Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sorin_Gogean
Advisor

Jumbo Frames recomandation

Hello,


We're looking into the benefits of enabling Jumbo Frames on our CKP GW's .
As on the hardware 15000 series (15600 and 15400) we upgraded to 10Gb bond interfaces to the DC LAN side and on DC LAN we support Jumbo Frames, we were wondering if it would worth it to have the 10G interfaces with 9K MTU (currently they are with 1.5K MTU) .
SK's were not clarifying it for us 🙂 .

Thank you,

PS: As OS we're with R80.30 and R80.40 and we're looking to migrate to R81 in Q1 2022 .

0 Kudos
4 Replies
Ruan_Kotze
Advisor

In a previous life I was a storage admin, and we typically saw between 5 and 10% increase in NFS and iSCSI performance when enabled.  Despite this we made a standards decision to just use 1500 MTU due to the catastrophic effects on performance if any device in the chain got configured incorrectly. 

Obviously on a firewall it's different, MTU mismatches might not have the catastrophic effect on performance but the resultant fragmentation and re-assembly will still cause overheads.

That 1500 MTU habit stuck by me until today - I would be very interested to see what the community does.

0 Kudos
the_rock
Legend
Legend

Put it this way...

 

larger MTU means that more data fits into fewer packets, which generally allows for faster and more efficient transmission. However, if a communications error occurs, the packet takes longer to re-transmit. Since larger packets are more prone to corruption and delays, a smaller MTU can improve network latency.

the_rock
Legend
Legend

Just to add to my last comment, but again, this is simply my personal opinion (take it with a grain of salt if you will, I been wrong many times before : ))...I always find that setting lower MTU works better. Yes, there will be more packets flowing through, but less chances for latency.

0 Kudos
Sorin_Gogean
Advisor

Thank you for sharing your thoughts, the reason I'm asking, is because we started to use the 10G connections for all the traffic that passes over the firewall, and since we can support it on the Switch side, and we started to enable it on other devices (ex F5), we were analyzing the possibility to enable it on the CheckPoint too. By doing that, if we would have some internal servers that would want to talk with the DMZ servers, and both sides would have Jumbo Frames enabled, then they would be able to negotiate higher MTU's end to end.
We'll run some tests in the lab with similar boxes, and see what we are gaining .

Thank you,

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events