Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Employee Employee
Employee

64 bit kernel on R80.10 VSX gateway

Just curious if someone has upgraded / installed VSX on R80.10. Checkpoint has long insisted that each VS will have 64 bit kernel meaning much desired increase in concurrent connections.

I looked at my box in staging are and it still shows 4GB memory on a VS!

This is not freshly built VSX but vsx_util upgraded and config pushed out from mgmt, so I wonder if someone has done fresh build or can shed some light on this?

12 Replies
Kaspars_Zibarts
Employee Employee
Employee

Sorry folks, I was too quick to post!

Matthias_Haas
Advisor

Hi Kaspars,

a problem we run in was the fact, that per default the VS are running in 32 bit mode on fresh installed R80.10 systems (even on a high end 23800/128 GByte RAM), This resulted in the ugly behavior that every couple of days/hours the Master was "frozen" (at least for one VS, sometimes the whole device) although the overall load was low. In the end it was clear, the addressable RAM by the 32 bit system was exhausted as we had > 400k sessions per VS.

Matthias

Michal_Gans
Contributor
Contributor

In last days we switched vs_bits in two independent environments and both times switch on primary node work fine but secondary node ends with network interface error (gaia was still accessible through console but not through network interface). Reboot solved the issue.

So be careful with this switch (if you don't have ilo or cron script to reboot appliance).

0 Kudos
PhoneBoy
Admin
Admin

As far as I know, 64-bit VS mode is not the default (at least in R80.10).

It must be enabled (and this requires a reboot).

0 Kudos
Manoj_Kumar3
Participant

I am running into the same situation that every two days master firewall freezes and observed latency/drop, until unless we will not failover the traffic, issue does not resolved. If anyone have same issue earlier and have any solution, please share your inputs. 

Will doing all vs to 64 bit issue resolved?

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

It may resolve all of it or some. It's hard to say without more information - what blades are you running on VSes, how loaded they are, how is affinity set up etc.

I wrote this piece for those who use VSX

Security Gateway Performance Optimization - VSX 

You need to do some investigation and provide your results here before we are able to help.

0 Kudos
Matthias_Haas
Advisor

Hi Manoj,

in our case, switching the VS to the 64 bit mode, solved the problem.

Matthias

0 Kudos
Manoj_Kumar3
Participant

Thanks Matthias,

Switching all VS to 64 bits seems positive for us, earlier we were facing single drop and latency on few packets at final stage of policy installation., but now it is just fine no drop no latency even in single packet. Also now we are not seeing any CPD keep_alive messages in cpwd.elg files. Let's monitor for few days.

Also thanks guys for wonderful sharing.

Manoj

Leandro_Nicolet
Contributor

I'm just about to upgrade one of our VSX gateways to R80.10 (from R77.30) running on a 12600.  Reading into the VS's running on 64bit, sounds like something I should build into the upgrade. Could someone please detail the steps required to enable the VS's to run at 64bit please.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Depends on your upgrade procedure. If you're using vsx_uitl reconfigure approach then straight after that step. Remember that you won't be able to synchronise connections in the cluster.

Alternatively do it day or two after upgrade once you know everything else is working as expected

0 Kudos
Leandro_Nicolet
Contributor

I'm planning on doing in-place upgrades on our VSX gateways from R77.30 to R80.10. I've done a single VSX gateway to date which when I look at it is still running in 32-bit mode. To do the upgrade I used 'vsx_util upgrade' procedure which worked fine.  I can arrange a small outage so keeping clusters synced isn't a necessity for me, so I could enable 64 bit after. How does one enable 64bit for the VS's after the upgrade ?

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Just run

vs_bits 64

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events