Migrating Unicore Network Packet Processing Applications to Multicore
|
|
- Magnus Blair
- 6 years ago
- Views:
Transcription
1 August, 2009 Migrating Unicore Network Packet Processing Applications to Multicore Challenges and Techniques (1.0) Wilson Lo Architect, Network Software Division, NMG service names are the property of their respective owners. Freescale Semiconductor, Inc
2 Outline Characteristics of Unicore Network Packet Processing Applications Potential areas to be considered for multicore migration Multicore Migration Strategies (SoC with homogenous cores) SMP/AMP/Hybrid/Partitioning Advantages/Disadvantages Deep Dive into SMP Strategies for multicore-based real applications Stateless Packet processing applications E.g. Routers/Bridges Stateful Packet processing Applications E.g. Stateful Inspection Firewall Proxy-based Applications E.g. POP3, IMAP Proxy with Anti Virus & Anti Spam, Web Proxy with URL Filtering QorIQ P4080 features for SMP/AMP/Hybrid Examples for Migration Models Example for SMP Model Example for Hybrid Model service names are the property of their respective owners. Freescale Semiconductor, Inc
3 Unicore Network Packet Processing Applications - Characteristics service names are the property of their respective owners. Freescale Semiconductor, Inc
4 Stateless Packet Processing Applications - Characteristics Examples Characteristics No Special State maintained across packets Switches, Routers etc. Lookup tables e.g. Routing DB/Forwarding DB - Looked up on a per packet basis (Frequent reads) - DB update infrequent (Infrequent writes) - Potential large number of routes/fdb entries Statistics - Updated on per packet basis (Frequent writes) - Read by management applications (Infrequent reads) Packet ordering - Typically packets are not re-ordered, with exceptions such as QoS service names are the property of their respective owners. Freescale Semiconductor, Inc
5 Stateful Packet Processing Applications - Characteristics Examples Characteristics Session data structure to track states across packets belonging to a connection -Session Lookup and update on per packet basis (Frequent reads and Frequent Writes) Typically millions of sessions maintained in a Session Table Sessions fairly independent of each other, with a few exceptions Stateful Inspection Firewall, IPS, IPSec-VPN etc. Simultaneous access of a session across multiple processing contexts is infrequent Deletion based on inactivity/lifetime and/or special packets Packet Ordering -Packet re-ordering across sessions is not expected. -Packets should not be re-ordered within a flow Offload accelerators - Pattern matching engine, Security Engine Configuration Data -Frequent access upon session creation (Frequent reads) -Infrequent updates by management agents Statistics -Update within a session - Frequent updates on a per packet basis -Update across a session Relatively infrequent, but not necessarily small. -Infrequent reads by management applications. service names are the property of their respective owners. Freescale Semiconductor, Inc
6 Proxy Applications - Characteristics Examples Characteristics SMTP, IMAP, POP3 Proxy with Anti Virus/Anti Spam, HTTP Proxy with URL Filtering, etc. Socket based applications typically multithreaded -Master and Worker, threads or processes -Threads/Processes handle multiple sessions Session fairly independent of each other, with some exceptions Offload dedicated computational chores to other processes. service names are the property of their respective owners. Freescale Semiconductor, Inc
7 Application Migration Strategy for Multicore service names are the property of their respective owners. Freescale Semiconductor, Inc
8 Migration Strategies Asymmetric Multiprocessing (AMP) Single Image Multifunction AMP Map different functions of application to different cores SINGLE IMAGE AMP CORE-1 -Function 1 IMAGE-1 Packets visit multiple cores for different function processing Queues and Inherent pipelining Example Firewall/IPS/IPSec-VPN in three different cores CORE-2 -Function 2 CORE-3 -Function 3 service names are the property of their respective owners. Freescale Semiconductor, Inc
9 Migration Strategies AMP (Contd..) Multiple independent applications Independent application images or functions mapped to different cores In this scenario, packets are distributed such that a given packet needs to visit only one specific core for application processing. Example - Based on VLAN ID to customer mapping, a specific core could be dedicated to particular customer MULIPLE INDEPENDENT APPS CORE-1 -Function 1 CORE-2 -Function 1 IMAGE-1 IMAGE-2 MULTI IMAGE AMP CORE-1 -Function 1 CORE-2 -Function 2 IMAGE1 IMAGE2 Multi Image AMP Simple variation of Single Image AMP Different images run on different cores each offering a specific function Packets visit images through queues for complete processing Use Case Integration with third party images CORE-3 -Function 1 Fig-1 IMAGE-3 CORE-3 -Function 3 Fig-2 IMAGE3 service names are the property of their respective owners. Freescale Semiconductor, Inc
