Configure CPU Affinity on cSRX
A cSRX Container Firewall instance requires two CPU cores in the Linux server. To help schedule the Linux server tasks and adjust performance of the cSRX running on a Linux host, you can launch the cSRX container and assign its control and data processes (or daemons) to a specific CPU. In a cSRX container, srxpfe is the data plane daemon and all other daemons (such as nsd, mgd, nstraced, utmd, and so on) are control plane daemons.
CPU affinity ensures that the cSRX control and data plane daemons are pinned to a specific physical CPU, which can improve the cSRX container performance by using the CPU cache efficiently. By default, there is not a defined CPU affinity for the cSRX control and data plane daemons; the CPU on which the control and data plane daemons run depends on Linux kernel scheduling.
To assign cSRX container control and data daemons to a specific CPU, include the environment
variables CSRX_CTRL_CPU
and CSRX_DATA_CPU
in the
docker run
command.
For example, to configure the cSRX container to launch the control plane daemons on CPU 1 and the data plane daemon on CPU 2:
root@csrx-ubuntu3:~/csrx# docker run
-d --privileged --network=mgt_bridge -e CSRX_CTRL_CPU="0x1" -e CSRX_DATA_CPU="0x2"
--name=<csrx-container-name> <csrx-image-name>