This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jerry
Mentor
Mentor
‎2023-07-03 11:55 PM

MDS R81.10 issues - 30 CMA's, 40 CORE CPU VM

hi guys, got another but related one for you all here:

anyone understand those hostname claims by the HCL/CCC?anyone understand those hostname claims by the HCL/CCC?

1. if MDS in HA runs on VMWare, should you NOT or should you DO the Hyper treading for the CPU's (my client has following spec:

40 CPU's, 128GB or RAM, 40TB of disk and 1x10G interface) - I see hyper-treading OFF, should I suggest them to enabled it or due to the fact that this is not SMART-1 but 2xVM in HA - would you rather have it ENABLED?

2. see the picture (except core dumps which definitely will get removed there are few worrying things - what you say about that?

3. log retention is in place so that 83% of log part. in use does not worry anyone.

 

all hints highly appreciated as always.

Cheers!

Jerry
0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-07-04 03:40 AM

I'm not aware of any more recent guidelines regarding Hyperthreading & Management than that outlined in sk104788.

Atleast part of the rationale discussed there is unrelated to the hardware platform used.

Your client's Check Point SE can engage solution centre on the above if needed.

 

CCSM R77/R80/ELITE
0 Kudos
Jerry
Mentor
Mentor
‎2023-07-04 05:19 AM
In response to Chris_Atkinson

Thanks Chris, I'm my customer's SE hence my post here 🙂

sk you've mentioned is quite old and does not reflect on the R81.10 though I found it useful but not 100% confident it is relevant to the newer GAIA's. Is there any chance to reflect on that and confirm whether newer builds comply with all the articles subject?

Solution ID: sk104788
ProductQuantum Smart-1
VersionR77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.30 (EOL)
OSGaia
PlatformSmart-1
Last Modified2020-12-16
 

SMT (also called HyperThreading or HT) is a feature that is supported on Check Point appliances running Gaia OS 64-bit - refer to sk93000 - SMT (HyperThreading) Feature Guide.

SMT is disabled by default in all Smart-1 appliances. Do not enable SMT without specific testing.

In the Security Management Server / Multi-Domain Management Server realm, SMT can actually reduce performance. This is due to the fact that enabling HyperThreading reduces the logical CPU's Processing Frequency. For Multi-Threaded processes, this works quite well, but in the Security Management Server / Multi-Domain Security Management Server realm, the user level processes being run, i.e., FWM, CPD, FWD, CPCA, etc., are not currently Multi-Threaded. This means that if you split the Logical CPU Cores, these user level processes are still only running on one of those CPU cores, basically reducing the availability of the GHz to the CPU core. On top of this, if another user level process is running on a sister CPU core (the other "half" of the physical core), then those user level processes are sharing the physical CPU core's cache. This scenario could create cache resource on processor issues as described by Intel.

The next logical question would be, "Can't you run more processes in parallel with HyperThreading?" Well, yes you can. Those processes will just take a bit longer to actually complete, than running the same process through a non SMT core. In simulation testing for Multi-Domain Security Management Server, we see that HyperThreading caused an average decrease in performance by 11%. Only when we increased the amount of parallel processes, did we see a very minimal performance increase. For example, increasing the amount of Domains, to which the Global Policy can be pushed at a time. This minimal performance increase for these certain small amounts of operations that can be performed in parallel, were not helpful versus the overall performance decrease in other areas.

Performance of Disk Input/Output was the main bottleneck on almost all operations. Disk I/O processing is done by a single driver, single process. On the Smart-1 3050 and Smart-1 3150, it is the megaraidsas driver that performs this operation. It is not a multi-threaded process in current versions of Gaia OS.

Jerry
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events