This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jcdias
Participant
2 weeks ago
Jump to solution

Memory cache usage on 16200 appliance – expected behavior?

Hi everyone,

I’m running a Check Point 16200 appliance and noticed that the memory cache has grown from around 31GB to 74GB over the past 3 months. The system has 128GB of RAM.

Most of the memory usage comes from fwk processes, which I assume is normal given the active blades.

Is this cache growth considered normal behavior in Gaia OS over time?

I’m attaching a memory monitoring graph for reference.

Thanks in advance!


PS AUX

ps aux -sort=%mem | head -n 10
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
admin     94261  101  2.2 4069944 2997472 ?     S<Ll May10 189348:59 fwk
admin     94260  7.4  2.0 3824720 2729596 ?     S<Ll May10 13986:45 fwk
admin     94258  2.6  1.9 3650852 2553348 ?     S<Ll May10 4999:42 fwk
admin     94259 46.8  1.0 2476156 1381728 ?     S<Ll May10 87775:36 fwk
admin     94264  2.1  0.9 2305432 1204688 ?     S<Ll May10 4104:42 fwk
admin     94265  6.3  0.9 2277500 1191192 ?     S<Ll May10 11972:38 fwk
admin     94262 10.7  0.9 2267852 1180196 ?     S<Ll May10 20073:20 fwk
admin     68053  0.0  0.3 447812 421192 ?       SLs  May10   0:00 fwk_forker
admin     64700  0.2  0.3 413800 409380 ?       Ss   May10 474:10 /bin/monitord

Addtional info about the appliance:

>cpinfo -y all

This is Check Point CPinfo Build 914000250 for GAIA

[MGMT]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 92
[IDA]
No hotfixes..
[CPFC]
HOTFIX_TEX_ENGINE_R8120_AUTOUPDATE
[FW1]
HOTFIX_INEXT_NANO_EGG_AUTOUPDATE
HOTFIX_TEX_ENGINE_R8120_AUTOUPDATE
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 92
HOTFIX_GOT_TPCONF_AUTOUPDATE
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 043
kernel: R81.20 - Build 050

Preview file
63 KB
0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
2 weeks ago
In response to jcdias
Jump to solution

This is your answer:

Virtual System Capacity Summary:
Physical memory used: 13% (14377 MB out of 108837 MB) - below watermark
Kernel memory used: 2% (3072 MB out of 108837 MB) - below watermark
Virtual memory used: 0% (312 MB out of 108837 MB) - below watermark
Used: 312 MB by FW, 1152 MB by zeco
Concurrent Connections: 0% (80 out of 14900) - below watermark
Aggressive Aging is enabled, not active

Kernel memory (kmem) statistics:
Total memory bytes used: 90688610 peak: 92443450
Allocations: 1552939106 alloc, 0 failed alloc
1298515489 free, 0 failed free

 

You are doing just fine on RAM, no swaps, no high watermarks

View solution in original post

(1)
13 Replies
Chris_Atkinson
Employee Employee
Employee
2 weeks ago
Jump to solution

I'd say normal yes and somewhat dependent on how busy the gateway / environment.

Per sk32206 the Cache becomes available for reuse if the system needs to free memory so typically doesn't indicate a problem.

How much traffic does the gateway handle and which blades are active?

For what it's worth there are fixes to various memory conditions in newer JHF takes higher than T92.

 

CCSM R77/R80/ELITE
the_rock
MVP Gold
MVP Gold
2 weeks ago
Jump to solution

I know customer that runs one of those on R81.20 jumbo 113, have not heard any issues. They also have 128 GB of ram.

Andy

G_W_Albrecht
MVP Silver
MVP Silver
2 weeks ago
Jump to solution

Recommended is Jumbo Take 113

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
_Val_
Admin
Admin
2 weeks ago
Jump to solution

Can you share the output of "fw ctl pstat"

jcdias
Participant
2 weeks ago
In response to _Val_
Jump to solution

fw ctl pstat

Virtual System Capacity Summary:
Physical memory used: 13% (14377 MB out of 108837 MB) - below watermark
Kernel memory used: 2% (3072 MB out of 108837 MB) - below watermark
Virtual memory used: 0% (312 MB out of 108837 MB) - below watermark
Used: 312 MB by FW, 1152 MB by zeco
Concurrent Connections: 0% (80 out of 14900) - below watermark
Aggressive Aging is enabled, not active

Kernel memory (kmem) statistics:
Total memory bytes used: 90688610 peak: 92443450
Allocations: 1552939106 alloc, 0 failed alloc
1298515489 free, 0 failed free

Cookies:
767363283 total, 0 alloc, 0 free,
0 dup, 393489414 get, 1442259318 put,
1305907202 len, 4713314 cached len, 0 chain alloc,
0 chain free

Connections:
5220704 total, 2707474 TCP, 1780518 UDP, 732696 ICMP,
16 other, 0 anticipated, 4 recovered, 80 concurrent,
430 peak concurrent

Fragments:
258852 fragments, 129426 packets, 0 expired, 0 short,
0 large, 0 duplicates, 0 failures

NAT:
1171909070/0 forw, 267851060/0 bckw, 1435676828 tcpudp,
4083267 icmp, 869311-868742 alloc

Sync: Run "cphaprob syncstat" for cluster sync statistics.

 

0 Kudos
_Val_
Admin
Admin
2 weeks ago
In response to jcdias
Jump to solution

This is your answer:

Virtual System Capacity Summary:
Physical memory used: 13% (14377 MB out of 108837 MB) - below watermark
Kernel memory used: 2% (3072 MB out of 108837 MB) - below watermark
Virtual memory used: 0% (312 MB out of 108837 MB) - below watermark
Used: 312 MB by FW, 1152 MB by zeco
Concurrent Connections: 0% (80 out of 14900) - below watermark
Aggressive Aging is enabled, not active

Kernel memory (kmem) statistics:
Total memory bytes used: 90688610 peak: 92443450
Allocations: 1552939106 alloc, 0 failed alloc
1298515489 free, 0 failed free

 

You are doing just fine on RAM, no swaps, no high watermarks

(1)
the_rock
MVP Gold
MVP Gold
2 weeks ago
In response to jcdias
Jump to solution

If I were you, I would set connections limit to automatic in smart console fw object.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
2 weeks ago
In response to the_rock
Jump to solution

Suspect this is a VSX gateway where this isn't possible.

CCSM R77/R80/ELITE
the_rock
MVP Gold
MVP Gold
2 weeks ago
In response to Chris_Atkinson
Jump to solution

I always forget the fact you cant do that on vsg gateway...my bad Chris. 

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold
2 weeks ago
Jump to solution

Also, can you share what it shows for below commands?

free -g

cpview (look for memory stats)

top

Andy

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
2 weeks ago
In response to the_rock
Jump to solution

Specifically, in 'free -g' (I personally prefer 'free -h', but it does take more thought to interpret), the most important numbers are the Mem row's available, and the Swap row's used.

Free RAM is wasted RAM, so Linux caches stuff. A healthy Linux system should have around 100-200 MB of free RAM, much more available RAM, and no swap being used.

_Val_
Admin
Admin
2 weeks ago
In response to Bob_Zimmerman
Jump to solution

Exactly that, OS lists lots of RAM not free, but also does not use it much

0 Kudos
jcdias
Participant
2 weeks ago
Jump to solution

Thanks for the help guys

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events