I upgraded R61 to R65 after internet slowly

[santa]

Hello,

We upgraded SPLAT ver R61 to R65. But I have a problem internet speed. I think my internet connection is more slowly then before. (my internet connection is Leased Line).

Old Checkpoint (R61) works normaly.

Yourself, what happen it?

[mcnallym]

I have personally found that each version of NGX is getting more resource hungry, so do get a slight performance decrease on older hardware.

Not sure if a real difference or just feels slower though.

[santa]

Quote:

Originally Posted by mcnallym

I have personally found that each version of NGX is getting more resource hungry, so do get a slight performance decrease on older hardware.

Not sure if a real difference or just feels slower though.

I'm sure for real difference.

We old system (R61) devices P4 1.6 1GB RAM IBM PC and other machine (I use Eventia Reporter) P4 1.6 1GBRAM IBM PC. Our firewall and logging solution provide by both machine.

Now, I bought IBM x3250 Server. You know, this machine Intel Xeon Dual and 3GB RAM, finaly server system. That is to say it's machine better then before.

(Everybody feeling slow surf)

[cciesec2006]

Did you check to see that the interface setting matches with what you
have on the layer-2 switchport.

When in doubt, use "ethtool" to check your interface setting.

[chillyjim]

Also check to see that nothing in SmartDefense got turned on that you don't want (epically if you don't have SMDF updates).

R65 in general should be faster than R61.

[santa]

Hi chillyjim,

I'm using Smart Defense, and it's updated last version. Anything else?

Hi cciesec2006,

Where I look to ethtool? Which I use command to ethtool?
Examples:

[Expert@korozogw]# ethtool -a eth0
Pause parameters for eth0:
Autonegotiate: on
RX: on
TX: on

[Expert@korozogw]# ethtool -i eth0
driver: tg3
version: 3.66f
firmware-version: 5721-v3.65
bus-info: 01:00.0

[santa]

Hello again my friends,

Do you mind if you look my another post? Maybe it's interest with this case..

a strange log in Eventia?? (have a pictures)

[eduardw]

Try ethtool eth0
and netstat -i
check for duplex mismatches and for interfaces errors. Did you allready check the settings of the switch ports.

[santa]

Everthing is a normal?

Settings for eth0:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes


Settings for eth1:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes

Settings for eth2:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes



----------- and netstat -i results is below: ------------

Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 12350421 0 0 0 9823472 0 0 0 BMRU
eth1 1500 0 11971189 0 0 0 13096018 0 0 0 BMRU
eth2 1500 0 2751242 10 0 0 2920810 0 0 0 BMRU
lo 16436 0 1367041 0 0 0 1367041 0 0 0 LRU

[wilsonck]

Even though you have a bigger, newer server, R65 doesn't use the other cores unless you buy corexl. on the gateway, run TOP and then look at the processor loads over the cores. I bet most load is on cpu0. This is what I found and now I am going back to R60 to try it out.

[jaskaran224]

can it be related to the compatibility issue between the new Network adapters with R65?

[santa]

Quote:

Originally Posted by wilsonck

Even though you have a bigger, newer server, R65 doesn't use the other cores unless you buy corexl. on the gateway, run TOP and then look at the processor loads over the cores. I bet most load is on cpu0. This is what I found and now I am going back to R60 to try it out.

Hello willsonck

I did check it CPU in TOP, and results is below... I think so it's normal?? idle is higher


CPU states: cpu user nice system irq softirq iowait idle
total 2.6% 0.0% 1.6% 0.4% 15.2% 0.2% 179.8%
cpu00 1.6% 0.0% 1.2% 0.4% 14.1% 0.0% 82.6%
cpu01 1.0% 0.0% 0.4% 0.0% 1.2% 0.2% 97.1%
Mem: 3081156k av, 2785640k used, 295516k free, 0k shrd, 110308k buff
1096284k actv, 943196k in_d, 46500k in_c

[santa]

Quote:

Originally Posted by jaskaran224

can it be related to the compatibility issue between the new Network adapters with R65?

Yes, I think.

My using server and devices (x3250) certified by Check Point and are recommened for use with Secure Platform... you can look at this web site:

Check Point Software: IBM System x3250

(Note: Network Adapter : Broadcom Netextreme. It was come with server onboard)

[chillyjim]

Quote:

Originally Posted by santa

(Note: Network Adapter : Broadcom Netextreme. It was come with server onboard)

There have been several reports that the Broadcom adapters do not perform well under load. In general it's recommended that you use the on-board adaptors for your management and sync interfaces only.

[santa]

Quote:

Originally Posted by chillyjim

There have been several reports that the Broadcom adapters do not perform well under load. In general it's recommended that you use the on-board adaptors for your management and sync interfaces only.

Hey,

Yes, you'r right. I agree with you but I wrote upside "Broadcom Netextreme" NIC is my server onboard NIC. My server model is x3250 PN:
4364 42G. I mean, this PN owner with IBM Server use onboard Broadcom Ethernet..

2 x Broadcom Netextreme Onboard
1 x Broadmcom Netextreme PCI-E

[larstr]

Not sure what specific models you have, but VMware has the following statement regarding two Broadcom models: "Do not use Broadcom 5700 Rev 14 or 5701 Rev 15 for heavy traffic"

It seems that these nics might stop transmitting data if the load becomes high.

Don't know if the issue could be the same on SPLAT, but I'm not surprised if it is.

Lars

[santa]

Quote:

Originally Posted by larstr

Not sure what specific models you have, but VMware has the following statement regarding two Broadcom models: "Do not use Broadcom 5700 Rev 14 or 5701 Rev 15 for heavy traffic"

It seems that these nics might stop transmitting data if the load becomes high.

Don't know if the issue could be the same on SPLAT, but I'm not surprised if it is.

Lars

Hello,

Yes I saw that, bu my Broadcom NIC model is:
01:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express (rev 21)

and that's not seen in the list.

But you said to me; " It seems that these nics might stop transmitting data if the load becomes high." it's good idea. Maybe it idea is possible valid for my problem.

[chillyjim]

Do not use Broadcom NICs in any application that will receive high traffic levels. They will work as management interfaces and as sync interfaces but not for main traffic interfaces. It is a problem with the NIC.

[santa]

Quote:

Originally Posted by chillyjim

Do not use Broadcom NICs in any application that will receive high traffic levels. They will work as management interfaces and as sync interfaces but not for main traffic interfaces. It is a problem with the NIC.

What will I do? :( unfortunatelly it's NIC onboard and I think I don't change server. If I upgrade NIC driver version, haven't to be useful??

Can I try this, yourself? and also how in secureplatform?

+1

Meanwhile, I want to upgrade my NIC driver version on Secure Platform R65. How can I check driver version now and how can I install new (I searched driver, last version is 3.81c) driver? I think it maybe should to be useful

[santa]

Hello My Friends,

Is this devices to be useful for my slowly problem? Solution?

INN-PWLA8494GTBLK ETH Pro/1000MT Quad Port Server Adptr