Isolate CPUs used by DPDK engine
To improve DPDK performance, the CPUs that are used by the DPDK engine can be isolated from other services, except for processes that have affinity explicitly set by either a user configuration or by their implementation. FortiOS 7.0.2 and later versions support this feature.
config dpdk cpus set isolated-cpus <CPUs> end
Input CPU IDs or ranges separated by commas, or none
to not isolate CPUs for DPDK. For example, enter 1-3,5,6-9
to isolate CPUs 1,2,3,5,6,7,8, and 9.
Both the lower and upper bounds of a range must be explicitly specified. The range of isolated CPU IDs is [1-0], and CPU ID 0 is not allowed. The isolated CPU IDs must be DPDK enabled CPUs.
Reserving CPUs for DPDK may not always produce optimal performance. Users should experiment with a combination that works best for their deployment. For example, on a FortiGate VM with eight CPUs, the following configurations could be used to optimize different deployments:
To optimize CPS with logging to disk (session/sec):
config dpdk cpus set rx-cpus "1-1" set vnp-cpus "1-7" set ips-cpus "1-7" set tx-cpus "1-7" set isolated-cpus "1-7" end
To optimize proxy antivirus performance:
config dpdk cpus set rx-cpus "1-5" set vnp-cpus "1-5" set ips-cpus "1-5" set tx-cpus "1-5" set isolated-cpus "1-5" end
To optimize proxy DLP performance:
config dpdk cpus set rx-cpus "1-5" set vnp-cpus "1-5" set ips-cpus "1-5" set tx-cpus "1-5" end