DotW: Dataplane Usage

DotW: Dataplane Usage

0
Created On 09/25/18 19:02 PM - Last Modified 06/11/20 00:46 AM


Resolution


Why did my CPU go up all of a sudden? What could be the reason for this and what should I verify to track down the issue?  A sudden change in behaviour can result in some weird numbers or strange monitor output.  Sometimes it's not always easy to know where to look to find the root cause.

 

Our community member jprovine was experiencing a similar scenario and reached out to the community for assistance.

 

2016-10-24_13-26-01.pngDiscussion topic on dataplane usage.

As several users pointed out in the discussion, a lots of things can cause this high CPU consumption.  Examples of causality include more sessions going through the dataplane for some reason. Was something installed that's now chatting to another zone, are people streaming more media, a software bug, and so on?

 

As user BPry pointed out, a good place to start troubleshooting would be to check if your session count is higher than it normally is and go from there.  User santonic also jumped in the discussion and pointed to traffic reports being a great place to get information.

 

In addition, I would like to add ACC stats. The ACC will even show  nice graphs for sessions / bytes / etc ... as seen in the screenshot below, and might already give you an indication where and when the new behaviour started showing up:

 

2016-10-24_13-49-31.pngACC user activity can help troubleshoot high dataplane usage.

 

2016-10-24_14-01-48.pngACC application usage provides more detail about troubleshooting dataplane usage.

 

Using ACC, there are several predefined timeframes you can specify or you can even add a custom timeframe:

 

2016-10-24_13-52-30.pngThe ACC Time Range lets you select a predefined time frame or specify one of your own.

More details on ACC can be found here:

Tips &- ricks How Does the ACC Work

 

In addition to predefined reports and ACC stats, you can also get loads of information from custom reports.  User BPry added a nice example on how he set up his own custom report.  Note that our own 'Getting Started' series has a great article about custom reports.  It's a great way to keep peace of mind without constantly checking logs and searching for anomalies -- a great way to keep you posted on everything happening in your network.

 

More details on Custom Reports can be found here:

Getting Started: Custom Reports

 

Another great way to monitor the firewall is via SNMP MIBS. SNMP management tools allow you to monitor a large network with multiple nodes and graph out the monitored results.  You will need to install an SNMP management tool for this and will have to configure SNMP on your firewall :

 

How to Configure SNMPv2 on the Palo Alto Networks Firewall

How to Configure Sending SNMPv3 Traps on PAN-OS 5-0x and above

Using the Simple Network Management Protocol SNMP

SNMP for Monitoring Palo Alto Networks Devices

Cacti Templates

 

You can download all the SNMP MIB s from our website : SNMP MIBS

 

Check out the entire discussion here and feel free to add more tips or suggestions.

 

-Kim

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSrCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail