Discusses CoreXL tuning for systems performing basic firewall and/or NAT functions- CPU cores 0 and 1 highly loaded by a high volume of traffic whilst remaining cores are not heavily loaded
- CPU cores not equally loaded (average over time)
CoreXL tuning might be needed on CoreXL-enabled systems including Crossbeam X-Series.
Prime examples are systems:
If the problem is known to be related to the fact that only cores 0 and 1 are effectively loaded by processed traffic, other cores might need to be assigned a) to process traffic and b) to get better average load across available CPU cores. Similar tuning might be needed if, over time, the average load between cores is not similar.
In order to enable other cores to process traffic, the sim affinity tool might need to be used. Also, the same tool might be used to release some cores from processing traffic (SXL).
Depending on the exact scenario, some or all other cores might need to be assigned and further tests with particular configurations may need to be performed. Utilization of the cores should be monitored over a longer period in a production environment in order to confirm that no anomalies are observed over time.
For performance tests where advanced security features are not utilized, static interrupt mapping to cores should be utilized and all cores should be enabled for traffic processing in order to achieve higher performance numbers.
For further information about ClusterXL configuration options, please refer to the Check Point documentation.