|
This article serves to give a short overview of the cp9kxp stats table.
During troubleshooting one may encounter cp9 functions being called like cp9_ipsa_hw_mem_test in a CPU profiling.
Troubleshooting Tip: FortiGate CPU Profiling
With the following commands, the CP9 statistics can be viewed for further investigation:
diagnose cp cp9kxp stats <CP9_ID>
This cp9kxp output will show the server key exchange command counter for RSA and gcm requests from clients for each queue in CP9.
As for the acronyms in the table they relate as follows:
- modexp, cmodexp & modexp_p: RSA key exchange statistics counters.
- ecsym, ecsign & ecverf: ECDHE-GCM key exchange statistics counters.
- tgmk, tgb & tgkm: master secret counters of TLS 1.x cipher suite.
- sgmk, sgb & sgkm: master secret counters of SSL 3.0 cipher suite.
Down below is an example of increases in the master secret counters of the TLS 1.x cipher suite and increases in the ECDHE-GCM key exchange statistics counters.
FGT01 # diagnose cp cp9kxp stats 0
pq vq ln modexp modexp_p cmodexp sgmk tgmk tgb ecsign ecverf
sgb tgkm sgkm ike sgkmr ecephe ecsym rnd unknown
--- --- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
0 0 0 251324 1 15 0 0 15 0 0
0 0 0 0 0 0 0 0 5948089 0 0
1 0 0 55598 2 16 0 0 17 0 0
1 0 0 0 0 0 0 0 6816365 0 0
2 0 0 178182 1 13 0 0 13 0 0
2 0 0 0 0 0 0 0 5888549 0 0
3 0 0 79659 1 13 0 0 14 0 0
3 0 0 0 0 0 0 0 13995973 0 0
|
