This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shiran_wang
Participant
‎2018-12-23 12:11 AM

one CPU kernel instance support how may interface

May i know one CPU kernel instance support how many Interface, if there is a limit?

i have VM firewall, this VM firewall only support 10 VNIC, so I can't test it, 

gw1> fw ctl affinity -a -v -l
Interface eth3 (irq 91): CPU 0
Interface eth6 (irq 99): CPU 0
Interface eth0 (irq 107): CPU 0
Interface eth4 (irq 115): CPU 0
Interface eth7 (irq 123): CPU 0
Interface eth1 (irq 139): CPU 0
Interface eth5 (irq 147): CPU 0
Interface eth8 (irq 155): CPU 0
Interface eth2 (irq 171): CPU 0
Interface eth9 (irq 179): CPU 0
Kernel fw_0: CPU 1
Kernel fw_1: CPU 0
Daemon fwd: CPU all
Daemon in.asessiond: CPU all
Daemon mpdaemon: CPU all
Daemon cpd: CPU all
Daemon cprid: CPU all

0 Kudos
1 Reply
Timothy_Hall
Champion Champion
Champion
‎2018-12-23 06:43 AM

No hard limit that I am aware of, but a "soft" limit could be inability of the single SND/IRQ core to empty the ring buffers of so many interfaces in a timely fashion, leading to RX-DRPs as shown by netstat -ni.  Also assuming that SecureXL is enabled, automatic interface affinity will spread out SoftIRQ handling across the 2/2 split (2 physical cores) in your situation but only if there is enough traffic to justify doing so.  All SoftIRQ processing starts on CPU 0 and can then be moved around as traffic warrants, looks like in your lab setup there is not enough traffic present for any SoftIRQ processing to get moved off CPU 0.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events