This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-11-18 12:12 AM

"show route" output very slow R80.40 T120

Just wondering if anyone else have noticed slowness in "show route" output in clish if uptime is over one month? What's interesting we have multiple fairly similar clusters and not all are showing same symptoms, only two so far. Reboot "fixes" problem temporarily

We only use static routing.

Output of a single route entry takes approx 5secs.

If interrupted with Ctrl-C we see data-plane added to clish prompt even though we have not introduced management data plane segregation (sk138672 )

image.png

 

What's interesting is that CPU usage jumps fairly high with high wait time on CPU0 which is only set to be used for MQ. Screenshot below is from a standby member so there's not a lot of other processing there

image.png

 

Just to confirm affinity settings CPU0 set only for MQ

image.png

 

image.png

 

0 Kudos
11 Replies
Timothy_Hall
MVP Gold
MVP Gold
‎2021-11-18 06:36 AM

That is really strange to see such a high wa (waiting for I/O) on a dispatcher core instead of a worker core.  Having that core getting blocked 86% of the time waiting for some kind of event related to your route display might cause other problems.  Do you have any VTIs?  Maybe getting stuck there resolving the interface name or something?  Any loopback subinterfaces or other nonstandard interfaces defined in Gaia?  If you try "show route summary" does it return immediately as that display does not involve resolving interface names?  

I really doubt it is something in SecureXL, Dynamic Dispatcher, or SoftIRQ (which would would hang in si space) even though those are present on the dispatcher core that is getting blocked...

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-11-18 06:44 AM
In response to Timothy_Hall

I would expect DNS timeouts to be booked to wait. Is 'netstat -r' also slow? How about 'netstat -nr' (skips DNS resolution)?

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-11-19 12:03 AM
In response to Bob_Zimmerman

Thanks guys for replying!

In response to both:

  • DNS problems - no, cant see that as we use FQND objects and would have noticed that there too
  • netstat "speed" is equal on both gateways (with -nr and -r)
  • show route summary - standby member is instantaneous whilst active member has approx 5sec delay
  • It only starts showing with time - straight after reboot it works like a clock. Plus standby member doesn't seem to get affected with time at all.

Almost feels like a memory leak. I'll dig some more! 

And got even one error whilst running summary command in clish multiple times n succession:

fw1> show route summary
RTGRTG0019 tclproc: {Timeout waiting for response from database server.

0 Kudos
genisis__
MVP Silver
MVP Silver
‎2021-11-19 01:18 AM
In response to Kaspars_Zibarts

Have you tried going to JHFA125? (I would not go to JHFA131 just yet, had an issue on a 6400.  after reboot on in band communications stopped, uninstalled and installer JHFA125, no issues).

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-11-19 03:27 AM
In response to genisis__

Not a lot of fixes between 120 and 125:

image.png

 

0 Kudos
genisis__
MVP Silver
MVP Silver
‎2021-11-19 03:29 AM
In response to Kaspars_Zibarts

I agree - but there could be "private" fixes as well 😉

 

the_rock
MVP Platinum
MVP Platinum
‎2021-11-19 04:58 AM

Funny you mentioned this, because I seen it with one customer few times, but then it goes away, so reboot is never required to "fix" it and they are on take 120 as well. Not really sure what could be causing this behavior, as I checked their cpu, memory, corexl, sxl...all looks perfectly fine.

Best,
Andy
0 Kudos
KK
Employee Employee
Employee
‎2022-02-12 07:08 AM
In response to the_rock

Doesnt seem to be fixed even on Take 139. I just got one of the customer's upgraded today and noticed the same issue on latest 139 as well. Just to let you know, I have seen this issue happening on all Takes from 92 onwards.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-02-12 07:24 AM
In response to KK

Hm, not sure what to say then...I always work with couple of clients running on R80.40 Take 120 and I had never experienced this problem.

Best,
Andy
0 Kudos
Naama_Specktor
Employee
Employee
‎2022-02-14 12:31 AM

Hi @Kaspars_Zibarts 

My name is Naama Specktor and I'm from checkpoint ,

Do you have TAC SR for this issue? if yes I will appreciate it if you will share the number.

 

thank you ,

Naama 

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-02-14 10:13 PM
In response to Naama_Specktor

I'm afraid that we did not raise a case as we were planning upgrade to T139 anyways and it seems to be working atm.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events