Description
This article describes how to detect potential congestion at the host interface (HIF) of the NP7/NP7Lite. Congestion at this layer can lead to packet drops or degraded throughput, especially during traffic spikes. Monitoring key counters in hif-stats can help proactively identify bottlenecks or capacity issues on FortiGate G-series devices.
Scope
FortiGate devices with NP7 or NP7Lite ASICs.
Solution
Run the following command to check the host interface statistics:
NP7.
diagnose npu np7 hif-stats all
NP7Lite.
diagnose npu np7lite hif-stats 0
Sample output:
NP7.
Fortigate # diagnose npu np7 hif-stats all
[NP7_0]
RX pkts msg ipsec ipt cwp dvlif e_nlif e_len e_nomem e_ipsec e_ipt e_cwp t_lpbk t_drop sg e_sg e_hairpin
TX pkts cmd clean ips_ofld frags npu_proc e_pkt_full e_cmd_full e_headroom e_frag intr pad e_pad e_nturbo
---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
rx0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx2 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx5 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx9 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx12 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx13 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx14 8 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
rx15 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
Total_Queue:8
RX PKTS :32
TX PKTS :0
RX MSG :5
TX CMD :0
NP7Lite.
FWPTSEDS0102 # diagnose npu np7lite hif-stats 0
RX pkts msg ipsec ipt gre cwp dvlif e_nlif e_nodev e_len e_nomem e_ipsec e_ipt e_gre e_cwp
t_lpbk t_drop
TX pkts cmd clean ips_ofld frags npu_proc e_pkt_full e_cmd_full e_headroom e_frag pad e_pad
---- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------
--- ---------- ----------
rx0 455154 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0
tx0 640457 0 640457 0 0 0 0 0 0 0 0 0
... (snipped for brevity)
Focus on the TX section of the output. Monitor these two critical counters:
|
Counter
|
Description
|
|
e_pkt_full
|
TX packet drops due to full host interface buffer – indicates output congestion
|
|
e_cmd_full
|
TX command drops due to full command queue
|
These counters should ideally remain at zero. If either value is increasing, it could indicate congestion under high traffic.
Important notes:
- Always correlate e_pkt_full and e_cmd_full with periods of high traffic or known performance degradation.
- Run multiple captures to identify trends or sustained congestion.
