This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ascoyne
Contributor
‎2024-01-18 01:35 AM
Jump to solution

What amount of swap file usage is reasonable / expected?

We run two 6000 appliances in HA that are running R81.20.

We monitor with SolarWinds and see the swap file usage on the Active gateway gradually creep up.  Eventually, we have to failover to the Standby gateway as we start to get remote VPN users unable to connect and performance issues.

What should the expected use of a swap file be?

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
MVP Gold
MVP Gold
‎2024-01-22 06:25 AM
Jump to solution

I'd agree with @Bob_Zimmerman that ideally swap space used on a gateway should be zero, which means the gateway has no need for paging and swapping at all which maximizes efficiency.  However there can be transient situations (such as a policy install & connection rematch) that consume enough memory for temporary allocation of swap space to occur.   But in my experience once some swap space is allocated, Gaia/Linux doesn't release it until reboot even if there is now plenty of available memory.  This can be easily seen with commands such as free -m

My own personal rule of thumb is that if allocated swap space is more than 5% of total memory (i.e. for 32GB total RAM swap space allocated is 1.6GB) you should probably get some more RAM for your gateway unless a memory leak is present, in which case eventually no amount of RAM will save you.  sk35496: Memory leak detection procedure for a Security Gateway with Gaia OS

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

View solution in original post

(1)
7 Replies
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2024-01-18 02:17 AM
Jump to solution

My simple Rule of thumb is what we use for monitoring at the moment:

Any swap usage 0ver 1 GB is cause for concern (WARNING). Any swap usage over 2 GB is cause for grave concern (CRITICAL).

 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-01-18 11:14 AM
In response to Hugo_vd_Kooij
Jump to solution

I would go a little further. To me, any swapping is cause for a warning. RAM is cheap. Just add more.

I don't know what processor the 6700 uses. The 6600 definitely uses an i5-9500E, and the 6800 definitely uses a Xeon E5-2640 v4. If it's consumer-grade (i5 or i7), it's probably officially limited to 32 GB and non-ECC. It remains a source of amusement to me that the 3100 and 3200 support up to 64 GB with ECC, and the 3600 and 3800 support up to 256 GB with ECC, but most of the much-more-expensive 5000 and 6000 series boxes have much lower RAM limits.

Oliver_Fink
Advisor
Advisor
‎2024-01-22 07:38 AM
In response to Bob_Zimmerman
Jump to solution

Just from a very bad experience: On VSX swapping is deadly. Got that problem when migrating from 80.30 to 81.10, where memory consumption was higher than before: same configuration, more memory needed. Suddenly, memory was too small. Not to mention the memory leak we had in the beginning.

Consequence: The VSX cluster became quite unresponsive, sessions were interrupted. 😕

Need to mention: The 15600s still have rotating rust instead of SSD.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-01-18 09:47 PM
Jump to solution

Which model of 6000 appliance do you have and what is the current RAM population?

CCSM R77/R80/ELITE
0 Kudos
ascoyne
Contributor
‎2024-01-19 12:22 AM
In response to Chris_Atkinson
Jump to solution

We have 6700 appliances.  16GB RAM.  Running R81.20 JHF Take 26.  

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-01-19 02:39 AM
In response to ascoyne
Jump to solution

This appliance model can have up to 32GB which may be appropriate depending on your combination of traffic volume / enabled blades.

It may also be helpful to check the Jumbo documentation in case there are relevant memory optimization or memory leak fixes in more recent takes etc

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2024-01-22 06:25 AM
Jump to solution

I'd agree with @Bob_Zimmerman that ideally swap space used on a gateway should be zero, which means the gateway has no need for paging and swapping at all which maximizes efficiency.  However there can be transient situations (such as a policy install & connection rematch) that consume enough memory for temporary allocation of swap space to occur.   But in my experience once some swap space is allocated, Gaia/Linux doesn't release it until reboot even if there is now plenty of available memory.  This can be easily seen with commands such as free -m

My own personal rule of thumb is that if allocated swap space is more than 5% of total memory (i.e. for 32GB total RAM swap space allocated is 1.6GB) you should probably get some more RAM for your gateway unless a memory leak is present, in which case eventually no amount of RAM will save you.  sk35496: Memory leak detection procedure for a Security Gateway with Gaia OS

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events