb at all times, even when system is not under load:
procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
 r  b   swpd   free     buff      cache      si   so    bi    bo   in        cs us sy id wa
 2  0  20512 219480  64864 1275756    0    0     1    19    18        3  8  6 86  0
  • SNMP traps set to trigger against either top and vmstat are sending a false positive for memory shortfall. It would appear free mem is below a critical level of 5-10% available when using vmstat or top. In fact, this is in reality a false positive alert.
Cause
There is a false positive on memory utilization error when using top or vmstat with Authentication Manager and the RSA SecurID Appliance.

The RSA SecuriD Appliance 3.0 is an rPath Linux kernel.  This particular version of Linux uses a memory management known as "lazy man" memory mapping.

In such a memory management/kernel approach, (scroll to the second to the last paragraph of the page on this link):

To make the most efficient use of real memory, Linux automatically uses all free RAM for buffer cache, but also automatically makes the cache smaller when programs need more memory.

Resolution
For memory management, trap against the -/+ buffer/cache value using the free command, as below: 
[root@cs-appliance3-05 ~]# free
                     total         used          free     shared    buffers     cached
Mem:       3369872    3149532     220340          0      64864    1277488
-/+ buffers/cache:    1807180    1562692
Swap:      8241336      20512    8220824
Reading the -/+ buffers/cache field indicate in this instance of the older RSA SecuriD Appliance 3.0, that approximately 1.5 GB are free for re-allocation when system load increases; more than enough free memory.

On the same model Dell appliance updated to Authentication Manager 8.1 with SUSE Linux, we still see almost .7G available.

free -m buffers/cache from 4G

On the model with 8G of RAM, we see 3.6 GB of RAM available for reallocation when needed.
free -m buffers/Cache

You can also use an SNMP OID for the trap vs free output.  For more information on SNMP traps on Linux, reference this article on Linux SNMP OIDs for CPU,Memory and Disk Statistics.

You should consider the use of the UCD OID .1.3.6.1.4.1.2021 for CPU and memory usage versus using HOST MIBs, noting all reported available thresholds report in kilobytes.

Authentication Manager 8.1 SNMP OIDs

  • Total physical memory for the operating system memory in KB: .1.3.6.1.4.1.674.10892.1.400.20.1.5
  • Available physical memory for the operating system memory in KB.: .1.3.6.1.4.1.674.10892.1.400.20.1.6

Complete list of UCD MIB OIDS for older RSA SecurID Appliance 3.0

DescriptionOID
Total Swap Size1.3.6.1.4.1.2021.4.3.0
Available Swap Space1.3.6.1.4.1.2021.4.4.0
Total RAM in Machine1.3.6.1.4.1.2021.4.5.0
Available Real Memory1.3.6.1.4.1.2021.4.6.0
Total RAM Free1.3.6.1.4.1.2021.4.11.0
Total RAM Shared1.3.6.1.4.1.2021.4.13.0
Total RAM Buffered1.3.6.1.4.1.2021.4.14.0
Total Cached Memory1.3.6.1.4.1.2021.4.15.0
Workaround
Use free -m instead of vmstat or top.
Notes
For additional information on hardware SNMP traps for Authentication Manager 8.1 or the RSA SecurID Appliance 3.0, see the RSA Authentication Manager 8.1 SNMP Reference Guide, Revision 1 or the RSA SecurID Appliance 3.0 SNMP Reference Guide.

Related Articles

Trending Articles

Don't see what you're looking for?