Technical Tip: How to determine NPU IDs count on a FortiGate

Description

This article describes how to identify the NPU IDs and determine the total number of NPUs available on a FortiGate device.

Scope

FortiGate.

Solution

In certain scenarios, it may be necessary to run monitoring scripts to collect NPU drop statistics, particularly when the issue is intermittent in nature. To ensure the script runs efficiently, the NPU IDs must be explicitly defined within the script. Therefore, it is essential to first determine the total number of NPUs and their corresponding NPU IDs on a particular FortiGate model.

Say in FortiGate 1101E:

get hardware status --> It will provide output if it is using the np6 chip or the np7 chip.

HUB-FW01 (global) # get hardware status
Model name: FortiGate-1101E
ASIC version: CP9
ASIC SRAM: 64M
CPU: Intel(R) Xeon(R) E-2186G CPU @ 3.80GHz
Number of CPUs: 12
RAM: 16046 MB
Compact Flash: 15331 MB /dev/sdb
Hard disk: 457862 MB /dev/sdc
USB Flash: not available
Network Card chipset: Intel(R) Gigabit Ethernet Linux Driver (rev.0003)
Network Card chipset: FortiASIC NP6 Adapter (rev.)

Run the command 'diagnose npu np6 npu-feature', which will show the total NPU ID present on the device.

HUB-FW01 (global) # diagnose npu np6 npu-feature
                    np_0      np_1
------------------- --------- ---------
Fastpath            Enabled   Enabled
HPE-type-shaping    Disabled  Disabled

Based on the above output, it is possible to confirm that the FortiGate 1101E has two NPUs with IDs 0 and 1. Accordingly, the monitoring script can be adjusted to target these specific NPU IDs.

sendln "diagnose npu np6 dce-all 0"
pause 1
sendln "diagnose npu np6 session-stats 0"
pause 1
sendln "diagnose npu np6 pdq 0"
pause 1
sendln "diagnose npu np6 anomaly-drop-all 0"
pause 1

sendln "diagnose npu np6 dce-all 1"
pause 1
sendln "diagnose npu np6 session-stats 1"
pause 1
sendln "diagnose npu np6 pdq 1"
pause 1
sendln "diagnose npu np6 anomaly-drop-all 1"
pause 1

For example, the same command output for FortiGate 2201E gives 0-3 NPU ID, and the script can be adjusted for 4 NPU chips:

FortiGate-2201E # diagnose npu np6 npu-feature
                    np_0      np_1      np_2      np_3
------------------- --------- --------- --------- ---------
Fastpath            Enabled   Enabled   Enabled   Enabled
HPE-type-shaping    Disabled  Disabled  Disabled  Disabled

The diagnose npu np6 npu-feature command is used to identify the number of NPUs and their IDs present on the device.
This command does not provide traffic, drop, or session statistics.
NPU IDs may vary depending on the FortiGate model and hardware architecture.
Scripts must reference valid NPU IDs only; otherwise, the output will be empty.

To identify NPU IDs on NP7-based platforms, use the following command:

diagnose npu np7 info

For example, the FortiGate 2601F has a single NP7 with NPU ID 0.

F2K61F # diagnose npu np7 info
SN : F2K61FTK00000000
nr_chip : 1
np_0 : 0000:17:00.0
nr_hif_queue : 32
rx_queue_len : 4096
tx_queue_len : 4096
ddr_size : {4GB,4GB,4GB,4GB,4GB,4GB}
MAC_base : 04:01:a1:00:00:00
nr_MAC : 52
init_err : 0
rlt_start : 0
hyper_scale : 0
effective_scope : 255
temperature(Celsius)
np7_0 : 32

For example, the FortiGate 4201F has four NP7s with NPU IDs 0, 1, 2, and 3.

4201F # diagnose npu np7 info
SN : FG421FTK00000000
nr_chip : 4
np_0 : 0000:18:00.0
np_1 : 0000:3b:00.0
np_2 : 0000:86:00.0
np_3 : 0000:af:00.0
nr_hif_queue : 40
rx_queue_len : 1024
tx_queue_len : 1024
ddr_size : {8GB,8GB,8GB,8GB,4GB,4GB}
MAC_base : e0:23:ff:00:00:00
nr_MAC : 48
init_err : 0
rlt_start : 1
hyper_scale : 1
effective_scope : 255
temperature(Celsius)
np7_0 : 33
np7_1 : 33
np7_2 : 31
np7_3 : 30