Netscreen: Performance and Network Statistic Commands

Troubleshooting CPU utilization:
The CPU utilization is calculated based on two entities: Flow and Task

The command get perf cpu all detail lists the utilization history of the CPU by Flow and Task. The first number within the parenthesis refers to the Flow CPU, and the second number represents the Task CPU.

High CPU in Flow indicates the Firewall is busy processing packets; this includes the processing of functions such as:

  • Session creation/ tear down
  • Traffic management features (i.e. logging, shaping, etc)
  • Firewall Protection features (i.e. Screen options)
  • ALG processing
  • Attacks

The following ScreenOS commands are helpful to identify the cause of High “FLOW” CPU.

Ramp-up rate – Run the CLI command ‘get perf session detail’ several times, and view the values in the Last 60 seconds; this represents the new sessions/per second.

  • get perf session detail
    testf1 > get perf session detail
     Last 60 seconds:
     0: 173 1: 164 2: 149 3: 155 4: 163 5: 159
     6: 157 7: 152 8: 154 9: 155 10: 160 11: 162
     12: 162 13: 156 14: 153 15: 155 16: 154 17: 155
  • Session Table – Check session table information to see the total number of sustained sessions and whether there are any session allocation failures.
  • get session info
testf1-> get session info
 slot 1: sw alloc 0/max 1000000, alloc failed 24749314, di alloc failed 0
 slot 2: hw0 alloc 0/max 1048576
 slot 2: hw1 alloc 0/max 1048576
  • Attacks – Check if the network is under any kind of attack or if there are a high number of packets getting processed by the screen options
    get counter screen zone
    get alarm event
    get log event

    Note: There is the possibility that an attack can be occurring, but is not being reported in the output of the above commands. This is because the firewall will only report attacks for the screen options configured on the firewall. To confirm an attack is not occurring, connect a packet capture tool to the firewall’s network segments and review the data.

    For additional information, consult: KB8332 – ScreenOS: Which of the screening features can increase CPU utilization?

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s