Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

bond across different interface modules

I'm setting up a new 23900 appliance cluster.  It has a 2-port 10G card as well as a 4-port 10G card.  I'd like to setup 2 bond interfaces (internal / external) with 2 10G ports in each bond.  My initial thought is to use a 10G port from each interface card for the bond.  That way the FW can survive an interface card failure.

Is there any reason not to do so?  I'm thinking from a hardware / performance perspective.  @Timothy_Hall, are there any SecureXL / CoreXL considerations around this?  Would it be better to split the bonds across interface cards, keep them both on the 4-port card, or doesn't it really matter?

0 Kudos
3 Replies
Highlighted

No direct SecureXL/CoreXL considerations as they don't really care where a NIC is physically located in a chassis; the only other factor would be how the two NIC ports in different slots are connected to each other on the bus/backplane, and whether this will really matter depends heavily on the hardware architecture.  The only real references to this are located in sk98348 which says:

 

  • If you are using a motherboard with multiple PCI or PCI-X buses, make sure that each Network Interface Card is installed in a slot connected to a different bus.
  • If you are using more than two Network Interface Cards in a system with only two 64-bit/66Mhz PCI buses, make sure that the least-used cards are installed in slots connected to the same bus

@HeikoAnkenbrand put together a pretty interesting page on the Intel processor architecture at the link below, might be interesting to see if he has any opinion on this.

https://community.checkpoint.com/t5/General-Management-Topics/New-R80-x-Performance-Tuning-Intel-Har...

 

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
Highlighted
Silver

Can I assume the 23900 and 6800 appliances follow these recommendations / best practices that you mentioned when 2 different slots are used for 10G NIC interface cards?

  • If you are using a motherboard with multiple PCI or PCI-X buses, make sure that each Network Interface Card is installed in a slot connected to a different bus.
  • If you are using more than two Network Interface Cards in a system with only two 64-bit/66Mhz PCI buses, make sure that the least-used cards are installed in slots connected to the same bus
0 Kudos
Highlighted

 

Thanks @Timothy_Hall 

As Timothy described it, I wrote an article about Intel hardware.

We think a little bit about Intel Skylake platform architecture. In recent years I have read many books and internet informations about outdated information about network cards and packet processing. Therefore I took a closer look at a modern Intel architecture. Furthermore it is interesting to see how Linux can be used with these new technologies (MSI-X, PCIe, DMA, multi queueing and some more.

More see here:

R80.x Performance Tuning – Intel Hardware

Tags (1)