Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Drops on interface with high CPU

Jump to solution

Hardware: 25400

20 cores with 6/14 split.

OS: GAIA R77.30 T216

Uptime: Over 18 months

Bandwidth (typical): 500 Mbps

Concurrent connections: About 18K

Packets/Sec: Under 500K

RX ring-size on interface: 512

 

One 10g (non-bonded) interface has started dropping packets recently. This is tied to CPU core 1, that is running between 75 to 95%. Interface is showing RX drops constantly.

No other errors noticed. zdebug does not show any drops. SecureXL is accelerating 98% packets.

 

Question: This firewall should not be dropping packets, I do not see any reason. As a first step, I would like to reboot the firewall. Any one in support of this? Anyone suggests increasing buffer size on interface?

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Champion
Champion

You almost certainly need to enable Multi Queue on the interface, seems like you have enough SND/IRQ cores.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
6 Replies
Highlighted
Contributor
Forgot to mention that the attached Cisco switch is showing no errors at all, all clean.
0 Kudos
Highlighted
Contributor

Correction: Hardware is 23500

Question: In the existing 6/14 split, would you recommend adding more SND cores before enabling MQ?

Any changes to SIM affinity, leaving it automatic ok?

0 Kudos
Highlighted
Authority
Authority

You would have to look at the load on all CPUs and then make a call - if you need more SXL or FWK cores. Or leave it as is

0 Kudos
Highlighted
Champion
Champion

You almost certainly need to enable Multi Queue on the interface, seems like you have enough SND/IRQ cores.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
Highlighted
Authority
Authority
Definitely, 1 core will struggle with 10Gbps interface from our experience
0 Kudos
Highlighted

As stated before, you should enable MultiQ on that interface. If you are still seeing errors on the interfaces you may need to liberate the cores assigned to MultiQ.

Regards,

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos