08-23-2010 08:37 AM - edited 03-08-2019 06:35 PM
The "show np blocks" outputs measures the state of the three network
processors against three different threshold values. We increment the
appropriate threshold counter each of the 0/1/2 thresholds have been
crossed for the number of free blocks.
FWSM/pri/act# sho np blocks
MAX FREE THRESH_0 THRESH_1 THRESH_2
NP1 (ingress) 32768 32768 0 0 0
(egress) 521206 521206 0 0 0
NP2 (ingress) 32768 32768 0 0 0
(egress) 521206 521206 0 0 0
NP3 (ingress) 32768 32768 0 0 0
(egress) 521206 521206 0 0 0
If the threshold 2 count increases, packets will still be processed and
this is only a warning indicating that we are close to reaching the
maximum threshold.
If the threshold 1 count increases, then data packets will be dropped,
this includes packets flowing across the firewall and even those sent to
the firewall (IP packets).
If the threshold 0 count increases, then the control packets are
dropped, these control packets are internal packets that are passed
across multiple processors in the system - this is very serious.
For further information about the role of each network processor, please reference the following document:
https://supportforums.cisco.com/docs/DOC-12713
Problem:
User have a customer who is migrating from a FWSM setup to an ASA5585. They wish to know if Security Context licenses from the FWSM can transfer to the 5585.
Solution:
No, FWSM and ASA licenses can only be transferred between identical hardware units in the event of an RMA (Return Material Authorization).Migration from one platform to another requires new licenses.
Your partner or reseller can advise you as to the possibility of a Technology Migration Program (TMP). Those are sometimes available to give customers a financial incentive (additional discount) to move off of older unsupported platforms.
Have a Question ,
How can i know what increased the threshould 0, 1 for any of the NP, for example if syslog increased the np 2,3 threshould 0, 1 . Is there is a way to see which source or destination caused that ?
Also i want to know how can i moniter the threshould . can i integrate it with MARS , it there a way to configure a trap like the cpu utilization trap ?
Khalid,
There is no way to view the exact traffic flow that crossed the NP thresholds. When addressing an issue with NP oversubscription, first identify which vlan is seeing the most traffic. After identfiying this vlan, captures but be obtained from the 6500 to see all the traffic on this vlan hitting the FWSM. Using these captures we'd be able to better understand the traffic profile that is causing your NP threshold issue.
Currently, there is no way to poll the FWSM via SNMP to get the output of "show np blocks". At the moment, the only way to receive this information is to use a Perl or Expect script to log into the FWSM and gather this output in text format.
We have an enhancement request filed to integrate the NP blocks output into an SNMP OID: CSCso68256
Regards,
Rama
Is it possible to clear these counters ? i have created a python/php script that gets the counters and indexes it in mysql db, but i would like to start on a fresh with zero values in threshold0, 1 and 2 ?
Jan,
Unfortunately, the only way to clear these counters is to reload the FWSM. The counters are reset to zero on boot. There is no other output that can be run to reset these counters to zero. As a note, the NP stats counters can be reset to zero using "clear np all stats".
Regards,
Rama
Hi Jan,
Can i see the python script you created?
Thanks.
/Nichlas
Well, it's been 4 years, i'll see if i can find it.
Found it on an old backup drive, i put it here : http://www.iseportal.dk/npblocks.py
It inserts the data from "show np blocks" into three different table in a mysql db (that you have to create yourself), called np1, np2 and np3. But you can of course also just print to screen or something else if you don't want a database.
Hi Jan,
Could you please put your python script somewhere again? :)
Regards
Its up on the old link again
awesome. I got it. thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: