CoreXL – VSX implementation

This is kinda hacked but work in progress as I get more info.

I am comparing CoreXL in R75.40VS of a VS standalone gateway (VPG) to a VSX gateway. Look at this.

The VS standalone gateway is configured for 4 CPUS. I then used cpconfig to enable CoreXL for 4 firewall instances. Check out the process list. OK this is cool. I setup 4 fw instances and got 4 worker threads.

10-24-2013 9-09-38 PM

Now with a VSX gateway, I setup in VS0 corexl for 4 firewall instances:

VSX with 4 firewall isntances

NOW check out the process list. Notice the ‘worker’ thing goes away and the VS0 process gets a ‘-i 4’ for the number of firewall instances inside that process?

VSX corexl process list

The other VS1 is a switch and you can’t change the instances. But VS2 I want to change:.. but you have to do it in SmartDashboard.

VSX VS above 0 configure in Dashboard

smartdashboard config

Wonder what happens when I change it??

You guessed it!!! Changes the ‘-i 2’ to reflect the SmartDashboard config

vsx-vs2-corexl-config

Who Cares???

So this is my guess. On Standalone you map real processes to real cores. IN VSX gateway, Each VS gets a process “fwk” and internally they do internal process threading to simulate CoreXL based on the “-i” parameter.

Fact or Fiction?? Sure wish the documentation would talk about this stuff!!! In fact the documentation calls it all “firewall instance” no matter if its a VS standalone process, VSX gateway process, VS process, VS internal thread.. Tomato Tomaaaato.

Why do I care??? Because what do I map to a CPU. The OS process? or the Process Thread?? They are all instances???

…..Ongoing……

So let’s take it a bit further…

I want to make one of the 2 instances from VS2 to a specific core??? Can I do that? Does it make sense??

VS instance to core

Well I guess I can!!! So does that mean that an additional process got generated???

NO! Same process list as before.

SameOlProcessList

So what can I say….Not sure. Is it still an internal thread? You can’t assign an internal thread to a CPU that I know about.

Still a mystery but a very interesting one!

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • dbar  On August 21, 2014 at 3:07 am

    Threads in linux do have affinity.
    Fwk indeed has multiple thrads. Press shift h while in top. You will see some intersting stuff.

    • Dreezman  On August 21, 2014 at 6:27 pm

      You are obviously right. Thanks. My course covers all of this in great detail.

      I was told by CP SE’s that CoreXL is two edge sword. CP politically does not
      want to scare off customers with the complexities of CoreXL. Customers want
      pretty buttons to click on. All the intricate Linux geeky stuff scares
      customers away.

      Can’t say.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: