This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Authority
Authority
‎2017-09-08 05:06 AM

64 bit kernel on R80.10 VSX gateway

Just curious if someone has upgraded / installed VSX on R80.10. Checkpoint has long insisted that each VS will have 64 bit kernel meaning much desired increase in concurrent connections.

I looked at my box in staging are and it still shows 4GB memory on a VS!

This is not freshly built VSX but vsx_util upgraded and config pushed out from mgmt, so I wonder if someone has done fresh build or can shed some light on this?

12 Replies
Kaspars_Zibarts
Authority
Authority
‎2017-09-08 05:20 AM

Sorry folks, I was too quick to post!

Matthias_Haas
Advisor
‎2018-07-05 03:34 AM
In response to Kaspars_Zibarts

Hi Kaspars,

a problem we run in was the fact, that per default the VS are running in 32 bit mode on fresh installed R80.10 systems (even on a high end 23800/128 GByte RAM), This resulted in the ugly behavior that every couple of days/hours the Master was "frozen" (at least for one VS, sometimes the whole device) although the overall load was low. In the end it was clear, the addressable RAM by the 32 bit system was exhausted as we had > 400k sessions per VS.

Matthias

Michal_Gans
Contributor
‎2019-11-19 05:22 AM
In response to Kaspars_Zibarts

In last days we switched vs_bits in two independent environments and both times switch on primary node work fine but secondary node ends with network interface error (gaia was still accessible through console but not through network interface). Reboot solved the issue.

So be careful with this switch (if you don't have ilo or cron script to reboot appliance).

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-05 08:58 AM

As far as I know, 64-bit VS mode is not the default (at least in R80.10).

It must be enabled (and this requires a reboot).

0 Kudos
Manoj_Kumar3
Participant
‎2018-10-25 01:31 AM

I am running into the same situation that every two days master firewall freezes and observed latency/drop, until unless we will not failover the traffic, issue does not resolved. If anyone have same issue earlier and have any solution, please share your inputs. 

Will doing all vs to 64 bit issue resolved?

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2018-10-25 01:41 AM
In response to Manoj_Kumar3

It may resolve all of it or some. It's hard to say without more information - what blades are you running on VSes, how loaded they are, how is affinity set up etc.

I wrote this piece for those who use VSX

Security Gateway Performance Optimization - VSX 

You need to do some investigation and provide your results here before we are able to help.

0 Kudos
Matthias_Haas
Advisor
‎2018-10-25 01:43 AM
In response to Manoj_Kumar3

Hi Manoj,

in our case, switching the VS to the 64 bit mode, solved the problem.

Matthias

0 Kudos
Manoj_Kumar3
Participant
‎2018-10-28 10:45 PM
In response to Matthias_Haas

Thanks Matthias,

Switching all VS to 64 bits seems positive for us, earlier we were facing single drop and latency on few packets at final stage of policy installation., but now it is just fine no drop no latency even in single packet. Also now we are not seeing any CPD keep_alive messages in cpwd.elg files. Let's monitor for few days.

Also thanks guys for wonderful sharing.

Manoj

Leandro_Nicolet
Contributor
‎2018-10-26 12:12 AM

I'm just about to upgrade one of our VSX gateways to R80.10 (from R77.30) running on a 12600.  Reading into the VS's running on 64bit, sounds like something I should build into the upgrade. Could someone please detail the steps required to enable the VS's to run at 64bit please.

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2018-10-26 02:45 AM
In response to Leandro_Nicolet

Depends on your upgrade procedure. If you're using vsx_uitl reconfigure approach then straight after that step. Remember that you won't be able to synchronise connections in the cluster.

Alternatively do it day or two after upgrade once you know everything else is working as expected

0 Kudos
Leandro_Nicolet
Contributor
‎2018-11-01 01:29 AM
In response to Kaspars_Zibarts

I'm planning on doing in-place upgrades on our VSX gateways from R77.30 to R80.10. I've done a single VSX gateway to date which when I look at it is still running in 32-bit mode. To do the upgrade I used 'vsx_util upgrade' procedure which worked fine.  I can arrange a small outage so keeping clusters synced isn't a necessity for me, so I could enable 64 bit after. How does one enable 64bit for the VS's after the upgrade ?

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2018-11-01 02:03 AM
In response to Leandro_Nicolet

Just run

vs_bits 64