Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
avenditti
Staff
Staff

Created on ‎02-27-2024 08:11 AM

Identify the CPU that is handling a session

Hi community,

I have a FGT VM with one CPU (of 4) that reaches 100% peaks, while the others are idle. Due to the characteristics of the traffic I believe this is "normal" (there is a fixed session between 2 IPSec hosts that always use the same source IP/port and the same destination IP/port with over 800Mbps throughput, which is handled by a single CPU, while the other ones share the rest of the load). I believe this CPU is dropping packets because it can't handle the total amount of traffic, and I would like to demonstrate this to the customer, but how?

 

I can easily:

  • identify the single session (knowing its characteristics of src and dst) with 'diag sys session list'
  • show that one CPU is overloaded with 'diagnose sys performance status',

but how do I relate the session from the first command to the CPU status from the second command? How do I show that there is packet loss?

Could you suggest some commands that highlight these aspects?

thanks guys,
Angelo

Labels:
243
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎02-27-2024 08:59 AM

Hi Angelo

I think you should be able see packet loss if you use "fnsysctl ifconfig" and look into the tunnel interface and the WAN interface's output (errors, dropped).

You may also check if there is packet loss on SD-WAN (if applicable), with "diagnose sys sdwan health-check".

Following tech tip may also help to distribute IPsec across multiple cores.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-distribute-IPsec-traffic-to-all-CPU...

Hope it helps.

AEK
AEK
236
0 Kudos
avenditti
Staff
Staff
In response to AEK

Created on ‎03-04-2024 09:01 AM

Hi AEK,

 

from your debug command I didn't find a direct session - CPU relationship but the information on the KB is very useful can help me with my problem... so good to know.

 

Thank you for your answer

170
0 Kudos
spoojary
Staff
Staff

Created on ‎03-04-2024 11:09 AM

You can also check the doc to troubleshoot the high cpu issue : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Debugs-for-troubleshooting-high-CPU-Issues...

Siddhanth Poojary
162
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.