Fortinet black logo

New Features

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Adding CPU affinity for URL filters  6.2.1

Adding CPU affinity for URL filters 6.2.1

On some high-end models, the CPU core number is quite big. For example, the FortiGate 3600E has 88 CPU cores. For this model, single-process URL filter daemons may cause a performance bottleneck for the FortiGuard URL rating.

This feature enhances URL filter daemon performance with two extensions:

  1. Implementing a URL filter daemon as a multi-process daemon.
  2. Making CPU affinity configurable for a URL filter daemon. It is now possible to dedicate certain CPUs to run a URL filter daemon.

Other changes include higher scheduling priority for URL filter daemons and cache processing algorithm optimization.

To configure the CPU affinity using the CLI:
config system global
    set url-filter-affinity <0xstring> (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx) 
    set url-filter-count <integer,1-10>
end
Note

The lowest bitmask is CPU0. If the bitmask is 1, this means the process can run on this CPU core. For example, set url-filter-affinity 0x03 <0x03=00000011> means the URL filter will only run on core0 and core1.

For the url-filter-count, the maximum URL filter process count is CPU num+9/10, up to 10. For example, for a FortiGate 1500D with 12 cores, you can set url-filter-count 2. For a FortiGate with less than 11 CPU cores, you can only set url-filter-count 1, which is the default value.
Previous
Next

Adding CPU affinity for URL filters 6.2.1

On some high-end models, the CPU core number is quite big. For example, the FortiGate 3600E has 88 CPU cores. For this model, single-process URL filter daemons may cause a performance bottleneck for the FortiGuard URL rating.

This feature enhances URL filter daemon performance with two extensions:

  1. Implementing a URL filter daemon as a multi-process daemon.
  2. Making CPU affinity configurable for a URL filter daemon. It is now possible to dedicate certain CPUs to run a URL filter daemon.

Other changes include higher scheduling priority for URL filter daemons and cache processing algorithm optimization.

To configure the CPU affinity using the CLI:
config system global
    set url-filter-affinity <0xstring> (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx) 
    set url-filter-count <integer,1-10>
end
Note

The lowest bitmask is CPU0. If the bitmask is 1, this means the process can run on this CPU core. For example, set url-filter-affinity 0x03 <0x03=00000011> means the URL filter will only run on core0 and core1.

For the url-filter-count, the maximum URL filter process count is CPU num+9/10, up to 10. For example, for a FortiGate 1500D with 12 cores, you can set url-filter-count 2. For a FortiGate with less than 11 CPU cores, you can only set url-filter-count 1, which is the default value.
Previous
Next