10 Migration Strategies Symmetric Multiprocessing (SMP) All cores do all functions; no need for function to core mapping Packets typically visit one core for all processing Runs packet processing to completion Example Use Case Security Appliance that includes Firewall, IPSec-VPN and IPS functions running on Linux Kernel or Bare Metal OS SINGLE IMAGE SMP IMAGE1 CORE-1 -Function 1 -Function 2 -Function 3 CORE-2 -Function 1 -Function 2 -Function 3 CORE 3 -Function 1 -Function 2 -Function 3 service names are the property of their respective owners. Freescale Semiconductor, Inc
11 Migration Strategies Hybrid SMP and AMP SMP and AMP in single image Some functions in SMP mode on some cores Some functions in AMP on some cores Queues between the functions Example - Some cores running Firewall/VPN/IPS in SMP mode, One core running SSL-VPN and the other core running Proxy applications Single Image CORE-1 SMP -Function 1 Function 2 Function 3 CORE-2 SMP -Function 1 Function 2 Function 3 CORE-3 AMP -Function4 IMAGE 1 CORE-4 AMP -Function5 service names are the property of their respective owners. Freescale Semiconductor, Inc
12 Migration Strategies Hybrid SMP and AMP (contd..) SMP and AMP in separate images (Partitioning) Some cores run SMP image Some cores run AMP image Queues between the images E.g.- Third party or legacy application integration SMP And AMP Image CORE-1 -Function 1 Function 2 Function 3 CORE-2 -Function 1 Function 2 Function 3 IMAGE 1 SMP SMP and SMP Image CORE-1 -Function 1 Function 2 Function 3 CORE-2 -Function 1 Function 2 Function 3 IMAGE 1 SMP Multiple SMP Images used in AMP model (Partitioning) Some cores run one SMP image Some cores run another SMP image Queues for communication between images E.g. Control Plane/Data Plane model. CORE-3 -Function4 CORE-4 -Function5 Fig-1 IMAGE 2 AMP IMAGE 3 AMP Fig-2 CORE-1 -Function 4 Function 5 CORE-2 -Function 4 Function 5 IMAGE 2 SMP service names are the property of their respective owners. Freescale Semiconductor, Inc
13 Comparison Migration Strategies AMP (Single Image or Multiple Images) Advantages Minimal and easier changes in code; Fast development Efficient use of core specific caches for code (IC) Disadvantages Pipelining Issues Latency may increase Out of order Each core runs different functions. Since some packets may have to traverse additional cores for required processing while others do not, there is high chance of out-of-order packet delivery. Uneven core utilization Difficult to predict traffic behavior Some functions require more cycles than others Scaling issues when there is less functionality and more cores available to map. SMP Better utilization of processing power Any core can do any work. Cores are not reserved for functionality. Improved latency No pipelining issues Code changes may be required. Single threaded user space applications, Linux kernel space or bare metal applications do require code changes Possible performance Impact [*] Cache thrashing if cache is dedicated to the core Contention for protected shared data In AMP memory required for each function has to be reserved and assigned at design time In SMP memory is accessed by all cores and does not require any reservation. [*] SMP Techniques discussed later in this session help in reducing the performance degradation due to SMP service names are the property of their respective owners. Freescale Semiconductor, Inc
14 Implementation of SMP Strategies for Multicore-based Real Applications service names are the property of their respective owners. Freescale Semiconductor, Inc
15 Stateless Application - Migration into SMP Mapping Techniques Characteristics No special state maintained across packets Lookup Tables -Potential large number of routes/fdb entries -Looked up on a per packet basis (Frequent reads) -DB update infrequent (Infrequent writes) Statistics -Updated on per packet basis (Frequent writes) -Read by management applications (Infrequent reads) Packet ordering - Typically packets are not re-ordered, with exceptions such as QoS Mapping Technique No special considerations Read/Write lock for routing table, forwarding table -Packet forwarding with read lock -Routing table update with write locks -Per core statistics + consolidation -Decorated storage(p4080) Special hardware features such as ORP in P4080 service names are the property of their respective owners. Freescale Semiconductor, Inc
