This article provides information on how to identify the current mode of CPU protection.
CPU protection works in ASIC and helps to throttle the CPU traffic flow.
It can be either in normal or throttle mode, depending on the current flow and the CPU threshold.
In the normal mode, the firewall will not apply any throttling on the traffic that is headed towards the CPU.
In the throttle mode, critical traffic (such as management traffic, routing protocols, and so on) will be given more priority and the rest of the traffic will be throttled. In this mode, some of the traffic will be dropped to protect the CPU from over utilization.
The get cpu-protection detail command will identify the current mode of CPU protection and will also indicate the number of times ‘throttle’ mode has been hit.
The following command can be used to identify the current mode of CPU protection:
> get cpu-protection detail
Current usage: 20% High CPU threshold: 70%
Current working mode: throttling mode < This indicates the current mode
Counter of changing to throttling: 200 < This indicates the number of times the throttle mode has been triggered
Statistics:
class Traffic dropped passed
------------------------------------------
1 Critical 0 123450
2 BC 12340 123450
3 Non-first 0 12345
4 First 0 12345
5 Other 123450 12345
Asic[1]
Current working mode: normal mode
Counter of throttling mode engaged: 0
Max threshold of packet rate(pps): 20000
class drop pass min-rate max-rate cur-drop cur-pass
-------------------------------------------------------------------
1 0 63450 - - - 2000
2 0 63450 8000 10000 0 1500
3 0 6345 4000 5000 0 1500
4 0 6345 3000 4000 0 800
5 0 6345 2000 2500 0 2000
Asic[2]
Current working mode: normal mode
Counter of throttling mode engaged: 0
Max threshold of packet rate(pps): 20000
class drop pass min-rate max-rate cur-drop cur-pass
--------------------------------------------------------------
1 0 60000 - - - 2000
2 0 60000 8000 10000 0 1500
3 0 6000 4000 5000 0 1500
4 0 6000 3000 4000 0 800
5 0 6000 2000 2500 0 2000
It will also show the current active blacklist (if any)