Aratohu Hangarau
Optimize NGFW Performance with
Intel® Xeon® Processors on Public Cloud
Kaituhi
Xiang Wang
Jayprakash Patidar
Declan Doherty
Eric Jones
Subhiksha Ravisundar
Heqing Zhu
Kupu Whakataki
Ko nga papangaahi-whakatupuranga (NGFW) kei te matua o nga otinga haumarutanga whatunga. Ko nga paahi ahi tuku iho he tirotiro i nga waka, i te nuinga o te waa i runga i te tauranga me te kawa e kore e taea te tiaki i nga waka kino o enei ra. Ko nga NGFW ka whanake me te whakawhanui ki runga i nga papangaahi tuku iho me te kaha ki te tirotiro i nga paatete hohonu, tae atu ki nga punaha whakamohiotanga / arai (IDS/IPS), te rapunga kino, te tautuhi tono me te mana whakahaere, aha atu.
Ko nga NGFW he kawenga mahi-rorohiko e mahi ana, hei tauiraample, cryptographic operations for network traffic encryption and decryption and heavy rule matching for detecting malicious activities. Intel delivers core technologies to optimize NGFW solutions.
Intel processors are equipped with various instruction set architectures (ISAs), including Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) and Intel® QuickAssist Technology (Intel® QAT) which significantly accelerate crypto performance.
Intel also invests in software optimizations including those for Hyperscan. Hyperscan is a high-performance string and regular expression (regex) matching library. It leverages single instruction multiple data (SIMD) technology on Intel processors to boost pattern-matching performance. Hyperscan integration into NGFW IPS systems such as Snort can improve performance by up to 3x on Intel processors.
He maha nga wa ka tukuna nga NGFW hei taputapu haumaru i tukuna ki te rohe whakaheke (DMZ) o nga pokapū raraunga hinonga. Heoi, he kaha te tono mo nga taputapu mariko NGFW, mo nga kohinga rorohiko ranei ka taea te tuku ki te kapua a te iwi, ki nga pokapū raraunga hinonga, ki nga waahi whatunga ranei. Ko tenei tauira whakaurunga rorohiko ka wetekina te IT hinonga mai i nga mahi me te tiaki i runga ake e pa ana ki nga taputapu tinana. Ka whakapai ake i te kaha o te punaha me te whakarato i nga whiringa hoko me nga whiringa hoko.
Kei te piki haere te maha o nga hinonga e awhi ana i nga horahanga kapua a-iwi mo nga otinga NGFW. Ko tetahi take nui mo tenei ko te utu ututage of running virtual appliances in the cloud.
Yet, since CSPs offer a multitude of instance types with varying compute characteristics and pricing, selecting the instance with the best TCO for NGFW can be challenging.
Ko tenei pepa e whakaatu ana i te whakatinanatanga tohutoro NGFW mai i a Intel, i arotau ki nga hangarau Intel, tae atu ki te Hyperscan. Ka tukuna he tohu tohu pono mo te tohu mahi NGFW i runga i nga papaaho Intel. Kua whakauruhia hei waahanga o te kete Pūmanawa Tohutoro NetSec a Intel. Ka whakaratohia ano hoki e matou te Utauta Whakawhitinga Whakawhitinga Kapua-maha (MCNAT) i roto i te kete kotahi hei whakaaunoa i te tukunga o te whakatinanatanga tohutoro NGFW ki runga i nga kaiwhakarato kapua kua tohua. Ko te MCNAT he whakamaarama i te tātaritanga TCO mo nga tauira rorohiko rereke me te arahi i nga kaiwhakamahi ki te tauira rorohiko tino pai mo NGFW.
Tena koa whakapā atu ki nga kaituhi ki te ako atu mo te kete NetSec Reference Software.