16 Stateless Application - Migration into SMP Other Details Expectations from multicore hardware for packet distribution Packet Distribution -Interface based -VLAN header based -3 Tuple based -Round Robin scheduling of interrupts to cores Priority-based scheduling -When core asks for work, hardware returns the next packet based on QoS priority. Performance degradation due to SMP How to mitigate? Most multicore processors mitigate cache thrashing by having shared L2/L3 cache. Contention for protected shared resources is much less because of infrequent updates. service names are the property of their respective owners. Freescale Semiconductor, Inc
17 Stateful Application - Migration into SMP Mapping Techniques Characteristics Session to track states across packets belonging to a connection -Frequent reads (Lookup) and writes (updates) on per packet basis Sessions maintained in Session Table Sessions fairly independent of each other, with few exceptions Simultaneous access of session across multiple processing contexts Deletion based on inactivity/lifetime and/or special packets Packet Ordering -Packet re-ordering is not expected. -Packets should not be re-ordered within a flow as new packets processing is impacted by state left by previous packet of the session. Configuration data -Frequent reads (upon session creation) and Infrequent writes (upon update) Statistics -Update within a session - Frequent updates on a per packet basis -Update across a session Relatively infrequent, but not necessarily small. -Infrequent reads by management applications. Mapping Technique Session parallelization technique Map multiple sessions across multiple cores such that one session is processed by only one core at any point of time. Read/Write Lock Write mode for session creation and deletion; read mode during packet processing Use locks Use Reference counting technique Multi-step delete handling i.e.- Mark first, delete later Special hardware features such as ORP, FMAN capabilities in P4080 Backlog queue in session parallelization technique Read/Write Lock Read mode for packet processing; Write mode during update Within a session -Implicitly handled by session parallelization technique Across session -Decorated storage (P4080) /Per core statistics service names are the property of their respective owners. Freescale Semiconductor, Inc
18 Stateful Application - Migration into SMP Session Parallelization Technique Why it is needed Removes unnecessary core spinning if same session were to be processed simultaneously by multiple cores Description of Technique One session being processed in only one core at any point of time While core x processes session a, core y can process session b and so on. Multiple sessions mapped to multiple cores Variations of Technique Static session pinning to core where all packets of a given session can be made to be processed by same core by hardware packet distribution No Static session to core affinity. Packets of a given session can be processed by different cores at different times service names are the property of their respective owners. Freescale Semiconductor, Inc
19 Stateful Application - Migration into SMP Session Parallelization Technique Received Packet Session Lookup Core 1 Backlog Q Empty Session IN USE == NO, Set Session IN USE Session Function 1 Session Function 2 Backlog Q!= EMPTY; Dequeue Packet Received Packet Session Lookup Session IN USE == YES Core 2 Queue in Backlog Q Exit to Main Loop; Process next pkt Received Packet Session Lookup Session IN USE == YES Core 3 Queue in Backlog Q t0 t1 t2 t3 Exit to Main loop; Process Next packet service names are the property of their respective owners. Freescale Semiconductor, Inc
20 Stateful Application - Migration into SMP Other Techniques Technique Why it is needed Description Reference counting Deletion handling Operations on a session such as deletion or update may happen simultaneously from different cores. Because multiple references may be held, immediate deletion is not possible Increment reference count while session is being accessed. Decrement reference count when session is no longer needed. When reference is held, the session cannot be freed. Multi-step deletion Markup for deletion and subsequent cleanup Critical section Avoid race conditions Use Locks Improve performance by using fine-grained locks service names are the property of their respective owners. Freescale Semiconductor, Inc
21 Stateful Application - Migration into SMP Other Details Expectations from multicore hardware for packet distribution Packet Distribution -Interface based -VLAN header based -3 Tuple based or 5 Tuple based -Round Robin scheduling of interrupts to cores Priority based scheduling -When core asks for work, hardware returns the next packet based on QoS priority. Performance degradation due to SMP How to mitigate? Most multicore processors mitigate cache thrashing impact by having shared L2/L3 cache. By virtue of session parallelization technique, resource contention is greatly reduced. service names are the property of their respective owners. Freescale Semiconductor, Inc
