Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion
Jump to solution

R8x - Gateway Performance Metrics

 

Intruduction


In the last weeks I have been asked again and again how I can increase the performance of my Check Point gateway. Now comes my counter-question. What do you want to reach in Performance Tuning?

Therefore, I have created an overview of what the goal is!

Chapter

Moe interesting articles:

- R80.x Architecture and Performance Tuning - Link Collection
- Article list (Heiko Ankenbrand)

Performance Metrics


In principle, there are several performance metrics:

  • Throughput (Bandwidth)
  • Connection rate
  • Packet rate
  • Concurrent connections
  • Latency

There are standardized test procedures according to RFC for this:

 

Throughput

Connection rate

Packet rate

Concurrent connections

Latency

RFC

RFC3511 5.1.4.1

RFC3511 5.3.1

RFC3511 5.1.4.1

RFC3511 5.2.4.2

RFC2544 26.2

Units

Bit/s

Connections/s

Packets/s

Absolute number of connections

(m)s

Testing conditions

Large UDP

Small TCP

Small UDP

Small TCP

Small UDP

Bottleneck

Bus, Interfaces

CPU

CPU

Memory

Bus, Interfaces, CPU, Infrastructure

 

Throughput


Description: RFC3511 – 5.1.4.1

Throughput: Maximum offered load, expressed in either bits per second or packets per second, at which no packet loss is detected. The bits to be counted are in the IP packet (header plus payload); other fields, such as link-layer headers and trailers, MUST NOT be included in the measurement.

Units: Bits per second

Testing conditions for achieving best results: Large UDP

Bottleneck: Bus, interfaces

Connection Rate


Description: RFC3511 – 5.3.1

To determine the maximum TCP connection establishment rate through or with the DUT/SUT, as defined by RFC 2647 [1]. This test is intended to find the maximum rate the DUT/SUT can update its connection table.

Units: Connections per second

Testing conditions for achieving best results: Small TCP (HTTP 64B)

Bottleneck: CPU

Packet Rate


Description: RFC3511 – 5.1.4.1

Throughput: Maximum offered load, expressed in either bits per second or packets per second, at which no packet loss is detected. The bits to be counted are in the IP packet (header plus payload); other fields, such as link-layer headers and trailers, MUST NOT be included in the measurement.

Units: Packets per second

Testing conditions for achieving best results: Small UDP

Bottleneck: CPU

Conncurent Connections


Description: RFC3511 – 5.2.4.2

Maximum concurrent connections: Total number of TCP connections open for the last successful iteration performed in the search algorithm.

Units: Absolute number (amount)

Testing conditions for achieving best results: Small TCP (HTTP 64B)

Bottleneck: Memory

Latency


Description: RFC2544 – 26.2

The latency is timestamp B minus timestamp A as per the relevant definition from RFC 1242, namely latency as defined for store and forward devices or latency as defined for bit forwarding devices.

Units: (m)seconds

Testing conditions for achieving best results: Small UDP

Bottleneck: Interfaces, Infrastructure, CPU, Bus

Analysis of metrics

 

The analysis of the above mentioned parameters is very easy with the command cpview.

# cpview

cpview_2.jpg


On 41K, 44K, 61K, 64K or Maestro systems use:

# asg perf -v

perf_1.JPG

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Use an opern server and a client.

# iperv3 -s     > iperv server

# iperv3 -c <iperv server ip> -n 64          > iperv client for small tcp packets 

# iperv3 -c <iperv server ip> -u -n 64           > iperv client for small udp packets 

# iperv3 -c <iperv server ip> -u -n 1460          > iperv client for large udp packets 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

11 Replies
Mehmet_Gul
Explorer

There are tools that you can use to generate traffic to test the performance parameters?

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

I use iPerf for throughput testing.

Link: 
iperf.fr 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Julius_Dockward
Explorer

How can I use the iperv tool?

Are there any examples here?

HeikoAnkenbrand
Champion Champion
Champion

Use an opern server and a client.

# iperv3 -s     > iperv server

# iperv3 -c <iperv server ip> -n 64          > iperv client for small tcp packets 

# iperv3 -c <iperv server ip> -u -n 64           > iperv client for small udp packets 

# iperv3 -c <iperv server ip> -u -n 1460          > iperv client for large udp packets 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Ralph_Heckler
Participant

Great information.

0 Kudos
Hong_Ning
Participant

Hi @HeikoAnkenbrand 

we use 4 servers (2xclient and 2xserver)  for performance tests.

But we get only a throughput at 10 GBit/s interface from 3 GBit/s on the firewall on a open server HP DL 380 G9.  What could be the problem?

HeikoAnkenbrand
Champion Champion
Champion

3-4 GBit/s is normal. If you need more throughput, you should enable multi queueing in the first step.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion

More read here:
R80.x - Performance Tuning Tip - Multi Queue

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Maxi_Pertus
Explorer

Or enable more CoreXL instances!

h_hong
Explorer

I cannot find the iperv3 tool on the gateway.

0 Kudos
_Val_
Admin
Admin

Why do you need that on a GW in the first place? You use client to server connections through the GW to test performance.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events