High CPU Usage on the Eudemon 1000E-U/X

Publication Date:  2013-05-02 Views:  367 Downloads:  0
Issue Description
After ACL for the packet filtering is configured on the firewall, the CPU usage becomes high. The highest CPU usage reaches 89%, which greatly affects services.

<Eudemon> display cpu-usage-for-user
===== Current CPU usage info =====
CPU Average Usage (5 seconds)            : 89%
CPU Average Usage (30 seconds)           : 86%
CPU Average Usage (5 minutes)            : 75%
Alarm Information
None
Handling Process
Enable the ACL acceleration function.
[Eudemon] acl accelerate enable
Root Cause
1. High CPU usage is caused by the interzone packet filtering function. Therefore, the problem is associated with the ACL. Check the configuration of ACL3111. ACL3111 contains more than 9000 rules. The first part of ACL3111 consists of the deny rules. The last rule is the permit rule. That is, the permit rule is matched only when more than 9000 rules are matched. If the rate of a new session is high, high CPU usage is caused.
2. According to the initial analysis, the problem is caused by too many ACL rules. The ACL acceleration must be enabled. After the ACL acceleration is enabled and packet filtering is configured for interzone applications, the CPU usage does not change basically. If the ACL acceleration is disabled, the CPU usage increases to 19%. At that time, the new session rate is only 700 pieces per second. If the new session rate reaches 8000 pieces/second, the CPU usage may increase to 89%. The CPU usage restores to the normal value after ACL acceleration is re-enabled.

[Eudemon] display cpu-usage-for-user          //The CPU usage when the ACL acceleration is disabled.
===== Current CPU usage info =====
CPU Average Usage (5 seconds)            : 19%
CPU Average Usage (30 seconds)           : 11%
CPU Average Usage (5 minutes)            : 9%
[Eudemon] acl accelerate enable          //Enable the ACL acceleration again.
Current fit to accelerate ACL rule number(exclude interface ACL) : 9671
Please wait ...
Done
[Eudemon] display cpu-usage-for-user          //The CPU usage restores to normal state.
===== Current CPU usage info =====
CPU Average Usage (5 seconds)            : 8%
CPU Average Usage (30 seconds)           : 8%
CPU Average Usage (5 minutes)            : 9%
Suggestions
The ACL contains too many rules and the ACL acceleration is not enabled. Therefore, the ACL rule matching costs a large amount of CPU resources. As a result, the CPU usage increases.

END