Enable NUMA Performance Optimization on the VM-Series

To improve performance of your VM-Series firewalls, you can enable non-uniform memory access (NUMA) performance optimization. When NUMA performance optimization is enabled, the VM-Series firewall dataplane uses vCPUs attached to NUMA node 0. The VM-Series firewall dataplane uses vCPUs belonging to NUMA node 0 only. The VM-Series management plane uses core 0 and the remaining vCPUs on NUMA node 0 can be used by the VM-Series dataplane. This feature requires PAN-OS 10.1.1 or later and VM-Series plugin 2.1.1 or later.
NUMA performance optimization is disabled by default in PAN-OS 10.1.
If you have a device that contains 64 cores across two NUMA nodes, when NUMA performance optimization is not enabled, the dataplane vCPUs used by the VM-Series firewall might be on different nodes, which impacts performance. For example, if your system is organized shown in the following example and you deploy a VM-Series firewall with 32 total cores with 24 dataplane cores. Without NUMA performance optimization, the VM-Series firewall uses cores 1 through 15 on Node 0 and 16 to 24 on Node 1 because it assigns cores in numerical order, regardless of the node location. With NUMA optimization enables, the VM-Series only uses cores on Node 0, in this case 1 through 15 and 33 through 39, regardless of the numerical order. Any cores not used by the dataplane are assigned to the management plane.
If the number of cores assigned to your VM-Series firewall exceeds the number of vCPUs on Node 0, the VM-Series uses all the cores on Node 0 but does not use any cores from other nodes. For example, if you assign 30 cores to your VM-Series firewall but Node 0 has only 24 cores, the VM-Series firewall will only use the 24 cores on Node 0 for the dataplane.
  1. Log in to the VM-Series CLI.
  2. Execute the following command.
    request plugins vm_series numa-perf-optimize enable on
    Previous NUMA performance optimization: None
    Requested NUMA performance optimization: Enabled
    Please reboot the PA-VM.
  3. After the reboot is complete, log in to the VM-Series CLI and verify that NUMA optimization was enabled.
    show plugins vm_series numa-perf-optimize
    NUMA performance optimization: Enabled
  4. Verify the number of dataplane cores.
    show plugins vm_series dp-cores
    Device current DP cores: 15 (Total cores: 16)
  5. To disable NUMA performance optimization, use the following command. This command requires you to reboot the VM-Series firewall.
    request plugins vm_series numa-perf-optimize enable off

Recommended For You