22 Proxy Applications- Migration into SMP Characteristics Mapping Socket-based applications typically multithreaded Master and Worker, threads or processes Threads/Processes handle multiple sessions Sessions fairly independent of each other, with some exceptions Assign threads/processes to cores Use Mutex/Spin-locks to protect critical section/resources Offload dedicated computational chores to other processes Assign threads/processes to cores. service names are the property of their respective owners. Freescale Semiconductor, Inc
23 Memory Migration into SMP Memory and Performance Implications Marginal increase in memory requirement To support locks Per core statistics variables duplicate variables across cores Queues and variables required for Session parallelization technique Performance If there is no resource contention, there is no performance degradation. Quantification In a pure firewall application, performance increases almost linearly with more cores. If firewall has features such as rate limiting across sessions etc. (which causes some resource contention) there could be around 5 to 10% performance degradation. service names are the property of their respective owners. Freescale Semiconductor, Inc
24 QorIQ P4080 Processor service names are the property of their respective owners. Freescale Semiconductor, Inc
25 QorIQ P4080 Processor Feature FMAN QMAN ODP/ORP Decorated Storage Shared L3 cache Hypervisor Support Atomic variable Enabling Applications for Multicore Packet distribution Inter-function/Inter-Image Queuing in AMP/SMP or hybrid model Packet order preservation and restoration Statistics Mitigates cache thrashing Partitioning in AMP/SMP/hybrid model References, Critical resources Lock routines required in SMP are typically available in Linux or bare metal OS service names are the property of their respective owners. Freescale Semiconductor, Inc
26 Migration Models - Examples service names are the property of their respective owners. Freescale Semiconductor, Inc
27 Model SMP Model All cores running all functionality in SMP Mode Functionality Firewall IPSec-VPN IPS Anti-X Proxies TCP/IP Anti-X SMTP/S Proxy POP3/S Proxy HTTP Proxy L3/L4 Attack Defense Migration Model Single Image SMP VortiQa Software with U for Enterprises IKEV1/v2 PKI (SCEP,OCSP) XAUTH, EAP IRAS, IRAC L2TPoIPSEC ACLs Embedded Management: CLI, HTTP, LDSV, SYSLOG, Firewall/NAT ALGs QoS- Traffic Policing Proxy Infra LAN/WAN Mgmt DHCPC, DHCPS PPPoE, PPTP, L2TP Dyn DNS, DNSRD Routing (RIP v1/v2) IGMP proxy Intrusion Detection & Prevention Engine Session Management P2P/IM Detectio n Engine HA Infra. VSRP HA Monitor HA Xport IPSec Engine QoS- Traffic Shaping Authentication LDAP RADIUS Local DB High Availability User Space Kernel Space Ethernet, VLAN, Bridging, WAN Protocols, WAN Load Balancing Hardware Frame Manager/Ethernet Controller Security Engine (SEC) Pattern Matching Engine service names are the property of their respective owners. Freescale Semiconductor, Inc
28 Model Hybrid Model Control Plane SMP Data Plane SMP CP-DP communication QMAN Functionality Firewall IPSec-VPN IPS/P2P Migration Model Control Plane/Data Plane Hybrid Model VortiQa Software with U for Service Providers IKEV1/v2 L3/L4 Attack Defense PKI (SCEP,OCSP) XAUTH, EAP IRAS, IRAC ACLs Firewall/NAT Embedded Management: CLI, HTTP, LDSV, SYSLOG, ALGs Proxy Infra LAN/WAN Routing Protocols DNSRD DP Monitoring QOS- Traffic Policing & Shaping CP-DP Communications CP-DP Communications Intrusion Detection & Prevention Engine Session Management Authentication LDAP RADIUS Local DB P2P/IM Detection Engine IPSec Engine IP Reassembly CP-DP Database Sync Route Updater ARP Helper Interfaces Helper CP-DP Dynamic Databases Routing Interfaces ARP VSGs Control Plane Data Plane Ethernet Interfaces, VLAN, Bridging Light Weight Executive (LWE) Hardware - Data Path Acceleration Architecture (DPAA) Frame Manager Queue Manager Buffer Manager Security Engine (SEC) Pattern Matching Engine service names are the property of their respective owners. Freescale Semiconductor, Inc
29
VortiQa Software for Networking Equipment
VortiQa Software for Networking Equipment Satish Swarnkar, Director of Engineering Software Products Division, Networking and Multimedia Group 1 Agenda VortiQa Software Announcement & the new Software
More informationVortiQa Software Products Overview: Benefits, Functions and Roadmap
