Solved: R80.40 - new interesting commands

HeikoAnkenbrand · ‎2019-12-13

This overview describes new CLI commands in R80.40.

HeikoAnkenbrand · ‎2019-12-15

Shows the ClusterXL multi-version state:

# cphaprob mvc

Shows SW version match for all cluster members

# cphaprob release

View solution in original post

HeikoAnkenbrand · ‎2019-12-13

The multi queueing configuration works slightly different than the previous versions or in old 3.10 kernel GAIA versions. A new CLI command was implemented for this purpose:

# mq_mng

Multiqueue configuration optional arguments:
-h, --help                                  show this help message and exit
-s {off,auto,manual},               --set-mode {off,auto,manual}
                                                    Configure Multiqueue mode. Either off or auto/manual [default = auto].
                                                    Note: this may cause short packet loss
-i [ ...], --interface [ ...]             Interfaces list [default = all]. Whitespace delimiter.
-c [ ...], --core [ ...]                    CPU cores list (should be at least 2). Whitespace delimiter.
-r, --reconf                                 Apply current Multiqueue policy
-o, --show                                  Show Multiqueue status for specific or all interfaces
-v, --verbosity                            Verbose status
-a                                                 Show all interfaces
--show                                        Show Multiqueue configuration. Add -v/-vv for additional data

Note:
Any Multiqueue configuration may cause a temporary packet loss due to NIC reset.

Examples:

Set automaic affinity eth1 and eth2

Set manual affinity to CPU cores 0, 6 , 7, 8 on all interfaces

HeikoAnkenbrand · ‎2019-12-13

It is now possible to enable and disable SecureXL interface for acceleration.

Set or clear the non-accelerated flag an interface:

Enables or disables SecureXL acceleration for the given interface(s)

# fwaccel nonaccel

-s disable acceleration
-c enable acceleration

Example:

Disable acceleration for interface eth1

Enable acceleration for interface eth1:

HeikoAnkenbrand · ‎2019-12-15

Shows the ClusterXL multi-version state:

# cphaprob mvc

Shows SW version match for all cluster members

# cphaprob release

View solution in original post

RickLin · ‎2020-02-12

The Multi-Version Cluster(MVC) Upgrade replaced the Connectivity Upgrade(CU).

HeikoAnkenbrand · ‎2020-01-28

A new interesting function for performance tuning has been included in R80.40. Dynamic split of CoreXL changes the assignment of CoreXL SND's and CoreXL firewall workers automatically without reboot.

In ClusterXL, you must configure all the Cluster Members in the same way. The dynamic_split command controls the Dynamic Split of CoreXL Firewall and SND instances on the local Security Gateway, or ClusterXL Member.

For more information, see R80.40 Performance Tuning Administration Guide - Chapter CoreXL or see R80.x - Performance Tuning Tip - Dynamic split of CoreXL in R80.40.

Run these commands in the Expert mode

# dynamic_split

                            -o disable                 -> Disables the CoreXL Dynamic Split. Requires a reboot.
                            -o enable                  -> Enables the CoreXL Dynamic Split. Requires a reboot
                            -o start                      -> Starts the CoreXL Dynamic Split after it was stopped. This change survives the reboot-
                            -o stop                       -> Stops the CoreXL Dynamic Split. This change does not survive the reboot.

HeikoAnkenbrand · ‎2020-02-09

The new upgrade mechanism will be executed when upgrading from R80.20, R80.20.Mx and R80.30 to R80.40 and to any future version.

# migrate_server

New:

- automatically downloaded as upgrade packages from the Download Center

- using CPUSE, the report is available by clicking --> “To see a detailed upgrade report”