This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Durin
Contributor
‎2021-11-26 05:35 AM
Jump to solution

VSX Resource allocation

Hi

I have been trying to find info about VS resource allocation in a VSX VSLS cluster.

To be more specific, has every VS access to same resources (cpu/mem) on the VSX gateway ?

And how much can a VS use, all cores and max memory or is some resources spared for VS0 ?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2021-11-26 05:45 AM
Jump to solution

On a multi-core system, VSX is using CoreXL. Amount of cores per VS is set on per VS object. If total amount of cores for all VSs is higher than the number of FWK cores available on the system than yes, some VSs may share the same CPU core, or even several.  

You can check CPU allocation by running fw ctl affinily -l command.

Amount of FWKs depends on a number of physical cores on the platform, minus amount of SNDs. By default, in a system with 4 cores, just one of them is SND, with 6 to 20 cores - 2, with more than 20 cores, 4 of them are assigned to SND roles.

Now, for the memory. VSX is running in a User Space mode, meaning VSs are using the regular RAM and not kernel memory space. There is usually lots of memory available there. Memory usage depends on the size of the VS, or, in other words, on a maximum amount of connections VS is defined to handle. Also controllable from SmartConsole.

There is no reservation of resources, all VSs are equal, including VS0.

Now, why do you ask? Are you facing an actual issue?

View solution in original post

0 Kudos
11 Replies
_Val_
Admin
Admin
‎2021-11-26 05:45 AM
Jump to solution

On a multi-core system, VSX is using CoreXL. Amount of cores per VS is set on per VS object. If total amount of cores for all VSs is higher than the number of FWK cores available on the system than yes, some VSs may share the same CPU core, or even several.  

You can check CPU allocation by running fw ctl affinily -l command.

Amount of FWKs depends on a number of physical cores on the platform, minus amount of SNDs. By default, in a system with 4 cores, just one of them is SND, with 6 to 20 cores - 2, with more than 20 cores, 4 of them are assigned to SND roles.

Now, for the memory. VSX is running in a User Space mode, meaning VSs are using the regular RAM and not kernel memory space. There is usually lots of memory available there. Memory usage depends on the size of the VS, or, in other words, on a maximum amount of connections VS is defined to handle. Also controllable from SmartConsole.

There is no reservation of resources, all VSs are equal, including VS0.

Now, why do you ask? Are you facing an actual issue?

0 Kudos
Durin
Contributor
‎2021-11-26 05:54 AM
In response to _Val_
Jump to solution

Hi,

Thanks for reply.

So for each VS the resource is controlled by using corexl (in that perticular VS context?)

The reason i am asking is because one VS is running IPS, and now it seems it has used more cpu than it had available so it was bypassed.

 

 

0 Kudos
_Val_
Admin
Admin
‎2021-11-26 05:56 AM
In response to Durin
Jump to solution

Correct. I suspect that VS is running just a single core. Add more 🙂

Magnus-Holmberg
Advisor
‎2021-11-26 07:09 AM
In response to Durin
Jump to solution

add more "vs instances" aka cores 😄 , when it comes to vsx you also need to keep track of the connections 🙂

https://www.youtube.com/c/MagnusHolmberg-NetSec
genisis__
Leader Leader
Leader
‎2021-11-27 01:25 AM
In response to Don_Paterson
Jump to solution

Don - is there a way to monitor the memory utilisation on a per VS basis using SNMP v3? 

0 Kudos
genisis__
Leader Leader
Leader
‎2021-11-28 02:17 PM
In response to Don_Paterson
Jump to solution

Thanks Don,

Unable to access:
https://dl3.checkpoint.com/paid/3a/3a7f7303d86eaabace8923ad195f017f/chkpnt.mib?HashKey=1638127098_c9...

 

I'll take a look at the other links, been many years since you where my SE 😉

0 Kudos
_Val_
Admin
Admin
‎2021-11-29 01:48 AM
In response to genisis__
Jump to solution

Me neither, and I have all the rights 🙂

Something is wrong with the link.

0 Kudos
Don_Paterson
Advisor
Advisor
‎2021-11-30 11:00 AM
In response to genisis__
Jump to solution

Cool.

It is the R81 Product MIB (.mib) file from SK90470

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Sorry, I assumed the link would work.

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d... 

Probably should've posted that link (the download link)

 

ProductMIBsSK90470.png

 

0 Kudos
genisis__
Leader Leader
Leader
‎2021-11-30 01:35 PM
In response to Don_Paterson
Jump to solution

Thanks Don.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events