August, 2010 VortiQa Software Products Overview: Benefits, Functions and Roadmap NET-F0745 John Chang Agenda Multicore processing - quick overview VortiQa software functional and architecture overview
More informationVortiQa Software with Unified Threat Management for Service Provider Equipment
July 2009 VortiQa Software with Unified Threat Management for Service Provider Equipment Performance Optimization on QorIQ P4080 Multicore Processor Bharat Mota Director of Engineering, Software Products
More informationVortiQa Software for Enterprise / SMB / Residential Networking Equipment
July 2009 VortiQa Software for Enterprise / SMB / Residential Networking Equipment Satish Swarnkar, Director of Engineering Pravin Kantak, Engineering Manager Software Products Division, Networking and
More informationSoftware Datapath Acceleration for Stateless Packet Processing
June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions
More informationLeveraging Data Plane Acceleration Techniques on the QorIQ P4080 Processor
June 2010 Leveraging Data Plane Acceleration Techniques on the QorIQ P4080 Processor For High-Performance Network Security Applications (v1.0) John Rekesh Software Architect, Software Products Division
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationPerformance Enhancement for IPsec Processing on Multi-Core Systems
Performance Enhancement for IPsec Processing on Multi-Core Systems Sandeep Malik Freescale Semiconductor India Pvt. Ltd IDC Noida, India Ravi Malhotra Freescale Semiconductor India Pvt. Ltd IDC Noida,
More informationBarracuda Firewall Release Notes 6.6.X
Please Read Before Upgrading Before installing the new firmware version, back up your configuration and read all of the release notes that apply to the versions that are more current than the version that
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationDatasheet. Gigabit Router with SFP. Models: ER-4. Sophisticated Routing Features. Next-Generation Price/Performance Value. SFP Port for Fiber Uplink
Gigabit Router with SFP Models: ER-4 Sophisticated Routing Features Next-Generation Price/Performance Value SFP Port for Fiber Uplink Overview Advanced Routing Technology for the Masses Internet Ubiquiti
More informationDrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume
DrayTek Vigor 3900 Technical Specifications WAN Protocol Ethernet PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6 Multi WAN Outbound policy based load balance Allow your local network to access Internet
More informationCisco RV 120W Wireless-N VPN Firewall
Cisco RV 120W Wireless-N VPN Firewall Take Basic Connectivity to a New Level The Cisco RV 120W Wireless-N VPN Firewall combines highly secure connectivity to the Internet as well as from other locations
More informationDatasheet. Gigabit Routers with SFP. Models: ER-4, ER-6P. Sophisticated Routing Features. Next-Generation Price/Performance Value
Datasheet Gigabit Routers with SFP Models: ER-4, ER-6P Sophisticated Routing Features Next-Generation Price/Performance Value SFP Port for Fiber Uplink Datasheet Overview Advanced Routing Technology for
More informationDatasheet. 8-Port 10G SFP+ Router. Model: ER-8-XG. 80 Gbps Aggregate Throughput. 10G Ethernet SFP+ Ports. Hot-Swappable Modular Power Supplies
8-Port 10G SFP+ Router Model: ER-8-XG 80 Gbps Aggregate Throughput 10G Ethernet SFP+ Ports Hot-Swappable Modular Power Supplies Example of Enterprise Deployment 10G Routing Technology for the Masses Ubiquiti
More informationCisco RV180 VPN Router
Cisco RV180 VPN Router Secure, high-performance connectivity at a price you can afford. Figure 1. Cisco RV180 VPN Router (Front Panel) Highlights Affordable, high-performance Gigabit Ethernet ports allow
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-200 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID, User-ID, IPS,
More informationAn Introduction to the QorIQ Data Path Acceleration Architecture (DPAA) AN129
July 14, 2009 An Introduction to the QorIQ Data Path Acceleration Architecture (DPAA) AN129 David Lapp Senior System Architect What is the Datapath Acceleration Architecture (DPAA)? The QorIQ DPAA is a
More informationUnified Services Routers
Product Highlights Comprehensive Management Solution Active-Active WAN port features such as auto WAN failover and load balancing, ICSA-certified firewall, and D-Link Green Technology make this a reliable,
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-3060 PA-3050 PA-3020 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID,
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-3020 PA-500 PA-200 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID,
More informationNGF0401 Instructor Slides
Advanced Site to Site VPN Barracuda NextGen Firewall F VPN Tunnel Routing Separate routing table Default behavior Uses source based routing Creates separate premain routing tables for every VPN tunnel