Tuhinga o mua Tuhinga
| Arotakenga | Rā | Whakaahuatanga |
| 001 | Poutū-te-rangi 2025 | Tukunga tuatahi. |
1.1 Kupu Kupu
Ripanga 1. Nga kupu kupu
| Whakapoto | Whakaahuatanga |
| DFA | Deterministic Finite Automaton |
| DPI | Te Tirohanga Paike Hohonu |
| HTTP | Kawa Whakawhiti Kuputuhiitua |
| IDS/IPS | Intrusion Detection and Prevention System |
| ISA | Hangahanga Tautuhi Tohutohu |
| MCNAT | Multi-Cloud Networking Automation Tool |
| NFA | Non-deterministic Finite Automaton |
| NGFW | Next-generation Firewall |
| PCAP | Hopu Pakete |
| PCRE | Perl Compatible Regular Expressions Library |
| Regex | Whakaaturanga Tonu |
| SASE | Tapa Ratonga Uru Haumaru |
| SIMD | Single Instruction Multiple Data Technology |
| TCP | Kawa Whakawhiti Whakawhiti |
| URI | Tautuhi Rauemi Uniform |
| WAF | Web Pātūahi Taupānga |
1.2 Tuhinga Tohutoro
Ripanga 2. Tuhinga Tohutoro
Background and Motivation
I tenei ra, ko te nuinga o nga kaihoko NGFW kua toro atu o ratou tapuwae mai i nga taputapu NGFW tinana ki nga otinga NGFW mariko ka taea te tuku ki te kapua a te iwi. Kei te piki haere te whakatamarikitanga kapua NGFW na runga i nga painga e whai ake nei:
- Scalability: easily scale up or scale down cross-geo compute resources to meet performance requirements.
- Cost effectiveness: flexible subscription to allow pay per use. Eliminates capital expenditure (capex) and reduces operational costs associated with physical appliances.
- Native integration with cloud services: seamless integration with public cloud services such as networking, access controls and AI/ML tools.
- Cloud workloads protection: local traffic filtering for enterprise workloads hosted on public cloud.
The reduced cost of running the NGFW workload in the public cloud is an attractive proposition for enterprise use cases.
However, selecting the instance with the best performance and TCO for NGFW is challenging, given a wide range of cloud instance options are available with various CPUs, memory sizes, IO bandwidth, and each is priced differently. We have developed NGFW Reference Implementation to help with performance and TCO analysis of different public cloud instances based on Intel processors. We will demonstrate performance and performance per dollar metrics as a guide for choosing the right Intel-based instances for NGFW solutions on public cloud services such as AWS and GCP.
NGFW Reference Implementation
Intel developed the NetSec Reference Software package (latest release 25.05) which delivers optimized reference solutions leveraging ISAs and accelerators available in the newest Intel CPUs and platforms to demonstrate optimized performance at the on-prem enterprise infrastructure and on the cloud. The reference software is available under Intel Proprietary License (IPL).
The key highlights of this software package are:
- Includes a broad portfolio of reference solutions for networking and security, AI frameworks for cloud and enterprise data centers and edge locations.
- Allows time to market and rapid adoption of Intel technologies.
- Source code is available that allows replicating deployment scenarios and testing environments on Intel platforms.
Please contact authors to learn more about obtaining the latest release of the NetSec Reference Software.
As a critical part of NetSec Reference Software package, NGFW reference implementation drives the NGFW performance characteristics and TCO analysis on Intel platforms. We deliver seamless integration of Intel technologies such as Hyperscan in the NGFW reference implementation. It builds a solid foundation for NGFW analysis on Intel platforms. Since different Intel hardware platforms offer different capabilities from compute to IO, the NGFW reference implementation presents a clearer view of platform capabilities for NGFW workloads and helps show performance comparisons between generations of Intel processors. It delivers thorough insights on metrics, including compute performance, memory bandwidth, IO bandwidth, and power consumption. Based on performance test results, we can further conduct TCO analysis (with performance per dollar) on Intel platforms used for NGFW.
The latest release (25.05) of NGFW reference implementation includes the following key features:
- Basic stateful firewall
- Pūnaha Ārai Whakauru (IPS)
- Support of cutting-edge Intel processors including Intel® Xeon® 6 processors, Intel Xeon 6 SoC, etc.
Future releases are planned to implement the following additional features:
- VPN inspection: IPsec decryption of traffic for content inspection
- TLS inspection: a TLS Proxy to terminate the connections between a client and a server and then perform content inspection on the plaintext traffic.
