cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

FWSM "show np blocks" explained

21385
Views
0
Helpful
10
Comments

 

Problem:

Scenario 1:

The "show np blocks" outputs measures the state of the three network 
processors against three different threshold values. We increment the 
appropriate threshold counter each of the 0/1/2 thresholds have been 
crossed for the number of free blocks.

FWSM/pri/act# sho np blocks 
                 MAX   FREE   THRESH_0   THRESH_1   THRESH_2
NP1 (ingress)  32768  32768          0          0          0
    (egress)  521206 521206          0          0          0
NP2 (ingress)  32768  32768          0          0          0
    (egress)  521206 521206          0          0          0
NP3 (ingress)  32768  32768          0          0          0
    (egress)  521206 521206          0          0          0

If the threshold 2 count increases, packets will still be processed and 
this is only a warning indicating that we are close to reaching the 
maximum threshold.
   
If the threshold 1 count increases, then data packets will be dropped, 
this includes packets flowing across the firewall and even those sent to 
the firewall (IP packets).

If the threshold 0 count increases, then the control packets are 
dropped, these control packets are internal packets that are passed 
across multiple processors in the system - this is very serious.

 

For further information about the role of each network processor, please reference the following document:

https://supportforums.cisco.com/docs/DOC-12713

 

Scenario 2:

Problem:

User have a customer who is migrating from a FWSM setup to an ASA5585.  They wish to know if Security Context licenses from the FWSM can transfer to the 5585. 

Solution:

No, FWSM and ASA licenses can only be transferred between identical hardware units in the event of an RMA (Return Material Authorization).Migration from one platform to another requires new licenses.

Your partner or reseller can advise you as to the possibility of a Technology Migration Program (TMP). Those are sometimes available to give customers a financial incentive (additional discount) to move off of older unsupported platforms. 

Comments
Community Member

Have a Question ,

How can i know what increased the threshould 0, 1 for any of the NP, for example if syslog increased the np 2,3 threshould 0, 1 . Is there is a way to see which source or destination caused that ?

Also i want to know how can i moniter the threshould . can i integrate it with MARS , it there a way to configure a trap like the cpu utilization trap ?

Beginner

Khalid,

There is no way to view the exact traffic flow that crossed the NP thresholds. When addressing an issue with NP oversubscription, first identify which vlan is seeing the most traffic. After identfiying this vlan, captures but be obtained from the 6500 to see all the traffic on this vlan hitting the FWSM. Using these captures we'd be able to better understand the traffic profile that is causing your NP threshold issue.

Currently, there is no way to poll the FWSM via SNMP to get the output of "show np blocks". At the moment, the only way to receive this information is to use a Perl or Expect script to log into the FWSM and gather this output in text format.

We have an enhancement request filed to integrate the NP blocks output into an SNMP OID: CSCso68256

Regards,

Rama

Rising star

Is it possible to clear these counters ? i have created a python/php script that gets the counters and indexes it in mysql db, but i would like to start on a fresh with zero values in threshold0, 1 and 2 ?

Beginner

Jan,

Unfortunately, the only way to clear these counters is to reload the FWSM. The counters are reset to zero on boot. There is no other output that can be run to reset these counters to zero. As a note, the NP stats counters can be reset to zero using "clear np all stats".

Regards,

Rama

Community Member

Hi Jan,

 

Can i see the python script you created?

Thanks.

 

/Nichlas
 

Rising star

Well, it's been 4 years, i'll see if i can find it.

Rising star

Found it on an old backup drive, i put it here : http://www.iseportal.dk/npblocks.py

It inserts the data from "show np blocks" into three different table in a mysql db (that you have to create yourself), called np1, np2 and np3. But you can of course also just print to screen or something else if you don't want a database.

Community Member

Hi Jan,

Could you please put your python script somewhere again? :)

 

Regards 

Rising star

Its up on the old link again

Community Member

awesome. I got it. thx

Content for Community-Ad

This widget could not be displayed.