Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CarlosDias
Contributor

Hyper Threading on Open Servers

Hi,

I have a cluster of HPE Proliant 360 Gen 9 and another cluster Gen 10, running Gaia 81.10 and planning to upgrade to 81.20

This clusters are apparently working with no problem with Hyperthreading enabled, but recently I found  SK108200

I have all the other BIOS settings as required, except that I have HT enabled.

Is is still not supported on recent Gaia releases?

I found no problem at the moment, but am a bit concerned with this SK, and ig I should disable HT

Can someone advice?

Regards

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

I would suggest to ask CP TAC - they should be able to answer your question!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority

I would disable hyperthreading regardless of whether it's supported or not. For firewalls, the perceived overall performance of the system is most strongly correlated with the performance of a single thread. With hyperthreading enabled, each real core can do maybe 25% more work in a separate thread, but the second thread generates more heat, which limits how much the processor can overclock itself for single-thread performance.

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Also see the recommendations in Best Practices - Security Gateway Performance

https://support.checkpoint.com/results/sk/sk98348 

  • (3-6) SMT (HyperThreading)

 

As an example the blades that are enabled/used might affect if to use HyperThreading

0 Kudos
Timothy_Hall
Legend Legend
Legend

This is covered in my Gateway Performance Optimization Class.  According to sk93000 SMT is supported on Open Servers starting in R80.40 Jumbo HFA 45+.  Also keep in mind SMT is enabled by default on all Security Gateways whose server architecture supports it, and this is generally what you want.  There are a number of considerations though:

1) For systems that have a very high amount of fastpath traffic (such as a gateway with only Firewall and IPSec VPN blades enabled), under high load the SNDs do not benefit from SMT and fastpath performance is reduced.

2) Medium Path performance (passive & active streaming) is improved by SMT somewhere between 20-30% due to the nature of the workload characteristics in that path.  Because it is not unusual to see 60-70% of traffic in the Medium Path on a modern gateway with the typical blades enabled, generally SMT is a win.  The slowpath benefits from SMT as well, but you should get your traffic out of there anyway.  😎

3) Specifically for Open Servers, keep in mind that your gateway container limits the number of cores you can use.  So if you have a gateway with 4 real cores and are licensed for 4 cores, turning on SMT to get 8 cores and paying a sizable premium to upgrade your container core limit to 8 for a 20-30% gain is not even close to being worth it.  The cost to increase the number of allowed cores on open hardware goes up very rapidly as anyone who has looked at the pricelist can attest.  So if you are paying such a premium per-core, pay it for a real physical core and not SMT ones.

4) To Bob's point about Turbo Boost being helpful for improving single-thread performance by reducing competition for the physical CPU, this is not quite as relevant as it used to be due to Hyperflow and "Super Instances".  For the latter feature suppose a 16-core SMT system.  Assume that worker core 7 starts getting crushed by an elephant flow. Not only will the Dynamic Dispatcher avoid sending new connections to core 7, it will also stop sending new connections to the sibling core 15.  As existing connections on cores 7/15 finish and terminate more and more of the physical core's resources are available to the elephant regardless of SMT.  The elephant may also be getting boosted by Hyperflow on multiple worker cores if available, but Hyperflow is not supported on open hardware.

5) For Check Point management components (SMS, Log Server, SmartEvent, etc) SMT is not desirable and will cause around a 10% penalty due to the specific workload characteristics, see here: sk104788: SMT (HyperThreading) for Smart-1 3050, Smart-1 3150, Smart-1 5150, Smart-1 6000  This may be why sk108200 is telling you to disable SMT on your HP since that SK applies to both gateways and management components.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
CP_Chris
Employee Employee
Employee

I think point 3 is incorrect. As I understand it, licensing looks at the physical cores, not the SMT cores. See sk156793.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events