Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Muazzam
Contributor
Contributor
Jump to solution

Drops on interface with high CPU

Hardware: 25400

20 cores with 6/14 split.

OS: GAIA R77.30 T216

Uptime: Over 18 months

Bandwidth (typical): 500 Mbps

Concurrent connections: About 18K

Packets/Sec: Under 500K

RX ring-size on interface: 512

 

One 10g (non-bonded) interface has started dropping packets recently. This is tied to CPU core 1, that is running between 75 to 95%. Interface is showing RX drops constantly.

No other errors noticed. zdebug does not show any drops. SecureXL is accelerating 98% packets.

 

Question: This firewall should not be dropping packets, I do not see any reason. As a first step, I would like to reboot the firewall. Any one in support of this? Anyone suggests increasing buffer size on interface?

 

 

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

You almost certainly need to enable Multi Queue on the interface, seems like you have enough SND/IRQ cores.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

0 Kudos
6 Replies
Muazzam
Contributor
Contributor
Forgot to mention that the attached Cisco switch is showing no errors at all, all clean.
0 Kudos
Muazzam
Contributor
Contributor

Correction: Hardware is 23500

Question: In the existing 6/14 split, would you recommend adding more SND cores before enabling MQ?

Any changes to SIM affinity, leaving it automatic ok?

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

You would have to look at the load on all CPUs and then make a call - if you need more SXL or FWK cores. Or leave it as is

0 Kudos
Timothy_Hall
Legend Legend
Legend

You almost certainly need to enable Multi Queue on the interface, seems like you have enough SND/IRQ cores.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
Definitely, 1 core will struggle with 10Gbps interface from our experience
0 Kudos
FedericoMeiners
Advisor

As stated before, you should enable MultiQ on that interface. If you are still seeing errors on the interfaces you may need to liberate the cores assigned to MultiQ.

Regards,

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events