Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor

Packet loss 44k chassis

Hi all,

One of our customer has a dual chassis 44K setup on R80.20SP with take 163. The setup is in VSLS mode with several virtual systems on both chassis 1 and chassis 2. 

Customer is going to add more virtual systems to the setup and sending more traffic throught this setup in the future so he did some performance tests. We found out we get a packet loss when we are sending a stream of small UDP packets through a virtual system.

Sending a 5 Gbps stream with 1400 bytes UDP packets gives us no packet loss. Sending a 5 Gbps stream with 500 bytes UDP packets gives us a 40% packet loss.

We do not see a high load on the CPU's. On all  SGM's they are running very low. We also do not see any drops or errors on the SSM interfaces and no drops in SmartLog. SecureXL is enabled an we see a 99% acceleration rate and it looks like the stream is templated.

To make things worse, when we put this kind of stream through a virtual system, all other virtual systems on the same chassis are affected and we see loss of application and services on those virtual systems.

Has anyone experience the same when sending this type of traffic through a 44K chassis? How did you investigate to find the root cause? And most important, did you resolved it?

Some more information:

Both chassis' have one SSM and two SGM's.

One the SSM we use the 100GB ports in a bonding configuration.

We only use the firewall blade.

It is an internal firewall, so no NAT configured.

When we bypass the 44K chassis by configuring some network routes, we do not see any packet loss, so it looks like the 44K is the bottleneck.

Thanks for your replies and suggestions. I also have a case open with support, but all help is welcome.

Regards, Martijn

3 Replies
lagui
Explorer

You are experiencing a problem on how you distribute your CPUs. Yo have less than needed CPUs dedicated to process trafic from the network cards (SND cores) or you don't have multiqueue activated.  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
Timothy_Hall
Champion
Champion

What does asg_drop_monitor say while you are experiencing the high packet loss?  See sk67142: 60000 / 40000 Appliances - Performance Tests Troubleshooting

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Martijn
Advisor
Advisor

Hi All,

Thanks for the replies.

We made some major changes in the 44K setup by adding extra SGM's (so both chassis' have three SGM's installed), a 2nd SSM in both chassis', upgrading to the latest jumbo take and change the number of SND cores from 4 to 14. We already see an improvement in performance on some flow, but have to test the heavy ones.

 We did not change the distribution mode yet, but this is also something we can look at.

Regards,
Martijn

0 Kudos