Running the 'fw ctl affinity -s' command in VSX Mode

Description

The fw ctl affinity -s command configures the CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. affinity The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores. settings on a VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. for:

Interfaces
User-space processes
CoreXL Firewall instances

Syntax

To see the built-in help:

fw ctl affinity

To configure the affinities of Virtual Systems:

fw ctl affinity -s -d [-vsid <VSID ranges> ] -cpu <CPU ID ranges>

To configure the affinities of a specified user-space process:

fw ctl affinity -s -d -pname <Process Name> [-vsid <VSID ranges>]

-cpu all

-cpu <CPU ID ranges>

To configure the affinities of specified FWK daemon instances (user-space Firewall):

fw ctl affinity -s -d -inst <Instances Ranges> -cpu <CPU ID ranges>

To configure the affinities of all FWK instances (user-space Firewalls):

fw ctl affinity -s -d -fwkall <Number of CPUs>

To reset the affinities to defaults:

fw ctl affinity

-vsx_factory_defaults

-vsx_factory_defaults_no_prompt

Important

The VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway saves these changes in the $FWDIR/conf/fwaffinity.conf configuration file.
When you configure affinity of an interface, it automatically configures the affinities of all other interfaces that share the same IRQ to the same CPU core.

Parameters

Parameter

Description

-vsid <VSID ranges>

Configures the affinity for:

One specified Virtual System.

For example: -vsid 7
Several specified Virtual Systems.

For example: -vsid 0-2 4

Note - If you omit the -vsid parameter, the command uses the current virtual context.

<CPU ID ranges>

Configures the affinity to:

One specified CPU core.

For example: -cpu 7
Several specified CPU cores.

For example: -cpu 0-2 4

Important - Numbers of CPU cores start from zero.

-pname <Process Name>

Configures the affinity for the Check Point daemon specified by its name (for example: fwd, vpnd).

Important - The process name is case-sensitive.

-inst <Instances Ranges>

Configures the affinity for:

One specified FWK daemon instance.

For example: -inst 7
Several specified FWK daemon instances.

For example: -inst 0 2 4

-fwkall <Number of CPUs>

Configures the affinity for all running FWK daemon instances to the specified number of CPU cores.

If it is necessary to affine all running FWK daemon instances to all CPU cores, enter the number of all available CPU cores.

-vsx_factory_defaults

Deletes all existing affinity settings and creates the default affinity settings during the next reboot.

Important - Before this operation, the command prompts the user whether to proceed. You must reboot to complete the operation.

-vsx_factory_defaults_no_prompt

Deletes all current affinity settings and creates the default affinity settings during the next reboot.

Important - Before this operation, the command does not prompt the user whether to proceed. You must reboot to complete the operation.

Example 1 - Affine the Virtual Devices #0,1,2,4,7,8 to the CPU cores #0,1,2,4

[Expert@MyGW:0]# fw ctl affinity -s -d -vsid 0-2 4 6-8 -cpu 0-2 4
VDevice 0-2 4 6-8 : CPU 0 1 2 4 - set successfully
Multi-queue affinity was not changed.  For More info, see sk113834.
[Expert@MyGW:0]#

Example 2 - Affine the process CPD by its name for Virtual Devices #0-12 to the CPU core #7

[Expert@MyGW:0]# fw ctl affinity -s -d -pname cpd -vsid 0-12 -cpu 7
VDevice 0-12 : CPU 7 - set successfully
Multi-queue affinity was not changed.  For More info, see sk113834.
Warning: some of the VSIDs did not exist
[Expert@MyGW:0]#

Example 3 - Affine the FWK daemon instances #0,2,4 to the CPU core #5

[Expert@MyGW:0]# fw ctl affinity -s -d -inst 0 2 4 -cpu 5
VDevice 0 2 4: CPU 5 - set successfully
Multi-queue affinity was not changed.  For More info, see sk113834.
[Expert@MyGW:0]#

Example 4 - Affine all FWK daemon instances to the last two CPU cores

[Expert@MyGW:0]# fw ctl affinity -s -d -fwkall 2
VDevice 0-2 : CPU 2 3 - set successfully
Multi-queue affinity was not changed.  For More info, see sk113834.
[Expert@MyGW:0]#

Example 5 - Affine all FWK daemon instances to all CPU cores

[Expert@MyGW:0]# fw ctl affinity -s -d -fwkall 4
There are configured processes/FWK instances
(y) will override all currently configured affinity and erase the configuration files
(n) will set affinity only for unconfigured processes/threads
Do you want to override existing configurations (y/n) ? y
VDevice 0-2 : CPU all - set successfully
Multi-queue affinity was not changed.  For More info, see sk113834.
[Expert@MyGW:0]#