Multi-Queue Basic Configuration

Description

The "g_cpmq" command shows and configures the Multi-QueueClosed An acceleration feature on Security Gateway that configures more than one traffic queue for each network interface. Multi-Queue assigns more than one receive packet queue (RX Queue) and more than one transmit packet queue (TX Queue) to an interface. Multi-Queue is applicable only if SecureXL is enabled (this is the default). Acronym: MQ. on supported interfaces.

Procedure

Step

Instructions

1

Connect to the command line on the Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..

2

Log in to the Expert mode.

3

Run the g_cpmq command with the applicable parameters.

See the syntax below.

4

If you changed the Multi-Queue configuration, you must reboot the Security Group Members:

reboot -b all

Syntax

  • To show the existing Multi-Queue configuration:

    g_cpmq get

          [-a]

          [-v]

          [-vv]

          [rx_num {igb | ixgbe | i40e | mlx5_core}]

  • To configure the IRQ affinity of the queues:

    g_cpmq set affinity

  • To configure the Multi-Queue for the specified driver:

    g_cpmq set rx_num

          igb {default | <Value>}

          ixgbe {default | <Value>}

          i40e {default | <Value>}

          mlx5_core {default | <Value>}

Parameters

Parameter

Description

get

Shows Multi-Queue status only for active supported interfaces.

Output does not show network interfaces that are currently in the down state.

get -a

Shows Multi-Queue status of all supported interfaces.

  • [On]

    Multi-Queue is enabled on the interface.

  • [Off]

    Multi-Queue is disabled on the interface.

  • [Pending On]

    Multi-Queue is currently disabled on the interface. Multi-Queue is enabled on this interface only after you reboot the Security Group Members. This status can also indicate bad configuration or system errors.

  • [Pending Off]

    Multi-Queue is enabled on the interface. Multi-Queue is disabled on this interface only after you reboot the Security Group Members.

Example:

[Expert@MyChassis-ch0x-0x:0]# g_cpmq get -a

 

Active igb interfaces:

eth1-05 [On]

eth1-06 [Off]

eth1-01 [Off]

eth1-03 [Off]

eth1-04 [On]

 

Non active igb interfaces:

eth1-02 [Off]

[Expert@MyChassis-ch0x-0x:0]#

get -v

Shows Multi-Queue status of supported interfaces with IRQ affinityClosed A state of binding an IRQ to one or more CPU cores. information and RX bytes counters.

get -vv

Shows Multi-Queue status of supported interfaces with IRQ affinityClosed The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores. information and RX bytes and packets counters.

set affinity

Configures the IRQ affinity of the queues when:

  • Multi-Queue is enabled on an interface

  • The interface status is changed to "down"

  • The computer was rebooted

Run this command after the interface status is changed back to "up".

Important - Do not change the IRQ affinity of queues manually. Such manual change can affect performance.

set rx_num igb {default | <Value>}

Configures the number of active RX queues for interfaces that use the igb driver (1Gb).

set rx_num ixgbe {default | <Value>}

Configures the number of active RX queues for interfaces that use the ixgbe driver (10Gb).

set rx_num i40e {default | <Value>}

Configures the number of active RX queues for interfaces that use the i40e driver (40Gb).

set rx_num mlx5_core {default | <Value>}

Configures the number of active RX queues for interfaces that use the mlx5_core driver (40Gb).

set rx_num <Driver> default

Configures the number of active RX queues to the number of CPUs, which are not used by CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances (recommended).

set rx_num <Driver> <Value>

Configures the specified number of active RX queues.

This number can be between two and the total number of CPU cores.