3.1 Hangahanga Pūnaha
Figure 1 shows the overall system architecture. We leverage open-source software as the foundation to build the system:
- VPP provides a high-performance data plane solution with basic stateful firewall functions, including stateful ACLs. We spawn multiple VPP threads with configured core affinity. Each VPP worker thread is pinned to a dedicated CPU core or an execution thread.
- Snort 3 is chosen as IPS, which supports multi-threading. Snort worker threads are pinned to dedicated CPU cores or execution threads.
- Snort and VPP are integrated using the Snort plugin to VPP. This uses a set of queue pairs for sending packets between VPP and Snort. The queue pairs and the packets themselves are stored in shared memory. We developed a new Data Acquisition (DAQ) component for Snort, which we call the VPP Zero Copy (ZC) DAQ. This implements the Snort DAQ API functions to receive and transmit packets by reading from and writing to the relevant queues. Because the payload is in shared memory, we consider this a Zero-Copy implementation.
Since Snort 3 is a compute-intensive workload that requires more computing resources than data plane processing, we are trying to configure an optimized processor core allocation and balance between the number of VPP threads and Snort3 threads to get the highest system level performance on the running hardware platform.
Figure 2 (on page 6) shows the graph node within VPP, including those that are part of the ACL and Snort plugins. I whakawhanakehia e matou e rua nga waahanga kauwhata VPP hou:
- snort-enq: makes a load-balancing decision about which Snort thread should process the packet and then enqueues the packet to the corresponding queue.
- snort-deq: implemented as an input node that polls from multiple queues, one per Snort worker thread.
3.2 Intel Optimizations
Ko ta maatau whakatinanatanga tohutoro NGFW he mea whakamuatage of the following optimizations:
- Snort leverages the Hyperscan high-performance multiple regex matching library to provide a significant boost in performance compared to the default search engine in Snort. Figure 3 highlights Hyperscan integration with Snort to
accelerate both literal machng and regex matching performance. Snort 3 provides native integration with Hyperscan where users can turn on Hyperscan either via config file kōwhiringa rārangi whakahau ranei.
- VPP takes advantage of Receive Side Scaling (RSS) in Intel® Ethernet Network Adapters to distribute traffic across multiple VPP worker threads.
- Intel QAT and Intel AVX-512 instructions: Future releases that support IPsec and TLS will be taking advantage of crypto acceleration technologies from Intel. Intel QAT accelerates crypto performance, especially the public key cryptography which is widely used for establishing network connections. Intel AVX-512 also boosts cryptographic performance, including VPMADD52 (multiply and accumulation operations), vector AES (vector version of the Intel AES-NI instructions), vPCLMUL (vectorized carry-less multiply, used to optimize AES-GCM), and Intel® Secure Hash Algorithm – New Instructions (Intel® SHA-NI).
Cloud Deployment of NGFW Reference Implementation
4.1 Whirihoranga Pūnaha
Ripanga 3. Whakaritenga whakamatautau
| Inenga | Uara |
| Whakamahi Take | Cleartext Inspection (FW + IPS) |
| Traffic Profile | HTTP 64KB GET (1 GET per Connection) |
| VPP ACLs | Yes (2 stateful ACLs) |
| Snort Rules | Lightspd (~49k rules) |
| Snort Policy | Security (~21k rules enabled) |
Ka aro atu matou ki nga ahuatanga tirotiro kupu marama i runga i nga keehi whakamahi me nga KPI i RFC9411. Ka taea e te kaihanga waka te hanga i nga whakawhitinga HTTP 64KB me te tono 1 GET mo ia hononga. Kua whirihorahia nga ACL hei tuku i nga IP i roto i nga kupenga-roto kua tohua. I tangohia e matou nga ture Snort Lightspd me te kaupapa here haumarutanga mai i Cisco mo te tohu tohu. I reira ano he tūmau i whakatapua ki te tuku tono mai i nga kaihanga waka.
