PA-820 8.0.2 high management cpu repeatedly

Reply
L4 Transporter

PA-820 8.0.2 high management cpu repeatedly

Hey!

My PA-820 firewall does have a cpu utilization of 100% every day on exactly 13:04 o'clock.

It lasts for 3 minutes.

Top shows me four "pan_tasks":

pa.JPG

Can someone help?

L7 Applicator

Re: PA-820 8.0.2 high management cpu repeatedly

@MPI-AE,

Do you have packet-diag turned on? 

L4 Transporter

Re: PA-820 8.0.2 high management cpu repeatedly

Sorry?

L7 Applicator

Re: PA-820 8.0.2 high management cpu repeatedly

@MPI-AE,

Run the following and see the output is, this should be disabled. 

debug dataplane packet-diag show setting

Also, see if you don't have this log file if you can. 

less mp-log pan_task.log

You may have a pan_task_# depending on how long this has been going on. If you can look in that pan_task.log you may be able to see what it's actually doing. 

L4 Transporter

Re: PA-820 8.0.2 high management cpu repeatedly

--------------------------------------------------------------------------------
Packet diagnosis setting:
--------------------------------------------------------------------------------
Packet filter
  Enabled:                   no
  Match pre-parsed packet:   no
--------------------------------------------------------------------------------
Logging
  Enabled:                   no
  Log-throttle:              no
  Sync-log-by-ticks:         yes
  Features:
  Counters:
--------------------------------------------------------------------------------
Packet capture
  Enabled:                   no
  Snaplen:                   0
  Username:
--------------------------------------------------------------------------------
---__pan_debug_tag=-2098840---pan_sys_up_ticks=1099509528640---
wqe groups are:
        index:0 flow_lookup
        index:1 flow_fastpath
        index:2 flow_slowpath
        index:3 flow_forwarding
        index:6 nac_result
        index:7 flow_np
        index:8 dfa_result
        index:9 module_internal
        index:10 aho_result
        index:11 zip_result
        index:14 flow_host
thread id is : 4
Multicast fib shared memory usage: 14996136
pan_pbf_mem_use allocate memory size is 465880
pan_vsys_zone_id_list memory is 72.
Neighbor Discovery shared memory usage: 3550512
pan_dos_mem_use dos_class_max_buckets:51200, class_tbl_sz:20684800 bytes
pan_dos_mem_use  dos_block_max_buckets:1024, block_tbl_sz:180224 bytes
pan_dos_mem_use  dos_max_vsys:2, dos_max_rules:100, prof_rt_tbl_sz:8400 bytes
pan_dos_mem_use DoS memory total allocated is:20873480 bytes
pan_sifnet_mem_use sifnet_max_buckets:4096, sifnet_tbl_sz:1572864 bytes
pan_sifnet_mem_use sifnet memory total allocated is:1572880 bytes
IPSec transport mode shared memory usage: 64008
pan_tunnel_app_init set tunnel_data 0x800000029fccf580 for net_data 0x80000002a07c3580
now initing ciphers
now setting evps
ssl ready : 0
In pan_cfg_ucache_app_init
thread id is : 4
Multicast fib shared memory usage: 14996136
pan_pbf_mem_use allocate memory size is 465880
pan_vsys_zone_id_list memory is 72.
Neighbor Discovery shared memory usage: 3550512
pan_dos_mem_use dos_class_max_buckets:51200, class_tbl_sz:20684800 bytes
pan_dos_mem_use  dos_block_max_buckets:1024, block_tbl_sz:180224 bytes
pan_dos_mem_use  dos_max_vsys:2, dos_max_rules:100, prof_rt_tbl_sz:8400 bytes
pan_dos_mem_use DoS memory total allocated is:20873480 bytes
pan_sifnet_mem_use sifnet_max_buckets:4096, sifnet_tbl_sz:1572864 bytes
pan_sifnet_mem_use sifnet memory total allocated is:1572880 bytes
IPSec transport mode shared memory usage: 64008
pan_tunnel_app_init set tunnel_data 0x800000029fccf580 for net_data 0x80000002a07c3580
now initing ciphers
now setting evps
ssl ready : 0
In pan_cfg_ucache_app_init

 

 

 

The four pan tasks show a cpu usage of 99% and a very high duration.

These processes are dead, in my opinion

L4 Transporter

Re: PA-820 8.0.2 high management cpu repeatedly

Does anyone have a hint for me?

 

Is there a way to kill processes? So I could kill the four pan_tasks?

L4 Transporter

Re: PA-820 8.0.2 high management cpu repeatedly

I still don't have any solution.

 

I upgraded to 8.0.7 last week, but that didn't help.

 

I have two additional PA-3020 and they don't show that issue.

 

When I do a "show system resources" on the PA-3020's, there aren't those pan_tasks.

 

Does someone have a PA-820 and can tell me if there are these pan_tasks, too ?

 

Or is the cpu of the PA-820 too weak and that's normal?

 

I mean, I don't even know what the firewall is doing that raises the cpu to 100%.

 

I don't even know if the pan_tasks are responsible for that, but they are indeed suspicious.

 

Especially they aren't on the 3020's.

 

Contact Palo Alto?

L7 Applicator

Re: PA-820 8.0.2 high management cpu repeatedly

@MPI-AE,

I assumed the last time that you've restarted since these showed up, but always a good question just to verify?

Possibly run the show management-clients and show jobs all just to verify that something isn't noticably stuck that we could easily restart the process for. 

 

Short of that I would contact TAC and see if they would be able to give you any insight into what exactly is going on. Prior to opening a ticket I might simply get a technical support file attached to it right from the get-go. They will surely ask for one and having one already attached may save you a little time. 

L4 Transporter

Re: PA-820 8.0.2 high management cpu repeatedly

@BPry

 

Yes, I did a restart.

 

Maybe that's a normal behaviour of the PA-820.

 

Therefore, it would be very useful if a community member who uses a PA-820 can share some experience.

 

I don't want to make myself look stupid.

 

What do you think?

L1 Bithead

Re: PA-820 8.0.2 high management cpu repeatedly

Hi MPI-AE,

 

today I saw the same behaviour on two PA-820 devices.

 

Did you get more detail about this 100%-CPU pan_tasks, yet?

 

 

Regards,

Andi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!