A company is migrating its legacy firewall services to a virtualized environment using Cisco NFV. The network engineer deploys a virtual firewall (vFW) on an NFVIS-enabled UCS platform. After the deployment, traffic through the vFW is intermittent and performance monitoring shows high CPU usage on the host. Which action should the engineer take to improve performance?
Trap 1: Increase the number of vCPUs allocated to the vFW VM.
Incorrect because more vCPUs do not solve the hypervisor switching bottleneck; SR-IOV is needed.
Trap 2: Configure QoS policies on the vFW to prioritize traffic.
Incorrect because QoS manages bandwidth allocation, not CPU utilization or packet processing efficiency.
Trap 3: Disable hyperthreading on the host CPU.
Incorrect because disabling hyperthreading typically reduces parallel processing capability, worsening performance.
- A
Enable SR-IOV on the physical NICs and assign VFs to the vFW.
Correct because SR-IOV allows the vFW to directly access the physical NIC, reducing CPU overhead and improving throughput.
- B
Increase the number of vCPUs allocated to the vFW VM.
Why wrong: Incorrect because more vCPUs do not solve the hypervisor switching bottleneck; SR-IOV is needed.
- C
Configure QoS policies on the vFW to prioritize traffic.
Why wrong: Incorrect because QoS manages bandwidth allocation, not CPU utilization or packet processing efficiency.
- D
Disable hyperthreading on the host CPU.
Why wrong: Incorrect because disabling hyperthreading typically reduces parallel processing capability, worsening performance.