As shown in Figure 4 and Figure 5, the system topology includes three primary instance nodes: a client, a server and a proxy for public cloud deployment. There is also a bastion node to serve connections from user. Both client (running WRK) and server (running Nginx) have a single dedicated data-plane network interface, and the proxy (running NGFW) has two data-plane network interfaces for testing. Data-plane network interfaces are attached to dedicated subnet A (client-proxy) and subnet B (proxy-server) which maintain isolation from instance management traffic. Dedicated IP address ranges are defined with corresponding routing and ACL rules programmed onto the infrastructure to allow flow of traffic.
4.2 Whakaritenga Pūnaha
Ko te MCNAT he taputapu rorohiko i whakawhanakehia e Intel e whakarato ana i te aunoatanga mo nga mahi whakahiatotanga o nga mahi whatunga i runga i te kapua whanui me te tuku whakaaro mo te kowhiri i te tauira kapua pai rawa atu i runga i te mahi me te utu.
Kua whirihorahia te MCNAT ma te raupapa o te profiles, ka tautuhia e ia nga taurangi me nga tautuhinga e hiahiatia ana mo ia tauira. Kei ia momo tauira tana ake profile ka taea te tuku ki te taputapu MCNAT CLI ki te tuku i taua momo tauira motuhake ki runga i tetahi kaiwhakarato ratonga kapua (CSP). ExampKo te whakamahinga raina whakahau e whakaatuhia ana i raro me te Ripanga 4.
Ripanga 4. MCNAT Whakamahi Raina Whakahau
| Kōwhiringa | Whakaahuatanga |
| – tohatoha | Ka tohutohu i te taputapu ki te hanga i te horahanga hou |
| -u | Ka tautuhi ko wai nga tohu kaiwhakamahi hei whakamahi |
| -c | CSP ki te hanga tukunga ki runga (AWS, GCP, aha atu) |
| -s | Tauari hei horahanga |
| -p | Profile ki te whakamahi |
Ka taea e te taputapu raina whakahau MCNAT te hanga me te tuku tauira i roto i te taahiraa kotahi. Ina tukuna te tauira, ka hangaia e nga waahanga whirihoranga pou te whirihoranga SSH e tika ana kia uru atu ai te tauira.
4.3 Tohu Paerewa Pūnaha
Once MCNAT has deployed the instances, all performance tests can run using the MCNAT application toolkit.
First, we need to configure test cases at tools/mcn/applications/configurations/ngfw-intel/ngfw-intel.json as below:
Na ka taea e tatou te whakamahi i te exampte whakahau i raro ki te whakarewa i te whakamatautau. Ko te DEPLOYMENT_PATH te waahi e penapenahia ai te ahuatanga whakangao taiao, hei tauira, taputapu/mcn/hanganga/hanganga/examples/ngfw-ntel/gcp/terraform.tfstate. d/tfws_default.
Ka whakahaerehia e ia te NGFW me etahi huinga ture mo te hokohoko http i hangaia e WRK i runga i te kiritaki, i te wa e titi ana i te whānuitanga o nga uho PTM, ki te kohikohi i te huinga katoa o nga tau mahi mo te tauira i raro i te whakamatautau. Ka oti nga whakamatautau, ka whakahōputuhia nga raraunga katoa hei csv ka whakahokia ki te kaiwhakamahi.
Performance and Cost Evaluation
In this section, we compare NGFW deployments on different cloud instances based on Intel Xeon processors at AWS and GCP.
This gives guidance on finding the most suitable cloud instance type for NGFW based on performance and cost. We choose instances with 4 vCPUs as they are recommended by most NGFW vendors. Results on AWS and GCP include:
- NGFW performance on small instance types that host 4 vCPUs with Intel® Hyper-Threading Technology (Intel® HT Technology) and Hyperscan enabled.
