This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Gold
MVP Gold
Wednesday
Jump to solution

VXLAN - Perfomance optimation question

In the past, I noticed that VXLAN requires fast packet processing, as higher packet latency can cause problems.

VXLAN_dhglkdfgh.png

Therefore, I decided to enable SecureXL using the parameter sim_enable_vxlan = 1 (set the value of the SecureXL kernel parameter sim_enable_vxlan to one in the $PPKDIR/conf/simkern.conf) to speed up packet handling within the tunnel.
In addition, I enabled Fast Acceleration for these address ranges to ensure that traffic always uses the Fastpath.
I also created exclusions for IPS, Anti-Bot, and other similar blades for these network segments so that no traffic in these segments is inspected by those engines.

Are there any other optimization options to further improve VXLAN packet throughput through the firewall?

Info:
- R82 Gaia Administration Guide - Configuring VXLAN Interfaces 
- sk156672: SecureXL Fast Accelerator (fw fast_accel)
- sk170014: Virtual Extensible LAN (VXLAN) Configuration Guide

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
MVP Gold
MVP Gold
yesterday
Jump to solution

I found the reason why enabling SecureXL didn’t provide any performance benefit. The following SK explains that the UPPAK mode doesn’t support VXLAN. I’ve now switched SecureXL to KPPAK mode, and everything is working perfectly.

Software Releases for Quantum LightSpeed Appliances QLS / MLS and Quantum Force Appliances 9000, 190... 

UPPAK_645645.jpg

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

1 Reply
HeikoAnkenbrand
MVP Gold
MVP Gold
yesterday
Jump to solution

I found the reason why enabling SecureXL didn’t provide any performance benefit. The following SK explains that the UPPAK mode doesn’t support VXLAN. I’ve now switched SecureXL to KPPAK mode, and everything is working perfectly.

Software Releases for Quantum LightSpeed Appliances QLS / MLS and Quantum Force Appliances 9000, 190... 

UPPAK_645645.jpg

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events