firewall scheme max-firewall packet-num

This command is supported in V600R007C20SPC500 and later versions.

Generally, when a firewall runs both traffic forwarded in ordinary ways and traffic that requires IAE identification, one-third of the CPU cores are allocated to the traffic forwarded in ordinary ways and two-thirds to the traffic that requires IAE identification. When there is a large amount of traffic forwarded in ordinary ways but a small amount of traffic that requires IAE identification on the device, traffic forwarded in ordinary ways can use only one-third of the CPU cores, which wastes CPU performance. In this case, you can run the firewall scheme max-firewall packet-num command to set the number of buffered packets to specify whether to allow the CPU cores used by the traffic forwarded in ordinary ways to be used for the IAE to identify traffic. When the number of packets identified by the IAE reaches the preset value, the CPU cores used for the traffic forwarded in ordinary ways are used by the IAE for traffic identification. If the value of this parameter is not reached, traffic forwarded in ordinary ways can occupy more than one-third of the CPU cores, achieving better forwarding performance.

If the traffic that needs to be identified by the IAE accounts for a small proportion of the traffic and the function needs to be enabled, you are advised to set this parameter to a value ranging from 1000 to 3000.

Running this command may affect the performance of IAE traffic identification. Therefore, exercise caution when running this command.