- Generation-to-generation performance gains from 1st Gen Intel Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
- Generation-to-generation performance per dollar gain from 1st Gen Inte® Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
5.1 Whakamahinga AWS
5.1.1 Rarangi Momo Tauira
Ripanga 5. AWS Tauira me te Reiti Haora i runga i te tono
| Instance Type | Tauira PTM | vCPU | Pūmahara (GB) | Network performance (Gbps) | On-demand hourly rate ($) |
| c5-xlarge | 2nd Gen Intel® Xeon® Scalable processors | 4 | 8 | 10 | 0.17 |
| c5n-xnui | 1st Gen Intel® Xeon® Scalable processors | 4 | 10.5 | 25 | 0.216 |
| c6i-xnui | 3rd Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.17 |
| c6in-xnui | 3rd Gen Intel Xeon Scalable processors | 4 | 8 | 30 | 0.2268 |
| c7i-xnui | 4th Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.1785 |
Ko te Ripanga 5 e whakaatu ana i te mutungaview o nga tauira AWS ka whakamahia e matou. Tena koa tirohia te Whirihoranga Paerewa mo etahi atu korero mo te turanga. Ka whakarārangihia hoki te ho i runga i te tonourly rate (https://aws.amazon.com/ec2/pricing/on-demand/) for all instances. The above was the ondemand rate at the time of publishing this paper and focuses on the US west coast.
The on-demand hourly rate might vary with the region, availability, corporate accounts, and other factors.
5.1.2 Hua
Ko te ahua 6 e whakatairite ana i nga mahi me nga mahinga mo ia haora i runga i nga momo tauira katoa kua whakahuahia i tenei wa:
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5.xlarge (based on 2nd Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor)
shows a 1.97x performance improvement. - Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5n.xlarge (based on 1st Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor) shows a 1.88x performance/hour rate improvement.
5.2 Tukunga GCP
5.2.1 Rarangi Momo Tauira
Ripanga 6. Nga Tikanga GCP me nga Reiti Haora i runga i te tono
| Instance Type | Tauira PTM | vCPU | Pūmahara (GB) | Default egress bandwidth (Gbps) | On-demand hourly rate ($) |
| n1-std-4 | 1st Gen Intel® Xeon® Pūtukatuka tauineine |
4 | 15 | 10 | 0.189999 |
| n2-std-4 | 3rd Gen Intel® Xeon® Pūtukatuka tauineine |
4 | 16 | 10 | 0.194236 |
| c3-std-4 | 4th Gen Intel® Xeon® Pūtukatuka tauineine |
4 | 16 | 23 | 0.201608 |
| n4-std-4 | 5th Gen Intel® Xeon® Pūtukatuka tauineine |
4 | 16 | 10 | 0.189544 |
| c4-std-4 | 5th Gen Intel® Xeon® Pūtukatuka tauineine |
4 | 15 | 23 | 0.23761913 |
Ko te Ripanga 6 e whakaatu ana i te mutungaview o nga tauira GCP e whakamahia ana e matou. Tena koa tirohia te Whirihoranga Paerewa mo etahi atu korero mo te turanga. Ka whakarārangihia hoki te ho i runga i te tonourly rate (https://cloud.google.com/compute/vm-instance-pricing?hl=en) for all instances. The above was the on-demand rate at the time of publishing this paper and focuses on the US west coast. The on-demand hourlKa rereke pea te reiti ki te rohe, te waatea, nga kaute umanga, me etahi atu mea.
5.2.2 Hua
Ko te ahua 7 e whakatairite ana i nga mahi me nga mahinga mo ia haora i runga i nga momo tauira katoa kua whakahuahia i tenei wa:
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.68x performance improvement.
- Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.15x performance/hour rate improvement.
Whakarāpopototanga
Na te piki haere o nga tauira tuku maha me te ranu-kapua, ko te tuku otinga NGFW i runga i te kapua a te iwi he whakamarumaru tonu puta noa i nga taiao, te tauine ki te whakatutuki i nga whakaritenga haumaru, me te ngawari me te iti o nga mahi tiaki. Ka tukuna e nga kaihoko haumarutanga whatunga nga otinga NGFW me nga momo momo tauira kapua i runga i te kapua whanui. He mea nui ki te whakaiti i te utu katoa o te mana pupuri (TCO) me te whakanui i te hokinga mai mo te haumi (ROI) me te tauira kapua tika. Ko nga mea nui hei whakaaro ko nga rauemi rorohiko, te bandwidth whatunga, me te utu. I whakamahia e matou te whakatinanatanga tohutoro NGFW hei kawenga mahi me te whakamahi i te MCNAT hei whakaaunoa i te tukunga me te whakamatautau ki nga momo tauira kapua a-iwi. I runga i o maatau tohu tohu, ko nga tauira me te reanga hou o nga kaiwhakatika Intel Xeon Scalable i runga i te AWS (whakamahia e te 4th Intel Xeon Scalable processors) me te GCP (whakamahia e te 5th Intel Xeon Scalable processors) e tuku ana i nga mahi me nga whakapainga TCO. Ka whakapai ake ratou i te mahinga ki runga ki te 2.68x me te tere o ia haora ki te 2.15x i runga i nga reanga o mua. Ka whakaputahia e tenei arotake nga tohutoro pakari mo te kowhiri i nga tauira kapua a-iwi mo te NGFW.
