CPU Utilization Question

KevinA · ‎2020-08-14

Hi,

I have a CP n00b question about the CPU utilization on an open server.

We are running R80.30 take 215 with 2 interfaces and 4vCPU's.

The server has 8GB of RAM and is a stand alone deployment.

I can only see one CPU being utilized a frequently and the other 03 not so much..

Is this normal?

We are licenses for 08 cores but have only 04 installed

[Expert@FP-CP-VM:0]# fw ctl get int fwlic_num_of_allowed_cores
fwlic_num_of_allowed_cores = 8
[Expert@FP-CP-VM:0]#

[Expert@FP-CP-VM:0]# fw ctl multik stat
ID | Active | CPU | Connections | Peak
----------------------------------------------
0 | Yes | 3 | 53 | 718
1 | Yes | 2 | 76 | 291
2 | Yes | 1 | 86 | 527
3 | Yes | 0 | 60 | 267
[Expert@FP-CP-VM:0]#

[Expert@FP-CP-VM:0]# cpconfig
This program will let you re-configure
your Check Point products configuration.

Configuration Options:
----------------------
(1) Licenses and contracts
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) PKCS#11 Token
(6) Random Pool
(7) Certificate Authority
(8) Certificate's Fingerprint
(9) Check Point CoreXL
(10) Automatic start of Check Point Products

(11) Exit

Enter your choice (1-11) :9

Configuring Check Point CoreXL...
=================================

CoreXL is currently enabled with 4 IPv4 firewall instances.

(1) Change the number of firewall instances
(2) Disable Check Point CoreXL

(3) Exit
Enter your choice (1-3) :

FP-CP-VM> fw ctl multik dynamic_dispatching get_mode
Current mode is On
FP-CP-VM>

Is this something to worry about or is this normal?

Do i need to tweak anything to optimize?

Should the number of FW instances be 03 or 04?

Thanks,

Kevin

PhoneBoy · ‎2020-08-14

Four firewall instances on a four core box doesn’t sound right, it should be either three or two.
That might explain why one core is getting used more than it should.

Timothy_Hall · ‎2020-08-15

For a 4-core box the default number of worker instances is 3, with the remaining core allocated as a SND (Secure Network Dispatcher). Normally this default split config will be sufficient for the typical traffic loads, but having 4 worker instances is making the single SND core pull double duty also as a Firewall Worker (worker instance) thus the higher CPU load. If however you don't have a large number of features/blades enabled (command enabled_blades) and the percentage of accelerated traffic (Accelerated pkts/sec in output of fwaccel stats -s) is >75% you will probably want to only allocate 2 kernel instances for a 2/2 split.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

KevinA · ‎2020-08-15

So should i drop down for a 2/2 split?

#Enabled Blades

[Expert@FP-CP-VM:0]# enabled_blades
fw vpn urlf appi identityServer SSL_INSPECT vpn
[Expert@FP-CP-VM:0]#

#fwaccel stats

[Expert@FP-CP-VM:0]# fwaccel stats -s
Accelerated conns/Total conns : 0/230 (0%)
Accelerated pkts/Total pkts : 4794395/16661842 (28%)
F2Fed pkts/Total pkts : 7177409/16661842 (43%)
F2V pkts/Total pkts: 191670/16661842 (1%)
CPASXL pkts/Total pkts : 3680714/16661842 (22%)
PSLXL pkts/Total pkts : 1009324/16661842 (6%)
QOS inbound pkts/Total pkts : 0/16661842 (0%)
QOS outbound pkts/Total pkts : 0/16661842 (0%)
Corrected pkts/Total pkts : 0/16661842 (0%)
[Expert@FP-CP-VM:0]#

Timothy_Hall · ‎2020-08-16

Given what you have provided, in my opinion no. Allocate 3 instances to obtain the default 1/3 split for a 4-core box.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

KevinA · ‎2020-08-18

Thanks Timothy, have made that change and monitoring

Are you a member of CheckMates?

CPU Utilization Question