ACME Corp has a cluster consisting of two 13500 appliances. As the Firewall Administrator, you
notice that on an output of top, you are seeing high CPU usage of the cores assigned as SNDs,
but low CPU usage on cores assigned to individual fw_worker_X processes. What command
should you run next to performance tune your cluster?
A.
fw tab –t connections –s – this will show you a summary of your connections table, and allow
you to determine whether there is too much traffic traversing your firewall.
B.
fwaccel stats –s – this will show you the acceleration profile of your connections and
potentially why your SNDs are running high while other cores are running low.
C.
fw ctl debug –m cluster + all – this will show you all the connections being processed by
ClusterXL and explain the high CPU usage on your appliance.
D.
fwaccel off – this will turn off SecureXL, which is causing your SNDs to be running high in the
first place.
Explanation:
When most of the traffic is accelerated by SecureXL (run ‘fwaccel stats -s’ command), the load on CPU cores that run as Secure Network Distributor (SND) can be very high, while the load on CPU cores that run CoreXL FW instances can be very low. This is an inefficient utilization of CPU capacity.
Notes:
Traffic is processed by the CoreXL FW instances only when the traffic is not accelerated by SecureXL (if SecureXL is installed and enabled).
With CoreXL, there are cases when performance without SecureXL is better than with it, even when SecureXL does manage to accelerate part of the traffic.
sk98348