|
|
|
This section explains how to use the fw ctl affinity command to set affinities in VSX. When you run this command with the -d parameter, VSX automatically creates or updates the affinity configuration files.
|
Note - The VSX Gateway - Use the Security Gateway - The CoreXL affinity settings are not saved after you reboot it |
There are processes that are affinity exceptions and are not included in the affinity commands that you run. The $FWDIR/conf/vsaffinity_exception.conf file contains the list of processes that are affinity exceptions.
|
Important - Do not add Check Point processes to this list. Doing so can make the system unstable. |
You cannot set affinity to kernel threads.
When there is a conflict between affinities, there are priorities that are used to determine which CPU affinity is used. This is the priority order from highest to lowest:
Run the fw ctl affinity command to set these CPU affinities:
You must be in Expert mode to run the fw ctl affinity command.
Set the affinity of firewall instances to one or more CPUs for each Virtual System separately.
Syntax
fw ctl affinity -s -d {-inst <instances> -cpu <cpus>|-fwkall <cores>}
Parameter |
Description |
<instances> |
Number range of firewall instances that you are setting affinity. Use a dash to set a range of instances. |
<cpus> |
Number range of CPU processing cores that you are setting affinity. Use a dash to set a range of cores. |
<cores> |
Number of cores that are used for CPU affinity. You cannot use this parameter to assign specific cores to the firewall instances. |
Example
vsenv 1
fw ctl affinity -s -d -inst 0 2-4 -cpu 0-2
fw ctl affinity -s -d -fwkall 3
Output
VDevice 1: CPU 0 1 2 - set successfully |
Notes
You can use this command with the -fwkall parameter from any context.
Use the -fwkall parameter to set the affinity of all the firewall instances to all the Virtual Systems.
Syntax
fw ctl affinity -s -d -fwkall <cores>
Parameter |
Description |
<cores> |
Number of cores that are used for CPU affinity. You cannot use this parameter to assign specific cores to the firewall instances. |
Example
fw ctl affinity -s -d -fwkall 3
Output
VDevice 0-2 : CPU 3 4 5 6 7 - set successfully |
Notes
You can use this command with the -fwkall parameter from any context.
Set the affinity of processes to one or more CPUs. You can use the -vsid parameter to set the affinity for a process to Virtual Systems in any context. If you do not use the -vsid parameter, the affinity of the current context is set.
Syntax
fw ctl affinity -s -d -pname <process> [-vsid <vsids>] -cpu <cpus>
Parameter |
Description |
process |
Name of process that you are setting affinity. |
vsids |
Virtual System IDs that you are setting affinity for this process. Use a dash to set a range of Virtual Systems. |
cpus |
Number range of CPU processing cores that you are setting affinity. Use a dash to set a range of cores. |
Example
fw ctl affinity -s -d -pname cpd -vsid 0-1 -cpu 0 2
Output
VDevice 0-1 : CPU 0 2 - set successfully |
Set the affinity of the Virtual Systems to one or more CPUs. You can use the -vsid parameter to set affinity to the specified Virtual Systems. If you do not use the -vsid parameter, the affinity of the current Virtual System is set.
Syntax
fw ctl affinity -s -d [-vsid <vsids>] -cpu <cpus>
Parameter |
Description |
vsids |
Virtual System IDs that you are setting affinity. Use a dash to set a range of Virtual Systems. |
cpus |
Number range of CPU processing cores that you are setting affinity. Use a dash to set a range of cores. |
Example
fw ctl affinity -s -d -vsid 0-1 -cpu 0 2
Output
VDevice 0-1 : CPU 0 2 - set successfully |
You can monitor the affinity of processes and Virtual Systems on the VSX Gateway.
Monitor the affinity of processes on the VSX Gateway. You can use the -vsid parameter to show the affinity for a process to the specified Virtual Systems.
Syntax
fw ctl affinity -l -x [-vsid <vsids>] [-flags [e|h|k|n|t]
Parameter |
Description |
vsids |
Shows the affinity for processes for these Virtual System IDs. Use a dash to set a range of Virtual Systems. |
e |
Do not show processes that are affinity exceptions. Affinity exceptions are configured in the |
h |
Show CPU affinity mask in hexadecimal format. |
k |
Do not show kernel threads. |
n |
Show the process name instead of |
t |
Show information about the process threads. |
Example
fw ctl affinity -l -x -vsid 1 -flags tn
Output
--------------------------------------------------------------- |PID |VSID | CPU |SRC|V|KT |EXC| NAME --------------------------------------------------------------- | 4756 | 0 | all | | | | | pm | 4773 | 0 | all | | | | | confd | 4774 | 0 | all | | | | | searchd | 5008 | 0 | all | | | | | |---searchd | 4780 | 0 | all | | | | | httpd2 | 4781 | 0 | all | | | | | monitord | 24700 | 0 | 0 1 | P | | | | |---cpd | 24704 | 0 | 0 1 | P | | | | |---cpd | 24705 | 0 | 0 1 | P | | | | |---cpd | 22800 | 0 | all | | | | | mpdaemon | 24523 | 0 | all | | | | | fwk_forker | 24525 | 0 | all | | | | | fwk_wd | 24573 | 0 | 1 3 4 6 | P | | | | fw | 24667 | 0 | 1 3 4 6 | P | | | | |---fw | 24668 | 0 | 1 3 4 6 | P | | | | |---fw | 24670 | 0 | 1 3 4 6 | P | | | | |---fw | 24671 | 0 | 1 3 4 6 | P | | | | |---fw | 25412 | 0 | 1 3 4 6 | P | | | | |---fw | 24642 | 0 | 2 3 4 5 6 7 | P | | | | fwk0_dev | 24643 | 0 | 2 3 4 5 6 7 | P | | | | |---fwk0_0 | 30186 | 0 | all | | | | | clishd ---------------------------------------------------------------- |
Show the configured affinities of the Virtual System.
Syntax
fw ctl affinity -l
Example
fw ctl affinity -l
Output
VS_0 cpd: CPU 0 2 VS_0 FWK_INSTANCE_0: CPU 3 7 VS_0 FWK_INSTANCE_4: CPU 3 7 VS_0 fwd: CPU 3 7 VS_0 fwk: CPU 0 1 VS_1: CPU 2 4 6 VS_1 fwd: CPU 4 5 VS_1 fwk: CPU 2 3 4 5 6 7 |
