Question on performance

[phoenixsecure]

Hi,

I have a CP cluster in HA, actif, passif on a SUN 480 with 2 CPU and 1 gig of ram each. The problem is when I reach 100mbits of traffic my CPU go to 100% and I can see a major slow down in performance. My big question is: Can this type of machine (SUN 480, 2 cpu, 1 gig ram) can handle more than 100mbits of traffic? I think it should be able to handle much more than this. And if it should be handling more traffic, any one have any idea why its not.

Thanks.

[gavvys]

Hi
Well the traffic is not only issue for showing CPU usage high.
Could you please tell me the checkpoint version and HFA also.Also check the Smartdefence settings also a bit information about the licence.

Let me know we will further troubleshoot the issue.


Regards
Ranjit singh

[phoenixsecure]

Version: NGX (R60) HFA_05, Hotfix 605
OS: Solaris Version: 5.8
License:CPMP-VPG-XL-NGX CPXP-CI-VPX-U-NGX CPVP-VPS-1-NGX
HA, actif, passif
We dont have any smart defense subscription, so its basic there and we dont really use it.

[MarioL]

Check which rules you are logging, since it has a big impact on performance.

[cp-math]

Quote:

Originally Posted by phoenixsecure

Hi,

I have a CP cluster in HA, actif, passif on a SUN 480 with 2 CPU and 1 gig of ram each. The problem is when I reach 100mbits of traffic my CPU go to 100% and I can see a major slow down in performance. My big question is: Can this type of machine (SUN 480, 2 cpu, 1 gig ram) can handle more than 100mbits of traffic? I think it should be able to handle much more than this. And if it should be handling more traffic, any one have any idea why its not.

Thanks.

Hello!

I have the same problem with the same hardware. Can you give me any hints?

Thanks!

[MarioL]

My suggestion was to check the logs, spikes in activity can cause the box to struggle. I've seen this before when a spike in one rule caused the box to have to write a lot of logs and it struggled.

[eduardw]

How many concurrent connections do you have? We had a similar problem with the same hardware and approximate 35000 concurrent connections R55w. Because of the highload the cluster switched a few time a day for node to node.
We replaced the cluster for a HP G5 with 2 dual cores 3 GHz and for gigs of ram, splat R62. Now the average load of the system is 8% instead of 80-100% on the sun. We’ve tried a lot of things before we decide to switch hardware.

[rugby1725]

Are you using the onboard interfaces or addon cards. If addons what brand and speed are the cards.

Kris

[JeffP]

Quote:

Originally Posted by rugby1725

Are you using the onboard interfaces or addon cards. If addons what brand and speed are the cards.

Kris

That was my guess also. We have seen serious performance degradation through dual/quad cards that do IRQ sharing. When your CPU hit's a 100% check top and see if Soft IRQ is maxed out, that's a prime indicator. Also if you are running QOS ie: FloodGate the multi-cpu support is not available and everything will be pushed through a single core/cpu.

[chuachongchee]

It does look like the hardware is dying? lmao