03-07-2012 07:29 AM
Our PA-2050 is consistently running at 70-85% on the dataplane CPU despite running at 1/5 of the advertised maximum specs (40-40k sessions and 100-110mbps). I understand that the specs listed are best case scenario and don't expect to get close but I do expect better performance than what I am getting. It could be that our device is just wonky so I wanted to see if anyone else has seen this. We only have 10-12 security policies. No QoS, SSL Decrypt, etc.
03-07-2012 02:50 PM
According to tests performed by NSS Labs the PAN devices datasheets are underrated rather than overrated. One of the tests showed 115% performance of the stated throughput for a particular model (I think it was a box from the 4000 series).
First of all having a high "cpu usage" for the dataplane isnt a problem as long as the usage isnt at 100% which you will then notice will affect the latency and then throughput and stuff like that.
Which PANOS do you use and when was it you last rebooted the device?
Of course rebooting the device should only be necessary doing firmware updates but if there is something stalled which gets fixed by a reboot (but then returns after some time) you should contact your sales rep. to file a support case so some support engineer can bring you a list of commands to run to identify what goes wrong (in case there is a hardware malfunction or something else).
I have seen reports in this forum that older versions of 4.1 might have had some issues but it seems that 4.1.3 and 4.1.4 solved those.
03-08-2012 06:48 AM
Thanks for the response.
My concern is that I am running high CPU on a device which should be capable of 5x's the performance I am seeing currently. There are several additional services I would like to utilize (QoS for example) and additional capacity that I would like to add however, I don't dare risk it seeing as the device is already running close to its limit.
Regardless of how it tested out, I would never presume I could run a device at or close to 100%. This is asking for serious issues. We have already throttled back the capacity to maintain the current (high) utilization.
It has been rebooted at least twice in the last couple weeks. It is running 4.1.2 currently however I saw the same utilization while on 4.0.7. We have 4.1.3 loaded but are waiting for a maintenance window to reboot the device following the patch.
03-08-2012 03:03 PM
I guess you have already seen a similar case in this thread?
03-08-2012 03:21 PM
I had not. Thanks for pointing it out. There are some interesting correlations. There really wasn't a mention of a fix. It sounded more like they just cranked it up and it has been able to handle the additional load. However it would be interesting to see how it faired with 1M+ sessions. That would be about half the advertised max (session wise). They were getting ~7700 session/CPU% at 600k but that would max the device out at 770k sessions unless greater efficiency was realized.
Another interesting correlation is that we have been seeing sporadic high management plane CPU as well (hitting 100% several times) as they have. I am going to lower some of our logging levels and see what happens.
Do you know if the dataplane CPU $ that is displayed on the dashboard is the same as is displayed in the CLI when you do "show running resource-monitor"? I have started to monitor that as I have been told it is a true indicator of the dataplane CPU usage.
I will be patching to 4.1.3 tonight so maybe that will help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
