Dear All,

Unfortunately I am facing with the following issue. Nowadays on one of our firewall the CPU utilization is very high. Here is some output from the firewall statistics:

// CPU utilization, during the load but it can be higher, not just 80%

Num of CPUs:      2

      CPU      Used

        0       80%

        1       37%

// The Total traffic

Totals                 Mbps           pps

TCP                      85        14,852

UDP                      13         3,512

Other                    34         5,748

// The protocols

Protocol               Mbps           pps

TCP:https                55         9,679

Other:-1                 34         5,748

TCP:http-alt             21         3,863

UDP:ipsec-nat-t           9         1,915

TCP:http                  7         1,180

UDP:twrpc                 2           958

UDP:cleanerliverc         1           255

TCP:53959                 0            63

UDP:50366                 0            63

UDP:5246                  0            31

The Other:-1 traffic is hugh amount of etherIP traffic

// fwaccel stat output

Accelerator Status : on
Accept Templates   : enabled
Drop Templates     : enabled
NAT Templates      : disabled by user

Accelerator Features : Accounting, NAT, Cryptography, Routing,
                       HasClock, Templates, Synchronous, IdleDetection,
                       Sequencing, TcpStateDetect, AutoExpire,
                       DelayedNotif, TcpStateDetectV2, CPLS, McastRouting,
                       WireMode, DropTemplates, NatTemplates,
                       Streaming, MultiFW, AntiSpoofing, Nac,
                       ViolationStats, AsychronicNotif, ERDOS,
                       NAT64, GTPAcceleration, SCTPAcceleration,
                       McastRoutingV2
Cryptography Features : Tunnel, UDPEncapsulation, MD5, SHA1, NULL,
                        3DES, DES, CAST, CAST-40, AES-128, AES-256,
                        ESP, LinkSelection, DynamicVPN, NatTraversal,
                        EncRouting, AES-XCBC, SHA256

// fwaccel stats -s output

Accelerated conns/Total conns : 41/2851 (1%)
Accelerated pkts/Total pkts   : 15216180/46515424 (32%)
F2Fed pkts/Total pkts   : 9724592/46515424 (20%)
PXL pkts/Total pkts   : 21574652/46515424 (46%)
QXL pkts/Total pkts   : 0/46515424 (0%)

// In cpview I see that this Other traffic goes via F2F, thus this can raise the CPU utilization

F2F Reasons

Reason                         #Packets      % out of Total
pkt is a fragment                 2,263                  0%
ICMP miss conn                   36,741                  0%
TCP-SYN miss conn             1,043,260                  1%
TCP-other miss conn              27,385                  0%
UDP miss conn                   751,171                  1%
other miss conn                      34                  0%
ICMP conn is F2Fed               16,246                  0%
TCP conn is F2Fed               271,550                  0%
UDP conn is F2Fed                15,449                  0%
other conn is F2Fed          49,669,199                 94%  <<< Every etherIP goes via F2F
TCP state viol                   85,780                  0%
out if not def/accl               3,343                  0%
partial conn                     11,990                  0%
PXL returned F2F                417,188                  0%
general reason                       17                  0%

I would like to ask, is there any way to accelerate the etherIP traffic to avoid the high utilization? Or is there any document about those packets which cannot be accelerated?