Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Hardware Acceleration

NP7 HPE packet flow and host queues

The NP7 HPE configuration is applied to all NP7 processors in the FortiGate. Each NP7 processor has multiple host queues and each HPE packets-per-second setting is applied separately to each host queue. The actual amount of traffic allowed by an HPE threshold depends on the number of host queues that the NP7 processor has. You can use the following command to see the number of host queues of the NP7 processors in your FortiGate.

For example, for a FortiGate-1800F, the following command output shows that the number of host queues is 16 (hif->nr_ring:16).

diagnose npu np7 hpe | grep ring 
PE HW pkt_credit:29632 , tsref_inv:20000, tsref_gap:32, hpe_refskip:0 , hif->nr_ring:16

Based on the number of host queues, you can calculate the total number of packets per second allowed for a given HPE threshold. Some examples:

  • The FortiGate-1800F has one NP7 processor and all front panel data interfaces are connected to this NP7 processor over the integrated switch fabric. The default all-protocol setting of 400000 limits the total number of host packets per second that the FortiGate-1800F can process to 400000 x 16 = 6,400,000 host packets per second.

  • The FortiGate-4400F has six NP7 processors and each NP7 processor has 40 host queues. All front panel data interfaces are connected to all NP7 processors over the integrated switch fabric. The default all-protocol setting of 400000 limits the total number of host packets per second that the FortiGate-4400F can process to 400000 x 40 x 6 = 96,000,000 host packets per second.

  • If all-protocol is set to 0, the limits applied by individual HPE options are also calculated in the same way. For example, the FortiGate-4200F has four NP7 processors and each NP7 processor has 40 host queues. All front panel data interfaces are connected to all NP7 processors over the integrated switch fabric. If all-protocol is set to 0, the default tcpsyn-ack-max setting of 40000 limits the of total number of TCP SYN_ACK host packets per second that the FortiGate-4200F can process to 40000 x 40 x 4 = 6,400,000 TCP SYN_ACK host packets per second.

HPE packet flow with multiple NP7 processors

NP7 HPE packet flow and host queues

The NP7 HPE configuration is applied to all NP7 processors in the FortiGate. Each NP7 processor has multiple host queues and each HPE packets-per-second setting is applied separately to each host queue. The actual amount of traffic allowed by an HPE threshold depends on the number of host queues that the NP7 processor has. You can use the following command to see the number of host queues of the NP7 processors in your FortiGate.

For example, for a FortiGate-1800F, the following command output shows that the number of host queues is 16 (hif->nr_ring:16).

diagnose npu np7 hpe | grep ring 
PE HW pkt_credit:29632 , tsref_inv:20000, tsref_gap:32, hpe_refskip:0 , hif->nr_ring:16

Based on the number of host queues, you can calculate the total number of packets per second allowed for a given HPE threshold. Some examples:

  • The FortiGate-1800F has one NP7 processor and all front panel data interfaces are connected to this NP7 processor over the integrated switch fabric. The default all-protocol setting of 400000 limits the total number of host packets per second that the FortiGate-1800F can process to 400000 x 16 = 6,400,000 host packets per second.

  • The FortiGate-4400F has six NP7 processors and each NP7 processor has 40 host queues. All front panel data interfaces are connected to all NP7 processors over the integrated switch fabric. The default all-protocol setting of 400000 limits the total number of host packets per second that the FortiGate-4400F can process to 400000 x 40 x 6 = 96,000,000 host packets per second.

  • If all-protocol is set to 0, the limits applied by individual HPE options are also calculated in the same way. For example, the FortiGate-4200F has four NP7 processors and each NP7 processor has 40 host queues. All front panel data interfaces are connected to all NP7 processors over the integrated switch fabric. If all-protocol is set to 0, the default tcpsyn-ack-max setting of 40000 limits the of total number of TCP SYN_ACK host packets per second that the FortiGate-4200F can process to 40000 x 40 x 4 = 6,400,000 TCP SYN_ACK host packets per second.

HPE packet flow with multiple NP7 processors