Helpful ReplyHot!60F high mem

Page: < 12 Showing page 2 of 2
Author
muhkida
Bronze Member
  • Total Posts : 27
  • Scores: 5
  • Reward points: 0
  • Status: online
Re: 60F high mem 2020/07/27 12:01:23 (permalink)
0
Their ISP pipe is around 240-260Mbps.  I was able to hit 250Mbps with a 200D (as a temporary test, proxy-mode enabled).  I imagine I should get at least another 100Mbps in flow mode vs. proxy but did not want to take that hit, UTM functionality wise.  Definitely will try 6.2.x afterwards to see how much faster 6.2.x on the SoC4 chipset.
 
I feel I now remember a post earlier in the year in which someone from FNT (and I think the comment was later deleted) advised to not purchase the 40/60F as they are running the exact same CPU/NP chipset but with significantly lower available memory, essentially crippling throughput...but then are still able use the same numbers on the datasheets due to the capabilities of SoC4?  Does this ring a bell for anyone?
#21
brycemd
Silver Member
  • Total Posts : 105
  • Scores: 6
  • Reward points: 0
  • Joined: 2016/12/03 11:24:30
  • Status: online
Re: 60F high mem 2020/07/27 12:07:16 (permalink)
0
I think 6.2.3 will get you the performance you are looking for. 6.2.4 is too buggy IMO.
 
I did not see that post, but while they are very close in spec they are not the exact same. I guess the biggest difference is 8 CPU vs 4 CPU, the RAM is pretty negligible. I have access to both models:
 
40F:
Model name: FortiGate-40F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 4
RAM: 1820 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
 
60F:
Model name: FortiGate-60F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 8
RAM: 1919 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
 
And the 100F:
Model name: FortiGate-100F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 8
RAM: 3616 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
 
IMO, the 60F is in a bit of an odd position in the lineup when the 80F comes out. 80F will have dual PSU, SFP support, and more RAM
post edited by brycemd - 2020/07/27 12:24:24
#22
muhkida
Bronze Member
  • Total Posts : 27
  • Scores: 5
  • Reward points: 0
  • Status: online
Re: 60F high mem 2020/07/28 07:45:00 (permalink)
0
James_G
I think you are spot on, f series were released with 6.2 and had 6.0 back ported, it's not perfect and some of the hardware acceleration does not work on 6.0.

The throughput values in the spec are for 6.2 and higher.



This is an interesting notion given the 60Fs are shipping from the factory with v6.0.6 loaded.  One would expect FNT to put the device's 'native' FortiOS the device was engineered around.
#23
muhkida
Bronze Member
  • Total Posts : 27
  • Scores: 5
  • Reward points: 0
  • Status: online
Re: 60F high mem 2020/07/28 07:49:32 (permalink)
0
brycemd
I think 6.2.3 will get you the performance you are looking for. 6.2.4 is too buggy IMO.
 
I did not see that post, but while they are very close in spec they are not the exact same. I guess the biggest difference is 8 CPU vs 4 CPU, the RAM is pretty negligible. I have access to both models:
 
40F:
Model name: FortiGate-40F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 4
RAM: 1820 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)

60F:
Model name: FortiGate-60F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 8
RAM: 1919 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
 
And the 100F:
Model name: FortiGate-100F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 8
RAM: 3616 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
 
IMO, the 60F is in a bit of an odd position in the lineup when the 80F comes out. 80F will have dual PSU, SFP support, and more RAM




Thanks for this info - very interesting.  The CPUs are running like a charm, rarely spiking to 20-30% if that.  The problem is the memory is at a constant 58-65%.  IMO the 60F should have the same number of CPUs as the 40F but with double or at least 1G more memory as the CPUs can clearly handle traffic given the offloading assistance they receive from the SoC4.
#24
James_G
Gold Member
  • Total Posts : 235
  • Scores: 9
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: 60F high mem 2020/07/28 08:50:12 (permalink)
0
Did you apply 6.2.3, did it help
 
Also have you tried the config setting for IPS engine setting to basic?
#25
darwin_FTNT
Bronze Member
  • Total Posts : 52
  • Scores: 4
  • Reward points: 0
  • Joined: 2018/04/24 18:12:28
  • Status: offline
Re: 60F high mem 2020/07/28 21:11:44 (permalink)
0
Could be due to more cpus available in 60F, thus more ipsengine daemons per cpu are running. As far as I know, a feature is being merged recently to reduce IPS engine memory usage by approximately ~50% (with same configuration).  Also in 'config ips global --> engine-count' can be set.  This would limit the max number of running IPS daemons and saved memory.  Ideally, running as much IPS daemons as cpus could help in parallel processing of all incoming network traffic.  Can tune this to balance memory and cpu usage/performance based on preference.
#26
James_G
Gold Member
  • Total Posts : 235
  • Scores: 9
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: 60F high mem 2020/07/29 04:21:52 (permalink)
0
darwin
Could be due to more cpus available in 60F, thus more ipsengine daemons per cpu are running. As far as I know, a feature is being merged recently to reduce IPS engine memory usage by approximately ~50% (with same configuration).  Also in 'config ips global --> engine-count' can be set.  This would limit the max number of running IPS daemons and saved memory.  Ideally, running as much IPS daemons as cpus could help in parallel processing of all incoming network traffic.  Can tune this to balance memory and cpu usage/performance based on preference.




Hi darwin, would love to know what release we might expect to see the new IPS code. I've just pushed the order button on some 100f units that mainly just do IPS. Ta :)
#27
darwin_FTNT
Bronze Member
  • Total Posts : 52
  • Scores: 4
  • Reward points: 0
  • Joined: 2018/04/24 18:12:28
  • Status: offline
Re: 60F high mem 2020/07/29 19:59:05 (permalink) ☄ Helpfulby James_G 2020/07/30 01:08:38
0
For FOS v6.4, just request IPS package v6.0.30 or later from TAC.
This is a new feature tracked by mantis 0613814: Reduce IPS memory consumption.
It is still being backported to FOS v6.2/6.0 later on as one of major features (not available yet currently, more testing likely pending).
Hopefully it would make it to the next IPS official public release for FOS v6.2/v6.0 (can't ascertain this).
 
#28
James_G
Gold Member
  • Total Posts : 235
  • Scores: 9
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: 60F high mem 2020/07/30 01:21:39 (permalink)
0
Thanks - super helpful
#29
Page: < 12 Showing page 2 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5