How do I troubleshoot high data plane CPU usage on a firewall?

07/28/2022 596 People found this article helpful 482,632 Views

Description

In some cases the firewall may exhibit high data plane (DP) CPU activity due to network congestion. To resolve the high DP CPU please first confirm that the following log messages appear in the firewall tech support report (TSR) and/or packet capture.

Log Event in Tech Support Report

Download a TSR by performing the following:

Login to the firewall and navigate to INVESTIGATE | System Diagnostics | Download Report (Device | Diagnostics | Tech Support Report for Sonic OS 7.X)
Open the TSR file and search for "byte buffer count".
If you see an entry (as seen below) then continue to the resolution section of this article.
1500 byte buffer count = 1 free (Max: 20000 Lowest: 0 Was 0 at: 11/15/2019 11:02:35.320) LOW RESOURCE: 1500 byte buffer count = 1 free

Log Event in Packet Capture

While performing a packet capture under INVESTIGATE | Packet Monitor if the log message (as seen below) is displayed then continue to the resolution section of this article:

DROPPED, Drop Code: 140(IDP detection OOO Out of Buffers), Module Id: 25(network), (Ref.Id: _7130_uyHtJcpfngKrRmv) 3:3

Cause

Low buffer memory allocation.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

If log messages are observed on the firewall (as seen above) please perform the following:

Login to the firewall.

Navigate to the diag.html page.

The Diag page can be reached by typing in the LAN IP of the SonicWall in the browser, with a IP/sonicui/7/m/mgmt/settings/diag at the end

EXAMPLE: 192.168.168.168/sonicui/7/m/mgmt/settings/diag

Click Internal Settings.

Search for IDP Buffer Mempool 1500 Size.

Change the value from 0 to 100,000. Note: in some environments this value may need to be increased further.

Click Accept.

Reboot the firewall for the changes to occur.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

If log messages are observed on the firewall (as seen above) please perform the following:

Login to the firewall.
Navigate to the diag.html page. In the browser URL replace main.html with diag.html.
Click Internal Settings.
Search for IDP Buffer Mempool 1500 Size.
Change the value from 0 to 100,000. Note: in some environments this value may need to be increased further.
Click Accept.
Reboot the firewall for the changes to occur.