Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BenjaminXu
Employee Alumnus
Employee Alumnus
Jump to solution

how many percentage of performance degradations

if enable VSX on security gateway or Maestro architecture, how many percentage of performance degradations?

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion


Small addendum:

For example, if you have 20 VS, there are 20 instances of this fwk0_dev_x process.

A calculation sample for the utilization of VS process fwk0_dev_X:

                                  max_CoreXL_number     max_CoreXL_number
fwkX_dev_0   =        ∑ fwkX_0                         + ∑ fwkX_dev_0 +                     fwk0_kissd +                 fwk0_hp
                                  x=0                                      x=0

- fwk0_X -> fw instance thread that takes care for the packet processing
- fwk0_dev_X -> the thread that takes care for communication between fw instances and other CP daemons
- fwk0_kissd -> legacy Kernel Infrastructure (obsolete)
- fwk0_hp -> (high priority) cluster thread

More read here:
- R8x - Performance Tuning Tip – User Mode Firewall vs. Kernel Mode Firewall  

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

0 Kudos
7 Replies
HeikoAnkenbrand
Champion Champion
Champion

It depends on which blades you activate in the vs. You can't really make a general statement.

For the VS own VSX processes I see in practice about 1%-3% pervormance loss per instance.

If you use a large applinace, e.g. a 26000, this should not be a problem.

If you use a large applinace, e.g. a 26000, this should not be a problem.

For example, with 48 cores (48*100% = 4800% CPU performance) and 20 VS (2%*20 VS = 40% CPU performance) you lose 40% of 4800%. Is normally no problem.

It is similar with Maestro.


➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion


Small addendum:

For example, if you have 20 VS, there are 20 instances of this fwk0_dev_x process.

A calculation sample for the utilization of VS process fwk0_dev_X:

                                  max_CoreXL_number     max_CoreXL_number
fwkX_dev_0   =        ∑ fwkX_0                         + ∑ fwkX_dev_0 +                     fwk0_kissd +                 fwk0_hp
                                  x=0                                      x=0

- fwk0_X -> fw instance thread that takes care for the packet processing
- fwk0_dev_X -> the thread that takes care for communication between fw instances and other CP daemons
- fwk0_kissd -> legacy Kernel Infrastructure (obsolete)
- fwk0_hp -> (high priority) cluster thread

More read here:
- R8x - Performance Tuning Tip – User Mode Firewall vs. Kernel Mode Firewall  

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
the_rock
Legend
Legend

Link @HeikoAnkenbrand sent is 100% your best reference. Not sure if you guys have anything better over there internally, but this is pretty good.

Cheers,

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As a guide ~12% overhead for VSX itself then the rest is very much configuration & version dependent.

CCSM R77/R80/ELITE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

This is a VSX environment in the LAB with 2 VS instances and without blades enabled. At the moment, no traffic is going through the VS instancen.

I think each VS uses about 2% CPU performance when idle.
VSX_1_543543543.jpg

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(1)
the_rock
Legend
Legend

I actually spun up VSX in the lab today and saw pretty much the same thing. I gave it 32 GB of ram and also 2 VSs and shows 4% utilization. Not sure if yours was R81.20, but thats what I created.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

I used R81.20 for the test.

With
-> R80.40 approx. 4%
-> R81.10 approx. 3%
per VS instance.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events