This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Help
Highlighted
HeikoAnkenbrand
Ruby
‎2019-11-08 04:38 AM

R80.40 - Dynamic split of CoreXL

Jump to solution

 

What is new in R80.40 EA.

A new interesting function for performance tuning has been included in R80.40. Dynamic split of CoreXL changes the assignment of  CoreXL SND's and CoreXL firewall workers automatically without reboot.

How does this magic happens?
  • Adding and removing a CoreXL firewall worker
  • Adding and removing a CoreXL SND
  • Balance between CoreXL SND and CoreXL firewall worker
  • Work in ClusterXL environments
  • A reboot is not necessary

Pre-requisites:
  • GAIA 3.10 kernel (USFW/Kernel
  • only Check Point appliances with 8 cores or more
  • VSX is currently a limitation
  • currently supported on ClusterXL HA
  • currently VSLS is a limitation

How does it work?


Suppose we have two SND's and 6 CoreXL firewall workers. If no CoreXL SND's and CoreXL firewall workers are overloaded, nothing happens (picture 1).

Now, let's assume the CoreXL SNDs are overloaded (picture 2), a mathematical formula is used to calculate that a further CoreXL SND is added. In this case a CoreXL firewall worker 5 will not get any new connections (picture 3) and the connections are distributed to another CoreXL firewall worker for example to the CoreXL firewall worker 4. If there are no more connections running through this CoreXL firewall worker on core two, the core will be used for a new CoreXL SND instance (picture 4) . Now our appliance has three SND's and 5 CoreXL firewall workers.

It also works the other way round.

Picture 1 - nothing overloaded
DC1.JPG

Picture 2 - SND's overloaded
DC2.JPG

Picture 3 - CoreXL firewall worker stops the processing and distributes the connections.
DC3.JPG

 

Picture 4 - new SND is added
DC4.JPG

CLI Commands


In ClusterXL, you must configure all the Cluster Members in the same way. The dynamic_split command controls the Dynamic Split of CoreXL Firewall and SND instances on the local Security Gateway, or ClusterXL Member.

For more information, see R80.40 Performance Tuning Administration Guide - Chapter CoreXL.

Run these commands in the Expert mode

# dynamic_split

                            -o disable                 -> Disables the CoreXL Dynamic Split. Requires a reboot.
                            -o enable                  -> Enables the CoreXL Dynamic Split. Requires a reboot
                            -o start                      -> Starts the CoreXL Dynamic Split after it was stopped. This change survives the reboot-
                            -o stop                       -> Stops the CoreXL Dynamic Split. This change does not survive the reboot.
                            -p                                -> Show status

Copyright by Heiko Ankenbrand  1994-2020

Reply
1 Solution

Accepted Solutions
Highlighted
HeikoAnkenbrand
Ruby
‎2020-01-30 01:01 PM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

I did a cluster update to R80.40 today and have it enabled on with 16 core.

Unfortunately I cannot test it, because the cores only had a utilisation of about 10%:-)

In ClusterXL, you must configure all the Cluster Members in the same way. The dynamic_split command controls the Dynamic Split of CoreXL Firewall and SND instances on the local Security Gateway, or ClusterXL Member.

For more information, see R80.40 Performance Tuning Administration Guide - Chapter CoreXL.

Run these commands in the expert mode

# dynamic_split

                            -o disable                 -> Disables the CoreXL Dynamic Split. Requires a reboot.
                            -o enable                  -> Enables the CoreXL Dynamic Split. Requires a reboot
                            -o start                      -> Starts the CoreXL Dynamic Split after it was stopped. This change survives the reboot-
                            -o stop                       -> Stops the CoreXL Dynamic Split. This change does not survive the reboot.

                            -p                                -> Show status

 

View solution in original post

Tags (1)
Reply
11 Replies
Highlighted
HeikoAnkenbrand
Ruby
‎2019-11-11 08:25 AM

Re: R80.40 EA - Dynamic split of CoreXL

Jump to solution

A small update of the article with pictures.

Tags (1)
Reply
Highlighted
rolf
Iron
‎2019-11-13 12:56 AM

Re: R80.40 EA - Dynamic split of CoreXL

Jump to solution

Nice info!

0 Kudos
Reply
Highlighted
HeikoAnkenbrand
Ruby
‎2020-01-28 10:47 AM

Re: R80.40 EA - Dynamic split of CoreXL

Jump to solution

Update: CLI CommandsCLI CommandsCLI Commands

Reply
Highlighted
phlrnnr
Silver
‎2020-01-30 08:08 AM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

Is this enabled by default in R80.40?  Or does it have to be turned on?

0 Kudos
Reply
Highlighted
Ilya_Yusupov
Employee+
Employee+
‎2020-01-30 09:35 AM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

@phlrnnr  - It have to be turned on.

0 Kudos
Reply
Highlighted
HeikoAnkenbrand
Ruby
‎2020-01-30 01:01 PM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

I did a cluster update to R80.40 today and have it enabled on with 16 core.

Unfortunately I cannot test it, because the cores only had a utilisation of about 10%:-)

In ClusterXL, you must configure all the Cluster Members in the same way. The dynamic_split command controls the Dynamic Split of CoreXL Firewall and SND instances on the local Security Gateway, or ClusterXL Member.

For more information, see R80.40 Performance Tuning Administration Guide - Chapter CoreXL.

Run these commands in the expert mode

# dynamic_split

                            -o disable                 -> Disables the CoreXL Dynamic Split. Requires a reboot.
                            -o enable                  -> Enables the CoreXL Dynamic Split. Requires a reboot
                            -o start                      -> Starts the CoreXL Dynamic Split after it was stopped. This change survives the reboot-
                            -o stop                       -> Stops the CoreXL Dynamic Split. This change does not survive the reboot.

                            -p                                -> Show status

 

View solution in original post

Tags (1)
Reply
Highlighted
HeikoAnkenbrand
Ruby
‎2020-01-30 11:25 PM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

I added that to the original article.

0 Kudos
Reply
Highlighted
Florian_Winterb
Iron
‎2020-02-04 09:34 AM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

What are the correct steps?

first -> enable

second -> start

0 Kudos
Reply
Highlighted
Harry_Morgan
Iron
‎2020-02-05 09:16 AM

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

If this function is activated for r80.40 with 8 cores by default?

0 Kudos
Reply
Highlighted
HeikoAnkenbrand
Ruby
2 weeks ago

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

Yes, it is enabled with 8 and more cores by default.

Tags (1)
0 Kudos
Reply
Highlighted
HristoGrigorov
Platinum
2 weeks ago

Re: R80.40 - Dynamic split of CoreXL

Jump to solution

Any study on how efficient actually is this CoreXL split ? Also, do you know how often is current load evaluated and re-assignment made ?

0 Kudos
Reply