Tāpiritanga A Whirihoranga Pūhara
Whirihoranga Papa
c5-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8275CL CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x5003801, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c5n-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 10.5GB (1×10.5GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x2007006, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c6i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c6in-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c7i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8488C CPU @ 2.40GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 4800 MT/s [Unknown]), BIOS 1.0, microcode 0x2b000620, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n1-std-4 – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.00GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
n2-std-4 – Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c3-std-4 – Test by Intel as of 03/14/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8481C CPU @ 2.70GHz @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.10GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.30GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
Tāpiritanga B Intel NGFW Reference Software Configuration
| Whirihoranga Pūmanawa | Putanga Pūmanawa |
| OS Kaihautū | Ubuntu 22.04 LTS |
| Kernel | 6.8.0-1025 |
| Kaihanga | GCC 11.4.0 |
| WRK | 74eb9437 |
| WRK2 | 44a94c17 |
| VPP | 24.02 |
| Hongi | 3.1.36.0 |
| DAQ | 3.0.9 |
| LuaJIT | 2.1.0-beta3 |
| Libpcap | 1.10.1 |
| PCRE | 8.45 |
| ZLIB | 1.2.11 |
| Hikumatawai | 5.6.1 |
| LZMA | 5.2.5 |
| NGINX | 1.22.1 |
| DPDK | 23.11 |
He rereke te mahinga ma te whakamahi, te whirihoranga me etahi atu mea. Ako atu i www.Intel.com/PerformanceIndex.
Ko nga hua mahi i ahu mai i nga whakamatautau i nga ra e whakaatuhia ana i roto i nga whirihoranga me te kore pea e whakaata i nga whakahoutanga katoa e waatea ana. Tirohia te taapiri mo nga taipitopito whirihoranga. Kaore he hua, he waahanga ranei e tino haumaru.
Ka whakakorehia e Intel nga whakamana katoa e whakaatu ana, e whakaatu ana hoki, tae atu ki te kore e herea, nga whakamanatanga e tika ana mo te hokohoko, te whai oranga mo tetahi kaupapa, me te kore takahi, tae atu ki etahi whakamana i puta mai i te mahinga, te mahi, te whakamahi ranei i te hokohoko.
Ka hiahia pea nga hangarau Intel ki nga taputapu, rorohiko, ratonga ranei.
Kaore a Intel i te whakahaere, i te tirotiro ranei i nga raraunga tuatoru. Me korero koe ki etahi atu puna korero hei arotake i te tika.
Ko nga hua e whakaahuatia ana kei roto pea he hapa hoahoa, he hapa ranei e kiia nei he errata tera pea ka kotiti ke te hua mai i nga korero kua whakaputaina. E waatea ana nga hapa o naianei i runga i te tono.
© Intel Corporation. Ko Intel, ko te tohu Intel, me etahi atu tohu Intel he tohu hokohoko na Intel Corporation me ona apiti. Ko etahi atu ingoa me etahi atu tohu ka kiia he taonga na etahi atu.
0425/XW/MK/PDF 365150-001US
Tuhinga / Rauemi
 |
Intel Optimize Next Generation Firewalls [pdf] Aratohu Kaiwhakamahi Arotau i te Whakatupuranga Paahi Paahi, Whakapaipai, Te Whakatupuranga Paahi Paahi, Whakatupuranga Paahi, Paahi Paahi |