Dataplane pool utilization high-paloaltonetworks-panos

error
panos
paloaltonetworks
Dataplane pool utilization high-paloaltonetworks-panos
0

#1

dataplane pool utilization high-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Palo Alto Networks Firewalls: dataplane pool utilization high",
"The dataplane of a Palo Alto Networks firewall has several pools, each with a different role. indeni will alert when a pool is near exhaustion.

Remediation Steps:
Contact Palo Alto Networks technical support.

How does this work?
This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of all the pools. The output includes the total size of the pools and how many elements are available. indeni utilizes this output to determine when the pool is running low on available elements.

Why is this important?
On a Palo Alto Networks firewall, the data plane is where the traffic is handled. In the course of processing traffic the firewall needs to retain certain bits of information. This information is saved in pools of memory, easily accessible but limited in size. When the firewall needs to save information it retrieves a member of the pool and when it is done it returns it. If a pool runs out of members the firewall may have trouble handling traffic, potentially losing part of it.

Without Indeni how would you find this?
An administrator would need to write a script to poll their firewalls for the information, or simply wait until there’s an issue and open a support ticket with TAC.

panos-debug-dataplane-pool-statistics

#! META
name: panos-debug-dataplane-pool-statistics
description: Grab debug dataplane pool statistics
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: "paloaltonetworks"
    os.name: "panos"
    product: "firewall"

#! COMMENTS
dataplane-pool-used:
    why: |
        On a Palo Alto Networks firewall, the data plane is where the traffic is handled. In the course of processing traffic the firewall needs to retain certain bits of information. This information is saved in pools of memory, easily accessible but limited in size. When the firewall needs to save information it retrieves a member of the pool and when it is done it returns it. If a pool runs out of members the firewall may have trouble handling traffic, potentially losing part of it.
    how: |
        This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of all the pools. The output includes the total size of the pools and how many elements are available. indeni utilizes this output to determine when the pool is running low on available elements.
    without-indeni: |
        An administrator would need to write a script to poll their firewalls for the information, or simply wait until there's an issue and open a support ticket with TAC.
    can-with-snmp: false
    can-with-syslog: false
dataplane-pool-limit:
    skip-documentation: true

#! REMOTE::SSH
debug dataplane pool statistics

#! PARSER::AWK

#[ 0] Packet Buffers            :   262062/262144   0x8000000020c00000
#[ 1] Work Queue Entries        :   491466/491520   0x8000000410000000
/^DP / {
    dp = $2
    sub(/\:/, "", dp)
}

#[ 0] Packet Buffers            :    57343/57344    0x7f0002005d00
#[10] SML VM Vchecks            :    65536/65536    0x7f005c226ef8
/^\[[0-9 ]+\]/ {
    # Get the pool name
    line = $0
    sub(/\[.*?\]\s*/, "", line)
    sub(/\:.*/, "", line)
    sub(/[ ]$/, "", line)
    poolname = line

    # Get pool utilization
    util = $(NF-1)
    split(util, util_parts, "/")
    limit = util_parts[2]
    used = limit - util_parts[1]

    pooltags["name"] = dp "-" poolname
    writeDoubleMetric("dataplane-pool-used", pooltags, "gauge", 1800, used)
    writeDoubleMetric("dataplane-pool-limit", pooltags, "gauge", 1800, limit)
}

panos-debug-dataplane-pool-statistics

#! META
name: panos-debug-dataplane-pool-statistics
description: Grab debug dataplane pool statistics
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: "paloaltonetworks"
    os.name: "panos"
    product: "firewall"

#! COMMENTS
dataplane-pool-used:
    why: |
        On a Palo Alto Networks firewall, the data plane is where the traffic is handled. In the course of processing traffic the firewall needs to retain certain bits of information. This information is saved in pools of memory, easily accessible but limited in size. When the firewall needs to save information it retrieves a member of the pool and when it is done it returns it. If a pool runs out of members the firewall may have trouble handling traffic, potentially losing part of it.
    how: |
        This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of all the pools. The output includes the total size of the pools and how many elements are available. indeni utilizes this output to determine when the pool is running low on available elements.
    without-indeni: |
        An administrator would need to write a script to poll their firewalls for the information, or simply wait until there's an issue and open a support ticket with TAC.
    can-with-snmp: false
    can-with-syslog: false
dataplane-pool-limit:
    skip-documentation: true

#! REMOTE::SSH
debug dataplane pool statistics

#! PARSER::AWK

#[ 0] Packet Buffers            :   262062/262144   0x8000000020c00000
#[ 1] Work Queue Entries        :   491466/491520   0x8000000410000000
/^DP / {
    dp = $2
    sub(/\:/, "", dp)
}

#[ 0] Packet Buffers            :    57343/57344    0x7f0002005d00
#[10] SML VM Vchecks            :    65536/65536    0x7f005c226ef8
/^\[[0-9 ]+\]/ {
    # Get the pool name
    line = $0
    sub(/\[.*?\]\s*/, "", line)
    sub(/\:.*/, "", line)
    sub(/[ ]$/, "", line)
    poolname = line

    # Get pool utilization
    util = $(NF-1)
    split(util, util_parts, "/")
    limit = util_parts[2]
    used = limit - util_parts[1]

    pooltags["name"] = dp "-" poolname
    writeDoubleMetric("dataplane-pool-used", pooltags, "gauge", 1800, used)
    writeDoubleMetric("dataplane-pool-limit", pooltags, "gauge", 1800, limit)
}

panw_pool_usage_

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/sync_core_rules/paloalto/DataplanePoolUsageRule.scala