Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2731
Views
6
Helpful
8
Replies

How many CPU in Firepower 4110

bernardca
Level 1
Level 1

‎12-02-2022 12:55 PM

How wonder how many CPU there is in a Firepower Chassis FPR-4110-K9?

Two commands with different results. The command "show cpu detailed" gives 8 CPU or core and cat /proc/cpuinfo show 24 CPUs.

> show cpu detailed

Break down of per-core data path versus control point cpu usage:
Core 5 sec 1 min 5 min
Core 0 2.4 (2.2 + 0.2) 2.8 (2.6 + 0.2) 2.8 (2.5 + 0.2)
Core 1 3.0 (3.0 + 0.0) 3.8 (3.8 + 0.0) 3.6 (3.6 + 0.0)
Core 2 3.2 (3.2 + 0.0) 3.9 (3.9 + 0.0) 3.6 (3.6 + 0.0)
Core 3 3.2 (3.2 + 0.0) 3.8 (3.8 + 0.0) 3.6 (3.6 + 0.0)
Core 4 2.2 (2.2 + 0.0) 2.8 (2.6 + 0.2) 2.8 (2.5 + 0.2)
Core 5 3.4 (3.4 + 0.0) 3.9 (3.9 + 0.0) 3.6 (3.6 + 0.0)
Core 6 3.2 (3.2 + 0.0) 3.9 (3.9 + 0.0) 3.6 (3.6 + 0.0)
Core 7 3.2 (3.2 + 0.0) 3.8 (3.8 + 0.0) 3.5 (3.5 + 0.0)

Current control point elapsed versus the data and control point elapsed for:
5 seconds = 4.1%; 1 minute: 4.1%; 5 minutes: 4.1%


CPU utilization of external processes for:
5 seconds = 0.0%; 1 minute: 0.0%; 5 minutes: 0.0%


Total CPU utilization for:
5 seconds = 3.1%; 1 minute: 3.7%; 5 minutes: 3.5%

>


admin@pgirfw102:/opt/cisco/csp/applications$ cat /proc/cpuinfo | grep processor
processor : 0
processor : 1
processor : 2
processor : 3
processor : 4
processor : 5
processor : 6
processor : 7
processor : 8
processor : 9
processor : 10
processor : 11
processor : 12
processor : 13
processor : 14
processor : 15
processor : 16
processor : 17
processor : 18
processor : 19
processor : 20
processor : 21
processor : 22
processor : 23

 

0 Helpful
8 Replies 8

manabans
Cisco Employee
Cisco Employee

‎12-03-2022 09:01 PM

In FTD expert mode, you can check the number of CPUs using the command pmtool show affinity.
FPR 4110 has 24 CPU cores. The security module requires a minimum of two logical CPU cores for FXOS. In other words, the security module’s total number of application CPU cores available for allotment to instances is two logical CPU cores less than the available logical CPU cores.

Screenshot 2022-12-04 at 10.29.29 AM.png

Refer to Table 7 - Maximum Container Instances and Resources per Model
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/firepower_threat_defense_logical_devices_for_the.html#id_77542 

0 Helpful

bernardca
Level 1
Level 1
In response to manabans

‎12-13-2022 06:32 AM

Here is the output of "pmtool show affinity". How should we read it? Is it a matter of counting the number of CPU with a lina process?

root@pgirfw102:~# pmtool show affinity
Received status (0):

Affinity Status

System CPU Affinity: 1,13 (desired: 1,13)

Process CPU Affinity:
CPU 0:
CPU 1:
CPU 2:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 3:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 4:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 5:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 6:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d01 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (6, desired: 6)
CPU 7:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d03 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (7, desired: 7)
CPU 8:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d05 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (8, desired:
CPU 9:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d07 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (9, desired: 9)
CPU 10:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d09 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (10, desired: 10)
CPU 11:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d11 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (11, desired: 11)
CPU 12:
CPU 13:
CPU 14:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 15:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 16:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 17:
lina (/ngfw/usr/local/sf/bin/consoled) (2-5,14-17, desired: 2-5,14-17)
CPU 18:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d02 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (18, desired: 18)
CPU 19:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d04 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (19, desired: 19)
CPU 20:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d06 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (20, desired: 20)
CPU 21:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d08 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (21, desired: 21)
CPU 22:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d10 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (22, desired: 22)
CPU 23:
17237098-e1d8-11e7-9376-c0d2fb18c27e-d12 (/ngfw/var/sf/detection_engines/17237098-e1d8-11e7-9376-c0d2fb18c27e/snort) (23, desired: 23)

Process Affinity:
lina (desired: 2-5,14-17, actual: 2-5,14-17)

 

0 Helpful

tvotna
Spotlight
Spotlight

‎12-05-2022 03:16 AM

"show cpu system core" should also help, but this is from FTD 6.7 and up, if I'm not mistaken. In 7.0 it will show all CPU cores, while "show cpu detailed" only displays CPU cores used by Lina datapath.

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-13-2022 07:10 AM - edited ‎12-13-2022 09:04 AM

As shown in the affinity output, the system uses 2 cores (constant value), LINA (Linux on ASA - the firewall subsystem or data plane) uses 8 cores (also a constant value), and "Snort" (the IPS subsystem) is currently using 6 cores. So 16 of 22 cores are in use. The system could spawn additional Snort instances to use up the other 6 available cores as needed.

You may want to look and listen to at Cisco Live presentation BRKSEC-3035 (edited) for more details.

0 Helpful

bernardca
Level 1
Level 1
In response to Marvin Rhoads

‎12-13-2022 08:55 AM

Thanks Marvin!  

Presentation BRKSEC-3045 does not seem to have anything to do with my question. 

0 Helpful

Sp@wn
Level 1
Level 1
In response to Marvin Rhoads

‎07-09-2024 01:02 AM

Hello Marvin,

Is there any way to see fxos system cpu usage?

Regards,

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Sp@wn

‎07-09-2024 05:40 AM

There are a few obscure commands you can run but it's generally easier to use the FMC Health Monitor.

For instance, there is this fxos command: scope ssa > show slot detail expand

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/CLI_Reference_Guide/b_FXOS_CLI_reference/b_CLI_reference_chapter_0100.html?bookSearch=true#wp3846370680

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-13-2022 09:03 AM

Sorry, the correct number is BRKSEC-3035, "Firepower Platform Deep Dive" by Andrew Ossipov.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card