high dataplane cpu at PanOS 7.1.5

Reply
Highlighted
L2 Linker

high dataplane cpu at PanOS 7.1.5

Hello all.

 

We use pa-3020.

PanOS 7.1.5

 

1, session 43%

2,CPU 100%

 

Why CPU 100% used?

Normaly, 500Mbps use.

 

BUG??

 

I get show tech messages.

 

:
:Resource monitoring sampling data (per second):
:
:CPU load sampling by group:
:flow_lookup                    :    95%
:flow_fastpath                  :    91%
:flow_slowpath                  :    95%
:flow_forwarding                :    95%
:flow_mgmt                      :    73%
:flow_ctrl                      :    73%
:nac_result                     :    95%
:flow_np                        :    91%
:dfa_result                     :    95%
:module_internal                :    95%
:aho_result                     :    95%
:zip_result                     :    95%
:pktlog_forwarding              :    96%
:lwm                            :     0%
:flow_host                      :    73%
:

 

:Resource utilization (%) during last 15 seconds:
:session:
: 42  43  43  43  43  43  43  43  43  43  43  43  43  43  43
:
:packet buffer:
:  2   1   2   1   1   1   9   3   3   2   2   1   1   1   3
:
:packet descriptor:
: 16  16  16  15  16  15  17  16  16  15  16  15  16  15  16
:
:packet descriptor (on-chip):
:  6   6  12   5   2   5  27   9   9   6  23   6   2   2   8

 

Total num processes: 15
Name                   PID      CPU%  FDs Open   Virt Mem     Res Mem      State    
all_pktproc_4          1221     100   5          51096        9432         R        
monitor                1223     0     10         53340        13132        R        
dha                    1185     0     7          50968        8100         S        
all_pktproc_3          1219     100   5          51228        9520         R        
flow_mgmt              1222     98    5          51068        9124         R        
mprelay                1183     0     8          51048        8320         S        
pktproc_n_log          1218     100   5          70896        29072        R        
bfd                    1186     0     10         51680        8768         S        
comm                   1184     0     19         560112       69492        S        
sysdagent              1164     0     6          520468       4764         S        
ntp                    1235     0     8          76260        2712         S        
ehmon                  1165     0     5          29368        4496         S        
masterd                1120     0     18         201060       14948        S        
all_pktproc_2          1220     100   5          51096        9428         R        
brdagent               1161     0     9          440736       8436         S        
syslogd                1126     0     4          3396         988          S        

 

 

Thanks.


Accepted Solutions
Highlighted
L5 Sessionator

Re: high dataplane cpu at PanOS 7.1.5

Hi,

 

As you know, CPU usage depend of nobre of session but more than that, depend of:

   - nbre of session open / close per second

   - packet size

   - and more ..

 

Mean you can have only few session but if they are very short, with smal packet, is more CPU intensive than huge nombre of session with large packet and long duration in time.

 

If you want to optimize CPU utilisation,

   1- check which traffic create this high CPU usage

   2- Try to create App overide 

   3- optimize security profile and logging feature

 

Hope help.

 

V. 

View solution in original post


All Replies
Highlighted
L5 Sessionator

Re: high dataplane cpu at PanOS 7.1.5

Hi,

 

As you know, CPU usage depend of nobre of session but more than that, depend of:

   - nbre of session open / close per second

   - packet size

   - and more ..

 

Mean you can have only few session but if they are very short, with smal packet, is more CPU intensive than huge nombre of session with large packet and long duration in time.

 

If you want to optimize CPU utilisation,

   1- check which traffic create this high CPU usage

   2- Try to create App overide 

   3- optimize security profile and logging feature

 

Hope help.

 

V. 

View solution in original post

Highlighted
Cyber Elite

Re: high dataplane cpu at PanOS 7.1.5

@awawa100,

It appears simply processing your traffic is pegging the CPU. Without additiional informaiton it's really impossible to say what exactly is causing it and what could help you decrease the percentage. @VinceM already gave some great advice, I would add that unless your CPU is staying pegged you could have just been hit with more traffic. Just because your session utilization is low doesn't mean your pps isn't high or the packet size isn't an issue. If this stayed pegged then I would look into it a little more. 

 

 

Highlighted
L2 Linker

Re: high dataplane cpu at PanOS 7.1.5

Thankyou!

 

We use meny web-based protocol, but be judged "unknown_tcp" .

 

I will investigate.

 

 

 

Highlighted
L7 Applicator

Re: high dataplane cpu at PanOS 7.1.5

High amount of unknown-udp or unknown-tcp is main reason for high dataplane cpu as firewall has to use heuristics.

If this is in-house application then create custom app-id or use application override rules.

If this is general application then ask Palo to create app-id on their side.

If you see unknown-tcp in your users accessing regular internet then this is suspicious.

From ACC identify top user with unknown-tcp traffic and identify what application is causing it.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L2 Linker

Re: high dataplane cpu at PanOS 7.1.5

Thank you.

 

I found messages unknown-tcp and incomplete.

I will be some over-ride settings and more.

 

 

Highlighted
L2 Linker

Re: high dataplane cpu at PanOS 7.1.5

It solved it.

 

Thanks for your advices.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!