cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

one CPU kernel instance support how may interface

May i know one CPU kernel instance support how many Interface, if there is a limit?

i have VM firewall, this VM firewall only support 10 VNIC, so I can't test it, 

gw1> fw ctl affinity -a -v -l
Interface eth3 (irq 91): CPU 0
Interface eth6 (irq 99): CPU 0
Interface eth0 (irq 107): CPU 0
Interface eth4 (irq 115): CPU 0
Interface eth7 (irq 123): CPU 0
Interface eth1 (irq 139): CPU 0
Interface eth5 (irq 147): CPU 0
Interface eth8 (irq 155): CPU 0
Interface eth2 (irq 171): CPU 0
Interface eth9 (irq 179): CPU 0
Kernel fw_0: CPU 1
Kernel fw_1: CPU 0
Daemon fwd: CPU all
Daemon in.asessiond: CPU all
Daemon mpdaemon: CPU all
Daemon cpd: CPU all
Daemon cprid: CPU all

Tags (1)
0 Kudos
1 Reply

Re: one CPU kernel instance support how may interface

No hard limit that I am aware of, but a "soft" limit could be inability of the single SND/IRQ core to empty the ring buffers of so many interfaces in a timely fashion, leading to RX-DRPs as shown by netstat -ni.  Also assuming that SecureXL is enabled, automatic interface affinity will spread out SoftIRQ handling across the 2/2 split (2 physical cores) in your situation but only if there is enough traffic to justify doing so.  All SoftIRQ processing starts on CPU 0 and can then be moved around as traffic warrants, looks like in your lab setup there is not enough traffic present for any SoftIRQ processing to get moved off CPU 0.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos