Skip to Content

How to assign value as affinity CPU mask to load balance the traffic between CPU Cores of FortiGate-VM

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article describes how to assign affinity CPU mask value to specify the CPUs that the FortiGate-VM can utilize.

 

Since VM host CPU cycles are allocated to processing FortiGate-VM’s network traffic, this setup may improve FortiGate-VM network performance. CPU Affinity would also help to load balance the traffic between CPU Cores and is configured on a per-interface basis.

Scope FortiGate 7.x.x.
Solution
To get more information on Interrupt Affinity, refer to this document:

Interrupt affinity

 

To view which port/interface has the transmit and receive interrupts, please run the following CLI command:

 

diagnose hardware sysinfo interrupts

 

The output for FortiGate VM having 4 CPUs might contain this:

 

portX-TxRx-0

portX-TxRx-1

portX-TxRx-2

portX-TxRx-3

 

Sample Output:

 

FGTVMfw01 # diag hard sysinfo interrupt

CPU0 CPU1 CPU2 CPU3

0: 2 0 0 0 IO-APIC 2-edge timer

1: 9 0 0 0 IO-APIC 1-edge i8042

8: 0 0 0 0 IO-APIC 8-edge rtc

 

……

 

56: 2486 277555936 0 0 PCI-MSI 1572864-edge port1-rxtx-0

57: 0 0 0 0 PCI-MSI 1572865-edge port1-event-1

58: 2938515933 2916119929 716640069 0 PCI-MSI 2097152-edge port5-rxtx-0

59: 0 0 0 0 PCI-MSI 2097153-edge port5-event-1

60: 5553 159711 3010772476 3402032588 PCI-MSI 2621440-edge port9-rxtx-0

61: 0 0 0 0 PCI-MSI 2621441-edge port9-event-1

62: 663305959 6 2988936929 3457387955 PCI-MSI 5767168-edge port2-rxtx-0

63: 0 0 0 0 PCI-MSI 5767169-edge port2-event-1

 

Port2 and port9 are using CPU core 2 and core 3 and still showing high CPU usage. 2 more entries can be added as follows to distribute the traffic on CPU core 0 as well:

 

FGTVMfw01 # config system affinity-interrupt

(affinity-interrupt) # edit 12

(12) # set interrupt “port2-rxtx-0”

(12) # set affinity-cpumask “0x0000000000000001”

(12) # next

(affinity-interrupt) # edit 13

(13) # set interrupt “port9-rxtx-0”

(13) # set affinity-cpumask “0x0000000000000001”

(13) # end

 

Affinity CPU mask can be assigned using the following:

 

——————————————————————-

0x0000000000000001 -> That one is for CPU0

0x0000000000000002 -> This one is for CPU1

0x0000000000000004 -> That one is for CPU2

0x0000000000000008 -> This one is for CPU3

——————————————————————-

 

Note: Constant CPU usage monitoring may be needed to observe high CPU on any of the cores after the implementation.