SIM Affinity in Automatic mode may make poor decisions on multi-core platforms. In addition, some multi-core hardware platforms suffer from an inability to assign IRQs to use all the CPU cores efficiently.
- With PCIe NICs, to ensure full utilization of all CPU cores, it is important that the IRQs from NICs are properly configured and assigned to correct CPU cores.
- For systems with four CPU cores and Dual Port NICs, IRQ Swizzling technology should be enabled to properly distribute IRQs among four CPU cores. This issue applies only to Dual Port NICs. IRQ Swizzling is not required with Quad Port NICs.
- For systems with eight CPU cores and Quad Port NICs, EIRQ technology should be enabled to properly distribute IRQs among all eight CPU cores. Note that at the time of this writing, there is no certified platform with this ability.
Important: There is no Automatic affinity since R80.20
sim affinity controls the SecureXL affinity settings of network interfaces to CPU cores. Starting from R80.20, SecureXL can affine network interfaces only to CPU cores that run as CoreXL SND.
"sim affinity -a" command configures the affinity in 'Automatic' mode. SecureXL periodically examines the load on the CPU cores and the amount of traffic on the interfaces. Based on the results, SecureXL can reassign interfaces to other CPU cores to distribute their load better.
For mor information, refer to Performance Tuning R80.30 Administration Guide
For pre-R80.20 versions:
- Utilizing all CPU cores requires that the number of interfaces in the system be equal to, or greater than the number of CPU cores. In addition, each interface should be assigned a unique IRQ. The assignment of interfaces to IRQs can be verified in the
/proc/interrupts file, which presents the IRQ distribution among interfaces, and by running the 'sim affinity -l' command, which lists the distribution of interfaces among CPU cores.
- SIM Affinity in Static mode is recommended over the Automatic mode.
- When setting SIM Affinity in Static mode, affinity is only applicable to physical interfaces.
Some systems may require BIOS update to enable IRQ Swizzling and EIRQ technologies. To determine whether a specific system supports the required technology, refer to the list of certified systems or contact your hardware vendor.
- IRQ Swizzling is currently supported on the following certified platforms: IBM System x3650, HP DL380G5 and Dell 2950.
- Make sure the hardware platform appears in the Check Point Hardware Compatibility List for the Security gateway on which it is to be installed.
Procedure
- If the BIOS update or any special configuration is required to enable IRQ Swizzling or EIRQ technology (for some vendors), refer to vendor's documentation for details.
- Configure SIM Affinity to run in Static mode instead of Automatic mode by running the '
sim affinity -s' command. The affinity setting is applied immediately and survives the reboot.
For more information, refer to:
- Performance Pack Administration Guide (R75.40, R75.40VS) - Chapter 'Command Line' - 'sim affinity' section..
- Performance Tuning Administration Guide (R80.10) - Chapter 1 'Performance Pack' - 'Command Line' - 'sim affinity' section.
- Assigning NICs to CPU cores: To achieve the best performance, pairs of interfaces carrying significant data flows (based on network topology) should be assigned to pairs of CPU cores on the same physical processor.
Result:
- Under load, use the '
top' command to verify that all CPU cores are utilized (when in 'top' press 1 to display all CPU cores, and then press Shift+W to save this configuration).
- To observe the NICs distribution among the CPU cores, run the '
sim affinity -l' command to list the table of interfaces, their assigned IRQs and their attachment to CPU cores (affinity).
The following is an example of the system output where IRQs are well distributed among four CPU cores:
[Expert@HostName]# sim affinity -l
eth0 (irq 18) : 0
eth1 (irq 19) : 1
eth2 (irq 16) : 2
eth3 (irq 17) : 3
