This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Platinum
MVP Platinum
‎2021-03-01 04:02 PM

What does mux_enabled kernel parameter do exactly?

Anyone has an idea what does mux_enabled kernel setting do? I tried looking up on cp support site, but cant find the actual answer. If someone could confirm, would be great. Customer had an issue with downloading stuff from a self serve Apple portal on MAC machines and when this kernel setting was disabled, then all worked, even with https inspection rule intact.

 

if you enable that kernel option, then it does not work. This was suggested by escalation team, but I would still like to clarify exactly what it does, as I had not gotten an explanation.

 

Thanks!

Andy

Best,
Andy
4 Replies
the_rock
MVP Platinum
MVP Platinum
‎2021-03-01 04:05 PM

Did find below in R80.40 performance tuning guide, but still not clear how it actually works..

 

Module 'MUX' (Multiplexer for Applications Traffic)

R80.20 introduced a new layer between the Streaming layer and the Applications layer - MUX (Multiplexer).

Applications are registered to the Streaming layer through the MUX layer.

The MUX layer chooses to work over PSL (passive streaming) or CPAS (active streaming).

Syntax:

fw ctl debug -m MUX + {all | <List of Debug Flags>}
Best,
Andy
Timothy_Hall
MVP Gold
MVP Gold
‎2021-03-01 08:00 PM

I believe this has something to do with the new "PSL pipeline" and "CPAS pipeline" paths that can potentially spread a single connection's packets and processing across multiple worker cores; normally a single connection's packets can only be handled by one worker core for the life of that connection.  You can see these new pipeline paths with fwaccel stats -s in the later Jumbo HFAs of R80.40 and R81+.  The big application for these pipeline paths is dealing with elephant flows; this feature was teased at the very end of my CPX 2020 Presentation: Big Game Hunting: Elephant Flows.  Couldn't say more about it at that time due to NDA.

There are also some undocumented commands such as fw_mux and mux_stats that may provide some further insight; in particular running fw_mux all will show all connections and what paths they are being handled in, along with some other interesting information that is mentioned in these threads:

https://community.checkpoint.com/t5/Security-Gateways/fw-ctl-fast-accel-some-traffic-still-going-slo...

R81 - Cyber Security Platform Overview (Español)  - see R81-Workshop-PS_LATAM_Nov12.pdf attachment

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
the_rock
MVP Platinum
MVP Platinum
‎2021-03-02 06:16 AM
In response to Timothy_Hall

Thanks Tim, appreciated! Do you know at all if it affects any specific type of traffic and also is it safe to leave that parameter to off?

 

Andy

Best,
Andy
Timothy_Hall
MVP Gold
MVP Gold
‎2021-03-02 06:45 AM
In response to the_rock

Leaving it off will I assume make your worker cores more vulnerable to getting saturated by elephant flows and thus decrease performance in that scenario, this is simply how traffic was handled in the early releases of R80.40 and R80.30 and earlier.

The pipeline paths only cover traffic in CPAS and PSL if Mux is enabled, so I would assume there would potentially be a slight performance decrease in those paths by leaving it off.  Having Mux off should not affect traffic that is fully accelerated by SecureXL or F2F/slowpath traffic at all assuming my understanding is correct.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events