This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tom_Cripps
Advisor
‎2020-06-18 02:49 AM

Observing Broadcast CCP messages when CCP mode is Multicast

I am seeing Broadcast packets for CCP from my active gateway on two interfaces even though my CCP method is multicast? Has anyone seen this at all before? 

I'm also seeing RX_DRP and RX_OVR increase the same amount appearing to be in a "lockstep" as described in @Timothy_Hall's books. 

I suspect this may be causing us problems when our current standby member becomes active, as we see irregular behavior when it is handling traffic.

0 Kudos
6 Replies
Timothy_Hall
Legend Legend
Legend
‎2020-06-18 04:50 AM

Gateway code & kernel version? 

What CCP mode does cphaprob -a if show?

If you are getting RX-DRP/RX-OVR lockstep it usually means to need to add more SND cores and then possibly enable Multi-Queue, but this is version dependent.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
Tom_Cripps
Advisor
‎2020-06-18 05:00 AM
In response to Timothy_Hall

Hi Tim,

We're running R80.10 on these still and kernel version will still be 2.6

 

cphaprob -a if shows:


Required interfaces: 8
Required secured interfaces: 1

Sync UP sync(secured), multicast
Mgmt Disconnected non sync(non secured), multicast
eth2-01 UP non sync(non secured), multicast
eth1-01 UP non sync(non secured), multicast
eth1-03 UP non sync(non secured), multicast
eth3-07 UP non sync(non secured), multicast
eth3-03 UP non sync(non secured), multicast
bond0 UP non sync(non secured), multicast, bond Load Sharing
bond1 UP non sync(non secured), multicast, bond Load Sharing

Virtual cluster interfaces: 7

eth2-01 xxxx 
eth1-01 xxxx 
eth1-03 xxxx 
eth3-07 xxxx 
eth3-03 xxxx
bond0 xxxx
bond1 xxxx

 

These interfaces are not under load though so surely multi-queue or more SND cores won't help? 

 

 

 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-06-18 07:51 AM
In response to Tom_Cripps

Tough to say, please provide output of "Super Seven" commands and enabled_blades.

https://community.checkpoint.com/t5/General-Topics/Super-Seven-Performance-Assessment-Commands-s7pac...

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
Tom_Cripps
Advisor
‎2020-06-18 08:10 AM
In response to Timothy_Hall

Enabled Blades:

[Expert@XXXX:0]# enabled_blades
fw vpn mon vpn

 

Super Seven output is attached Tim. This is from our current standby member also.

 

 

s7pac.txt
Preview file
17 KB
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-06-19 05:50 AM
In response to Tom_Cripps

Please provide the Super Seven run on the active member, I can tell it was run on the standby due to the 100% F2F.

In regards to the high RX-DRP, it may be skewed by the fact that it is a standby member, and you are seeing unknown protocols in your network as mentioned here: https://community.checkpoint.com/t5/General-Topics/core-affinity-R80-40-two-cores/m-p/88834/highligh...

 

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
Tom_Cripps
Advisor
‎2020-06-19 07:48 AM
In response to Timothy_Hall

Hi Tim,

Thank you getting back in touch, we have identified this being an with the Hardware module we are using. Changing the interface into a new module has resolved this. I suspect there is a problem with the NIC on that module, we are not seeing errors anymore, but are still seeing FWHA_IFCONF_REQ and FWHA_IF_PROBE_REQ requests on the second interface which was erroring, not anymore though.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top