Multi-Queue Troubleshooting

Scenario

Explanation and next steps

After reboot, the wrong interfaces are configured for Multi-QueueClosed An acceleration feature on Security Gateway that configures more than one traffic queue for each network interface. Multi-Queue assigns more than one receive packet queue (RX Queue) and more than one transmit packet queue (TX Queue) to an interface. Multi-Queue is applicable only if SecureXL is enabled (this is the default). Acronym: MQ..

This can happen after changing the physical interfaces on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Follow one of these steps:

  • Run:

    mq_mng --reconf

    reboot

  • Configure the Multi-Queue again

After you configure the Multi-Queue and reboot the Security Gateway, some of the configured interfaces show as Down.

These interfaces were up before the Security Gateway reboot. The "mq_mng --show" command shows the interface status as "Pending on".

This can happen when not enough IRQs are available on the Security Gateway.

Follow one of these steps:

  • Remove unused expansion cards, if possible

  • Disable some of the interfaces configured for Multi-Queue

When you change the status of interfaces, all the interface IRQs are assigned to CPU 0, or to all of the CPU cores.

This can happen when an interface status is changed to UP after the automatic affinityClosed The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores. procedure runs (during each boot).

Run:

mq_mng --reconf

In VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. mode, an fwk process runs on the same CPU core as some of the interface queues.

This can happen when the affinity of the Virtual System was manually changed but Multi-Queue was not reconfigured accordingly.

Follow one of these steps:

  • Run:

    mq_mng --reconf

    reboot

  • Configure the number of active RX queues manually

In Gateway mode, after you change the number of CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances, the Multi-Queue is disabled on all interfaces.

When you change the number of CoreXL Firewall instances, the number of active RX queues automatically changes based on this formula:

Active RX queues = (Number of CPU cores) - (Number of CoreXL Firewall instances)

If the difference between the number of CPU cores and the number of CoreXL Firewall instances is 1, Multi-Queue is disabled.