Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend

Maestro and Dynamic Balancing (Dynamic Split)

According to sk164155, Dynamic Balancing (Dynamic Split) is not supported with Maestro Deployments. Will this limitation be resolved in future versions ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
5 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @G_W_Albrecht 

Unfortunately this does not work with Maestro. There is currently no synchronization between the Maestro gateways to control the dynamic distribution of CoreXL and SecureXL. This is not necessarily interesting from a performance point of view, as we do not know exactly which connection runs over which gateway. For example, elephant flows may cause different utilization of the gateways. Therefore the distribution between SND's and CoreXL should be different.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
G_W_Albrecht
Legend Legend
Legend

Maestro distributes the traffic - so would Dynamic Balancing (Dynamic Split) per GW not make much sense even locally without sync? This limitation takes us back a step i assume...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
_Val_
Admin
Admin

I hope you do realize, Maestro is much more effective in addressing performance issues than DS 🙂

G_W_Albrecht
Legend Legend
Legend

I just wanted to hear that Maestro solves this challenge in a different, more effective way 😎 I was not able to find tech details from Maestro concerning CoreXL...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
_Val_
Admin
Admin

@G_W_Albrecht let me rephrase 🙂

Dynamic Split is designed to overcome an ineffectiveness of static SND/FWK split in the conditions of fast changing traffic. The challenge raises from the two-fold:

  • You use a single appliance running Active.
  • SND/FWK split is set manually and cannot be changed without reboot in 2.6 kernel environment.

Dynamic Split then allows avoiding situation where either SNDs or FWKs are overwhelmed, by balancing CPU load with changing roles, as needed. 

Maestro can leverage the whole stack of appliances, effectively having SND/FWK numbers multiplied by the amount of available machines. Balances processing on two layers: per machine with SXL and PXL, between SDKs and FWKs, and between the different physical boxes. 

Thank means, it is much less likely that we face the classic DS challenge in Maestro environment, just because we have many more CPUs for both roles.

This is pretty clear for you, I believe, so I am just writing it down for other readers of this thread. 

Now, when it comes to heavy connections, a single connection cannot be split between several CPUs anyway, so it remains a challenge. AFAIK, R&D is trying to address a situation when multiple heavy connections could be set on different cores, but I do not have details or ETA to share at this point. 

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

 
Upcoming Maestro Events