Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tgirard
Staff
Staff

Created on ‎09-20-2023 01:46 AM Edited on ‎09-20-2023 01:46 AM By Community Manager

Article Id 274637

Technical Tip: Identifying a packet loss condition due to high CPU: NP7 versus NP6

Description This article discusses a specific packet loss condition triggered when the CPUs of a device are not able to process the volume of incoming traffic from the network adapter (NPU: network Processor unit).
Scope NP7 versus NP6.
Solution

When this happens, the CPU will reach a very high percentage in the softirq category as printed below:

 

get system performance status
CPUx states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 90% softirq

 

However, this command displays the real-time status of the CPUs, and a transient condition might no longer be visible by using this command.

The persistent information about this condition being triggered is gathered by looking at some counters inside the NPs.

 

For NP6-based devices, this information is stored in the below counters returned by the following command:


diag npu np6 dce x ( x being the Np identifier)
PDQ_OSW_HRX1 :0000000021737063 PDQ_OSW_HRX0 :0000000022951677

 

For NP7-based devices, there are 2 ways to get this information:


diag npu np7 dce-drop-all all


Search for the <DSW drop counters> section or use:


diag npu np7 dsw-drop-all all

<DSW drop counters>
[NP7_0]
SSE0 -> HRX 2895874639
SSE1 -> HRX 3008246856
SSE2 -> HRX 2952770306
SSE3 -> HRX 2930790221

 

Among the various counters printed, if the above counters are incrementing, this is an indication that this packet is matching the loss condition.
These commands are to be used and interpreted with the assistance of a Fortinet technical engineer.
2332
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.