Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
phlrnnr
Advisor

Performance Optimization tab in Gaia

In the Gaia Web GUI, 'Network Management --> Performance Optimization' tab, what criteria is used to determine what interfaces Multi Queue should be enabled on?  For example, Here is a R80.20 6800 appliance set to the 'Optimize for Packet Rate and Throughput' option.  It recommends eth1-01 and eth1-02 have multiqueue on (but ignores the other 10G interfaces that we have).

In my setup, eth1-01 and eth2-01 are in a bond for 'internal' and eth1-02 and eth2-02 are in a bond for 'external'.  How does Gaia determine what interfaces it thinks this should be enabled on?

 
9 Replies
phlrnnr
Advisor

performance.JPG

0 Kudos
Timothy_Hall
Legend Legend
Legend

While I'm not privy to exactly how it is making that determination, it may be looking at overall frame count and picking the highest 2 interfaces, presence/percentage of RX-DRP counts, or both.  Can you please provide the output of netstat -ni

 

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
phlrnnr
Advisor

These 6800s are not in production yet - I am simply pre-building the configuration at this point.  So, there is minimal load on them at this time.

But, here is the output:

[Expert@<removed>:0]# netstat -ni
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
Mgmt 1500 0 1583 0 0 0 2696 0 0 0 BMRU
bond0 1500 0 5274 0 0 0 2861 0 0 0 BMmRU
bond0.2303 1500 0 5197 0 0 0 2777 0 0 0 BMmRU
bond1 1500 0 7377 0 0 0 4024 0 0 0 BMmRU
bond1.2304 1500 0 7298 0 0 0 3944 0 0 0 BMmRU
bond2 1500 0 155352 0 0 0 145998 0 0 0 BMmRU
bond2.2305 1500 0 155272 0 0 0 145918 0 0 0 BMmRU
eth1 1500 0 154041 0 0 0 731 0 0 0 BMsRU
eth1-01 1500 0 2878 0 0 0 48 0 0 0 BMsRU
eth1-02 1500 0 3127 0 0 0 443 0 0 0 BMsRU
eth2 1500 0 1312 0 0 0 145267 0 0 0 BMsRU
eth2-01 1500 0 2396 0 0 0 2813 0 0 0 BMsRU
eth2-02 1500 0 4250 0 0 0 3581 0 0 0 BMsRU
lo 16436 0 3202 0 0 0 3202 0 0 0 LRU

0 Kudos
phlrnnr
Advisor

Strangely, as well, when I check all 4 of the 10G interfaces, it forces eth1 and eth2 on as well (those are part of bond2 for state-sync).

The same thing happens if I configure it manually:

cpmq1.JPG

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @phlrnnr 

You can configure a maximum of five interfaces with Multi-Queue. I can see 6 in your picture.

Screenshot_20190906-191803_Edge.jpg

You must reboot the Security Gateway after all changes in the Multi-Queue configuration.

Tips:

  • For best performance, it is not recommended to assign both SND and a CoreXL FW instance to the same CPU core.
  • Do not change the IRQ affinity of queues manually. Changing the IRQ affinity of the queues manually can adversely affect performance.
  • Multi-Queue is relevant only if SecureXL and CoreXL is enabled.
  • Do not change the IRQ affinity of queues manually. Changing the IRQ affinity of the queues manually can adversely affect performance.
  • You cannot use the “sim affinity” or the  “fw ctl affinity” commands to change and query the IRQ affinity of the Multi-Queue interfaces.
  • The number of queues is limited by the number of CPU cores and the type of interface driver:

Network card driver

Speed

Maximal number of RX queues

igb

1 Gb

4

ixgbe

10 Gb

16

i40e

40 Gb

14

mlx5_core

40 Gb

10

  •      The maximum RX queues limit dictates the largest number of SND/IRQ instances that can empty packet buffers for an individual interface using that driver that has Multi-Queue enabled. 
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
phlrnnr
Advisor

@HeikoAnkenbrand That is part of the problem.  I configured 4 interfaces, and Checkpoint turned on 6 interfaces (including 2 which I didn't configure).  It won't let me turn them off either (via cpmq set).

I have just opened an SR with Checkpoint as well.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @phlrnnr 

think also a TAC request is better in this case.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
phlrnnr
Advisor

However, I'm still curious for a response from the Checkpoint Devs as to how Gaia determines what it thinks should be turned on...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events