Description

This article describes how to Investigate high CPU usage on FortiSwitch.

Scope

FortiSwitch.

Solution

Normally, FortiSwitch might have CPU usage peaks and it is normal behavior if there are some advanced features enabled like Sflow, Port Span, Rspan, and ERSPAN. There is nothing to worry about. 

However, if there is a sustained high CPU consumption, this should be investigated if it is causing low network performance. The most common culprits could be incorrect or non-optimized configurations or network instability.

The FortiSwitch GUI interface is not designed for long-term monitoring and it is best to capture device performance metrics indirectly using SNMP. High system resource usage by the HTTPSD daemon should be expected due to widgets displayed on the landing page. It will stop when the unit is logging off and display other GUI sections with no widgets.

To expedite analysis by a TAC engineer, include the following information when opening a ticket to investigate this kind of behavior:

• If the FortiSwitch is managed by the FortiGate (OR) if it is in standalone FortiSwitwitch.
• How long this behavior is experienced
• If there are any recent changes such as configuration changes, software upgrades, etc. before the problem.
• How many FortiSwitches are connected to the network.
• How many offending FortiSwitches are connected to the network.
• If the problem is specific to a particular FortiSwitch witch (OR) all models of FprtiSwitches.

Use a CLI command executor to retrieve the following information and save it into a text file.

Technical Tip: How to create a log file of a session using PuTTY

Provide the following output from the affected FortiSwitch: Do not log into the Fortiswitch WEB GUI or another concurrent SSH session on the affected device while performing the following diagnostics:

fnsysctl top  <- Run this for a minute when the CPU is going high. To stop, press Ctrl + C.

diag sys top <- Run this for a minute when the CPU is going high. To stop, press Ctrl + C.

diagnose switch physical-port linerate up <- Run this for a minute when the CPU usage is high. To stop, press Ctrl + C.

get system performance status <- Execute 3-4 times.

get hardware cpu

fnsysctl ps

diagnose hardware sysinfo memory

fn ps -wl

fn ps -lw

diagnose hardware sysinfo slab

diagnose hardware certificate

diagnose debug crashlog read

get switch modules summary

get switch modules detail

get switch modules status

get switch modules limits

diagnose debug report

If the FortiSwitch is managed by FortiGate, configure the file from the FortiGate under Wifi and switch-controller -> Managed Fortiswitch -> Topology.