Description | This article describes a scenario where the use of software switches could result in high CPU softirq usage. |
Scope | FortiOS. |
Solution |
The FortiGate’s software switch is implemented at the software level and therefore relies heavily on the unit’s CPU. Because of this, one needs to plan carefully when designing or implementing network solutions around software switches.
If too many of them (software switches) are configured and made active at the same time and a high amount of traffic is being placed on port/s that are members of the software switch, it could easily drive up the CPU’s softirq usage and cause network downtime.
The more traffic possessed on the interfaces that are in or allocated to the software switch, the higher the likelihood of triggering the high softirq usage.
One might be eager to perform an upgrade when facing this issue, thinking it is a bug. However, firmware upgrade/s is not likely going to help, as this will not address the root cause of the issue.
High softirq usage or softirq status can be checked with the following commands:
get sys performance status CPU states: 2% user 0% system 0% nice 44% idle 0% iowait 0% irq 54% softirq CPU0 states: 0% user 0% system 0% nice 52% idle 0% iowait 0% irq 48% softirq CPU1 states: 1% user 0% system 0% nice 39% idle 0% iowait 0% irq 60% softirq CPU2 states: 0% user 0% system 0% nice 47% idle 0% iowait 0% irq 53% softirq CPU3 states: 5% user 0% system 0% nice 40% idle 0% iowait 0% irq 55% softirq Memory: 3112504k total, 885564k used (28.5%), 2075204k free (66.7%), 151736k freeable (4.9%)
The above unit was facing an issue when the log was collected, despite the memory usage and the CPU usage seems normal. Reduce the number of software switches used on the unit or remove interfaces with a high amount of traffic from the software switch membership to fix this issue.
More information about the FortiGate software switch can be found there: Software switch. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.