This is mostly for the archives, but if anyone has suggestions,
send them in before we go through with backing off to buy X4100s,
even though they are nearing discontinuation.
We're having a bit of trouble with the X4100 M2 and the R65 SPlat.
For the most part everything looks OK, with one catch. When you first
boot up the system, you slowly get these kernel errors,
Sep 19 23:15:42 gibraltar kernel: unexpected IRQ trap at vector 67
Sep 19 23:18:52 gibraltar kernel: unexpected IRQ trap at vector 67
Sep 19 23:22:01 gibraltar kernel: unexpected IRQ trap at vector 67
Sep 19 23:26:50 gibraltar kernel: unexpected IRQ trap at vector 67
Sep 19 23:36:33 gibraltar kernel: unexpected IRQ trap at vector 67
Sep 19 23:38:09 gibraltar kernel: unexpected IRQ trap at vector 67
Then if you do too much I/O on the serial console, one of these
pops,
Sep 20 00:01:40 gibraltar kernel: unexpected IRQ trap at vector 64
Now the nasty messages stop after this. But your serial
console
grinds
to
a
halt.
Almost. It literally takes a minute or two to log in, waiting for
the prompt, your typing to echo, the password prompt, and then the
banner. All of the I/O on the serial console is this way until
a reboot. At least I can't find a way to fix it.
It's not the hardware or the terminal end of the console. If I
escape out of the console to the system's ILOM which is also on
the serial line, it's just as perky as ever. Go from the ILOM
back to the console... And. It. Is. Slow. Again.
That said, in either state, the boxes seem more than happy to
push packets through as fast as I can throw them in this limited
lab setup. A network terminal works fine as do all of the Check
Point tools. It just looks like the serial console... as far
as I can tell.
I think it's all going back to the version of Linux not quite
recent enough to play well with the APIC. I also worry about
the "ERR" line in the interrupt totals,
[EMAIL PROTECTED] cat /proc/interrupts
CPU0 CPU1
0: 513788 2631 XT-PIC timer
1: 2 0 XT-PIC keyboard
2: 0 0 XT-PIC cascade
4: 3883 325 XT-PIC serial
5: 0 0 IO-APIC-level ehci-hcd
7: 393925 908557 XT-PIC eth1
8: 1 0 XT-PIC rtc
11: 97 0 IO-APIC-level usb-ohci
14: 22 0 XT-PIC ide0
15: 6652 5846696 IO-APIC-level eth0
31: 3521151 192141 IO-APIC-level eth2
32: 133 12640 IO-APIC-level eth3
33: 7205 7767 IO-APIC-level ioc0
NMI: 0 0
LOC: 516348 516348
ERR: 394416
MIS: 0
But again, not enough of a Linux kernel guy to know what that
means, especially in a dual-CPU, SMP system with AMD64 chips.
I think the ERRs keep coming until that last unexpected IRQ
trap message. When the serial console drags to a near halt, the
errors stop.
The serial console problem, may not be a show stopper, but we're
concerned it could be the tip of the iceberg, and these could
be trouble when loaded in production, although they haven't looked
bad in lab tests.
On 9/17/2007 at 12:06 AM, Tobias Lachmann <[EMAIL PROTECTED]>
wrote:
> I had the chance to discuss this issue on the Check Point Experience
in
> Munich with Dorit Dor, VP Products at CP.
> She outlined that servers in the HCL are not picked by Check Point,
but that
>
> they listen to what customers and
> partners want to use and then they go and certify the hardware. So if
you
> need certain hardware to be certified,
> go and ask CP for it.
>
> At the moment the X4100 M2 and X4200 M2 are present in the HCL, but
marked
> only suitable for VSX R65.
>
> We had a production installation a few month ago and run into trouble
with
> RAID and also the onboad nVidia
> network interfaces. Especially the network interfaces cause trouble
> sometimes, which is a issue that has nothing
> to do with CP but the SUN hardware.
>
> My hope is that we'll get a better hardware support with the next
version of
>
> SPLAT.
>
> ----- Original Message -----
> From: "Sergio Alvarez" <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Monday, September 17, 2007 3:43 AM
> Subject: Re: [FW-1] Sun X4100 M2 Servers
>
>
> Well, if you check the hardware compatibility list in the link
bellow:
>
> http://www.checkpoint.com/services/techsupport/hcl/all.html
>
> It clearly sows the X4100 supported in R60 and above (requiring some
patch
> level for some versions), but the line right bellow shows the X4100
M2,
> which shows not support at all on any versions.
>
> Now, if you have an X4100 M2 running a firewall with no problem on a
lab
> environment, I guess you can do one of two things, contact Check
Point
> support and ask the particular reason why it is not supported even
when you
> were able to install and run the application with no problem (for
which you
> have a high probability of getting a useless answer). Or, you can
take your
> chances and put it in production.
>
> Personally I would say there must be some sort of ugly issue
regarding those
> X4100 M2 boxes that might show its ugly face the moment you less
expect it.
> Why would they emphasize so much and its lack of support even when it
is in
> fact possible to install Check Point on it.
>
> Regards
>
>
>
> On 9/14/07, cisco4ng <[EMAIL PROTECTED]> wrote:
>>
>> I am not sure if this will help but I had a meeting with Sun last
week,
>> and according to Sun, the X4100 M2 servers is certifiied to run
>> ONLY NGx R65. It is NOT certified to run NGx R60, R60A, R61,
>> R62 or T63.
>>
>> That's the officially word from Sun. Only NGx R65 is supported
>> on the X4100 M2 servers.
>>
>>
>>
>> Crist Clark <[EMAIL PROTECTED]> wrote:
>> We've got some Sun X4100 M2 servers. The SecurePlatform Hardware
>> Compatibility Tool says they are OK for SecurePlatform. However,
>> the certified "Open Server and Devices" information on the X4100
>> family says although the X4100's are supported the M2 model is
>> not. See note 2,
>>
>>
http://www.checkpoint.com/services/techsupport/hcl/model_info/0034.html
>>
>> The compatibility tool says they are OK. SecurePlatform installs
>> and appears to be running fine in a lab environment. So what
>> does the note above mean? Is there a known incompatibility or
>> problem? Or does it just mean Check Point hasn't tested the M2?
>>
>> BTW, Sun's information on the two models,
>>
>> http://www.sun.com/servers/entry/x4100/specs.xml
BĀ¼information contained in this e-mail message is confidential, intended
only for the use of the individual or entity named above. If the reader
of this e-mail is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this e-mail
in error, please contact [EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
