AnsweredAssumed Answered

Multiple cores for medium path traffic

Question asked by Marc Zacho on Nov 10, 2017
Latest reply on Nov 11, 2017 by Marc Zacho

Hi,

 

I'm doing some throughput test on a vSEC gateway in network mode (basically just a VM with GAiA installed afaik), on a NSX/ESXi environment .

 

The test is done with a basic setup, one gateway and two Ubuntu VM's acting as client / server. To measure througput I'm using Iperf (TCP, basic settings).

 

The problem is when I enable both IPS and Application Awareness. With both blades enabled I'm only able to get a throughput around 1.5 Gbps. With just one of the blades its around 5 Gbps, without any blades (except FW) its 6 Gbps, which seems to be a driver limit (e1000 vs only 4.5 Gbps on VMXNET3)

 

I have tried to play around with the core allocation, but without luck. There are no difference if the fw workers have a dedicated core, or are able to use all available cores.

 

According to fwaccel stats -s, above 90% of the traffic hits PXL.

 

So my question is, is it possible to split the IPS and APP awareness processes to different CPU's or just load-share the PXL part even more?

Outcomes