Revisit on the Softirq issue - much different situation

[gbpackerz]

I see this never fully got answered, and with the Crossbeam not being deployed as broadly as the rest of the products CP runs on I can understand why. Still, I will revisit the topic...
I have an X40 with dual NPM 6's, single dual core apm 8600. The firewall that is running on this particular APM is consuming 30-50% of BOTH CPU's. Of note is the fact it is NOT VSX.
I'm running the latest XOS code 8.0.2 and firmware has been upgraded as well. TOP shows fw and dtls process as the big abusers almost all of it is in softirq. SWATCH shows traffic at a total of about 200MB/s and Kpps fluctuates between 60-100 total (all of which flows to this APM in this particular chassis).

Does this seem normal? No SmartDefense, http https dns etc are not set to sync on the cluster - all of the obvious stuff except for the fact I have not turned on SecureXL. I could understand if the traffic were closer to 1Gig, but 200MB in the Crossbeam 6 series? Thanks in advance.
-Matt

[buffaloribs]

Hi, I experience exactly the same problem on PowerEdge 2850, Dual-Xeon 3.2GHz (hyperthreading deactivated) and intel pro 1000MT quad ports. My environnement is based on SecurePlatform pro 2.4, R65HFA2, ClusterXL in HA configuration.

While we were on "heavy" load about 200-250Mb of throughput for all of the five interfaces, one cpu achieved 100%, all affected to softirq. Now we load balance correctly irq among the 2 cpu which is not done by default, and we're currrently evaluating SecureXL which offload cpu consumption by about 40%.

- I rearrange rules for the top matched rules to be on top of my rules list.
- I changed sim affinity to load balance interfaces' irq on each cpu => this would enable twice as much throughput
- I put aggressive timeout on http which covers 90% of my trafic => only reduce connections table size
- I disabled sync completely => no significant gain
- I implement Intel PRo 1000 optimization by changing driver's loading options (sk25921) => no significant gain
- I changed manually the connections table's parameter to increase memory but cpu is bottleneck and I can't get more than about 50000 connections

For the moment, only clusterXL great enhance cpu consumption, but we'll have to pay for this :-/ and I still think cpu is too high regarding server's specifications and the small trafic we handle with it.

An SR is opened by checkpoint, but no response yet about softirq

[chuachongchee]

What version of checkpoint are u using??

I noticed this in one of my customer's environment, about close to 300mbps of throughput.. SoftIRQ about <5% on normal loading, when hitting traffic peaks, SoftIRQ was 40~50%

Configuration was:
x80-AC2
XOS 7.3.0.1
R62 (No HFA)
2x NPM8200
2x NPM8210
6x APM8400 (1P4-4G)
2x CPM8400

5 APMs running in a Active~Active environment, one APM as hot standby.. The SR came back that it was due to high connections (~180k/APM, Peak 350k/APM).. We're still debating around...

Will update again...

[Dragon]

All

your figures sound right to me after spending half a year with Crossbeam experts.

You can roughly apply figures below with these assumptions:

• CPU is running 40%
• SecureXL is turned ON
• most of connections (>95%) are NATed
• VLAN tags removed, see link below
• HTTP object modified, see link below
• Majority of traffic NOT synched and NOT logged

APM8400 (single core) : 100 Mbps
APM8600 (dual core) : 200 Mbps

Remember:

• you can multiply figures above 4 times if NAT is light or not used
• using SecureXL will decrease CPU by almost 50%!
• to check load on each core if you run 8600 using top as SNMP reports only core 01!!!

Also remember to check the summary of options I provided in previous thread:

X80 performance 4 times less than C25!?