high dataplane cpu at PanOS 7.1.5

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

high dataplane cpu at PanOS 7.1.5

L2 Linker

Hello all.

 

We use pa-3020.

PanOS 7.1.5

 

1, session 43%

2,CPU 100%

 

Why CPU 100% used?

Normaly, 500Mbps use.

 

BUG??

 

I get show tech messages.

 

:
:Resource monitoring sampling data (per second):
:
:CPU load sampling by group:
:flow_lookup                    :    95%
:flow_fastpath                  :    91%
:flow_slowpath                  :    95%
:flow_forwarding                :    95%
:flow_mgmt                      :    73%
:flow_ctrl                      :    73%
:nac_result                     :    95%
:flow_np                        :    91%
:dfa_result                     :    95%
:module_internal                :    95%
:aho_result                     :    95%
:zip_result                     :    95%
:pktlog_forwarding              :    96%
:lwm                            :     0%
:flow_host                      :    73%
:

 

:Resource utilization (%) during last 15 seconds:
:session:
: 42  43  43  43  43  43  43  43  43  43  43  43  43  43  43
:
:packet buffer:
:  2   1   2   1   1   1   9   3   3   2   2   1   1   1   3
:
:packet descriptor:
: 16  16  16  15  16  15  17  16  16  15  16  15  16  15  16
:
:packet descriptor (on-chip):
:  6   6  12   5   2   5  27   9   9   6  23   6   2   2   8

 

Total num processes: 15
Name                   PID      CPU%  FDs Open   Virt Mem     Res Mem      State    
all_pktproc_4          1221     100   5          51096        9432         R        
monitor                1223     0     10         53340        13132        R        
dha                    1185     0     7          50968        8100         S        
all_pktproc_3          1219     100   5          51228        9520         R        
flow_mgmt              1222     98    5          51068        9124         R        
mprelay                1183     0     8          51048        8320         S        
pktproc_n_log          1218     100   5          70896        29072        R        
bfd                    1186     0     10         51680        8768         S        
comm                   1184     0     19         560112       69492        S        
sysdagent              1164     0     6          520468       4764         S        
ntp                    1235     0     8          76260        2712         S        
ehmon                  1165     0     5          29368        4496         S        
masterd                1120     0     18         201060       14948        S        
all_pktproc_2          1220     100   5          51096        9428         R        
brdagent               1161     0     9          440736       8436         S        
syslogd                1126     0     4          3396         988          S        

 

 

Thanks.

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi,

 

As you know, CPU usage depend of nobre of session but more than that, depend of:

   - nbre of session open / close per second

   - packet size

   - and more ..

 

Mean you can have only few session but if they are very short, with smal packet, is more CPU intensive than huge nombre of session with large packet and long duration in time.

 

If you want to optimize CPU utilisation,

   1- check which traffic create this high CPU usage

   2- Try to create App overide 

   3- optimize security profile and logging feature

 

Hope help.

 

V. 

View solution in original post

6 REPLIES 6

L5 Sessionator

Hi,

 

As you know, CPU usage depend of nobre of session but more than that, depend of:

   - nbre of session open / close per second

   - packet size

   - and more ..

 

Mean you can have only few session but if they are very short, with smal packet, is more CPU intensive than huge nombre of session with large packet and long duration in time.

 

If you want to optimize CPU utilisation,

   1- check which traffic create this high CPU usage

   2- Try to create App overide 

   3- optimize security profile and logging feature

 

Hope help.

 

V. 

Cyber Elite
Cyber Elite

@awawa100,

It appears simply processing your traffic is pegging the CPU. Without additiional informaiton it's really impossible to say what exactly is causing it and what could help you decrease the percentage. @VinceM already gave some great advice, I would add that unless your CPU is staying pegged you could have just been hit with more traffic. Just because your session utilization is low doesn't mean your pps isn't high or the packet size isn't an issue. If this stayed pegged then I would look into it a little more. 

 

 

Thankyou!

 

We use meny web-based protocol, but be judged "unknown_tcp" .

 

I will investigate.

 

 

 

High amount of unknown-udp or unknown-tcp is main reason for high dataplane cpu as firewall has to use heuristics.

If this is in-house application then create custom app-id or use application override rules.

If this is general application then ask Palo to create app-id on their side.

If you see unknown-tcp in your users accessing regular internet then this is suspicious.

From ACC identify top user with unknown-tcp traffic and identify what application is causing it.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Thank you.

 

I found messages unknown-tcp and incomplete.

I will be some over-ride settings and more.

 

 

It solved it.

 

Thanks for your advices.

  • 1 accepted solution
  • 5123 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!