Increase Data plane CPU on PA-500

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Increase Data plane CPU on PA-500

Not applicable

Hi, every body!

I used Palo Alto - 500  with version 4.0.1

On this device, Data plane CPU alway about 6-20%. I want to increase Data plane CPU on Pa-500 (4.0.1)

Please help me How to increase CPU up to 70-90% ???

Thanks all !!!

3 REPLIES 3

L6 Presenter

I have never had this problem so Im just guessing now Smiley Happy

Try to enable IDP for both directions (if you didnt already do so) along with antivirus controls, botnet detection, url categorization etc - simply enable all filtering features you can find along with logging for not only session end but also session start (the later I guess could saturate the mgmtplane before the dataplane).

And then its a matter of pushing traffic... if possible you could record a pcap file and then replay it using tcpreplay:

http://tcpreplay.synfin.net/

Edit: By the way according to a NSS Labs test enabling ALL features of PAN actually increased the throughput so I dunno... perhaps enabling just one feature will be worser for the dataplane than when everything is enabled? 😉

Thanks for your reply, mikand !

I have never enable IDP before, I will try it.

Mgmt CPU on my device usually about 30-50% but Dataplane cpu only  6-20%.

I think that mgmt cpu didn't depend on dataplane

Thats the idea of the mgmtplane vs dataplane in PAN.

The mgmtplane is a regular x86 cpu taking care of GUI, compiling configurations (when you click commit) and handle all the logs. Also for smaller models the mgmtplane will also take care of the on-the-fly generation of MITM certs for SSL-inspection.

The dataplane is a fpga/asic (depending on box) where all the traffic is being handled (and for (I think) 5xxx models includes on-the-fly generation of MITM certs for SSL-inspection).

This gives that even during a DDoS situation where the dataplane is maxed out your GUI should work without problems (depending on your logsettings etc since all the logs that the dataplane pukes out will be handled by the mgmtplane if you have setup to log stuff).

With that said having a high "cpu utilization" for the dataplane isnt really an issue until it hits the 100% mark and latency will start to occur.

Also the utilization doesnt seem to be linear either. Like if you with 2.500 concurrent sessions see 25% data-cpu it doesnt mean that the max limit will be 10.000 concurrent sessions but rather 20.000, 30.000 or so (just an example).

  • 2309 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!