Description

This article outlines how to detect potential memory leaks or buffer allocation issues within the NP7Lite ASIC’s Packet Buffer Allocator (PBA) module. This is critical for identifying packet drops or queue stalls due to buffer exhaustion on G-series FortiGate models.

Scope

FortiGate devices equipped with NP7Lite ASICs (e.g., FG-91G, FG-120G).
Only applicable during idle conditions (no traffic).

Solution

Use the following command to check the PBA state:

diagnose npu np7lite pba 0

This command compares buffer statistics:

• normal: Expected free buffer count when idle.
• Current: Actual free buffer count at runtime.
• Delta: Difference between expected and actual.

Important notes:

• This command must only be run when traffic is idle (e.g., during a maintenance window or after isolating the unit).
• Multiple iterations should be captured over time to identify leaks or trends.

Observed Behavior:

• In a healthy state:

FortiGate-91G # diagnose npu np7lite pba 0

     normal   current  Delta    Empty   

pba  0000179b 0000179b 0        0 

• When a leak is detected:

device (global) # diagnose npu np7lite pba 0

     normal   current  Delta    Empty   

pba  0000179b 00001798 3        0       

+0200 !!!Leak!!!

If normal and current PBA/DBA/HBA values differ while idle, the output will display !!!Leak!!!.

It indicates one or more NP7Lite modules are holding memory buffers and not releasing them.

This output means 3 buffers are unaccounted for, and the system suspects a memory leak or buffer mismanagement in NP7Lite.