sim affinity

Description

Controls the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. affinity The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores. settings of network interfaces to CPU cores.

Important - SecureXL can affine network interfaces only to CPU cores that run as CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. SND. For more information, see sk98737 - ATRG: CoreXL.

Important:

The same SecureXL command must run on all Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members.

Therefore, you must run the SecureXL commands in either Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., or Expert mode.

In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish, run the "sim ..." and "sim6 ..." commands.
In the Expert mode, run the "g_sim ..." and "g_sim6 ..." commands.

Syntax for IPv4

sim [-i <SecureXL ID>] affinity

-a

-h

-l

-s

Syntax for IPv6

sim6 affinity

-a

-h

-l

-s

Parameters

Parameter	Description
`-i <SecureXL ID>`	Specifies the SecureXL instance ID (for IPv4 only).
`-a`	Configures the affinity in 'Automatic' mode. SecureXL periodically examines the load on the CPU cores and the amount of traffic on the interfaces. Based on the results, SecureXL can reassign interfaces to other CPU cores to distribute their load better..
`-h`	Shows the applicable built-in usage.
`-l`	Shows the current affinity settings.
`-s`	Configures the affinity in 'Static' ('Manual') mode. SecureXL does not reassign interfaces to other CPU cores to distribute their load better.

Example 1 - Default output

[Expert@MyChassis-ch0x-0x:0]# sim affinity
Usage: sim affinity <options>

Options:
   -l -
   -s - set affinity settings manually
   -a - set affinity settings automatically
   -h - this help message

[Expert@MyChassis-ch0x-0x:0]#

Example 2 - SIM Affinity is in Automatic mode

[Expert@MyChassis-ch0x-0x:0]# g_cat /proc/cpuinfo | grep processor
processor : 0
processor : 1
processor : 2
processor : 3
[Expert@MyChassis-ch0x-0x:0]#
[Expert@MyChassis-ch0x-0x:0]# g_fw ctl multik stat
ID | Active | CPU | Connections | Peak
----------------------------------------------
 0 | Yes    | 3   |           3 |           21
 1 | Yes    | 2   |           6 |           13
 2 | Yes    | 1   |           5 |           13
[Expert@MyChassis-ch0x-0x:0]#
[Expert@MyChassis-ch0x-0x:0]# sim affinity -l
eth6 : 0
eth0 : 0
eth3 : 0
eth1 : 0
eth4 : 0
eth2 : 0
eth5 : 0
[Expert@MyChassis-ch0x-0x:0]#