More informationBarracuda Firewall Release Notes 6.5.x
Please Read Before Upgrading Before installing the new firmware version, back up your configuration and read all of the release notes that apply to the versions that are more current than the version that
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-5050 PA-5020 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID, User-ID,
More informationKVM on Embedded Power Architecture Platforms
KVM on Embedded Power Architecture Platforms Stuart Yoder Software Architect, Freescale Semiconductor Agenda Background Freescale / Networking Embedded Systems Use Cases KVM on Embedded Power New requirements
More informationSecurity with Passion. Endian UTM Virtual Appliance
Security with Passion Endian UTM Virtual Appliance Endian UTM Virtual Appliance Endian UTM Virtual Appliance: Secure and Protect your Virtual Infrastructure Whether you are securing your internal virtual
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationCisco RV110W Wireless-N VPN Firewall
Data Sheet Cisco RV110W Wireless-N VPN Firewall Simple, Secure Connectivity for the Small Office/Home Office Figure 1. Cisco RV110W Wireless-N VPN Firewall The Cisco RV110W Wireless-N VPN Firewall provides
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router. It is designed to operate on small, low-power, Linux-based platforms to extend
More informationFeature. *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
Performance Feature *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID, User-ID, IPS, antivirus
More informationPalo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010
Palo Alto Networks Stallion Spring Seminar -Tech Track Peter Gustafsson, June 2010 About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and
More informationVPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities
Product Highlights Comprehensive Management Solution Advanced features such as WAN failover, load balancing, and integrated firewall help make this a reliable, secure, and flexible way to manage your network.
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-500 PA-220 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID, User-ID,
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
VM-300 VM-200 VM-100 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID,
More information*Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM
VM-300 VM-200 VM-100 Feature Performance *Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM models please refer to hypervisor, cloud specific
More informationBasic Firewall Configuration
Basic Firewall Configuration An Introduction to GTA Firewalls GB-OS Course # 1101 8/26/2013 Global Technology Associates, Inc. 1 Introduction to GTA Firewalls Firewall Administration Serial SSL Initial
More informationQ-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ
Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing
More informationAbout High Availability and Active/Active Clustering
High Availability About High Availability and Active/Active Clustering Displaying High Availability Status Configuring High Availability Fine Tuning High Availability Monitoring High Availability About
More informationCCNA Security. 2.0 Secure Access. 1.0 Security Concepts
1.0 Security Concepts 1.1 Common security principles 1.1.a Describe confidentiality, integrity, availa bility (CIA) 1.1.b Describe SIEM technology 1.1.c Identify common security terms 1.1.d Identify common
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationHigh Availability Synchronization PAN-OS 5.0.3
High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-3020 PA-500 PA-200 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID,
More informationEnabling Efficient and Scalable Zero-Trust Security
WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support
More informationQorIQ P4080 Software Development Kit
July 2009 QorIQ P4080 Software Development Kit Kelly Johnson Applications Engineering service names are the property of their respective owners. Freescale Semiconductor, Inc. 2009. QorIQ P4080 Software
More informationMicrosoft Microsoft TS: MS Internet Security & Acceleration Server 2006, Configuring. Practice Test. Version:
Microsoft 70-351 Microsoft 70-351 TS: MS Internet Security & Acceleration Server 2006, Configuring Practice Test Version: 2.2 QUESTION NO: 1 Your network consists of a single Active Directory domain named
More information"Charting the Course... MOC A Planning, Deploying and Managing Microsoft Forefront TMG Course Summary
Description Course Summary The goal of this three-day instructor-led course is to provide students with the knowledge and skills necessary to effectively plan, deploy and manage Microsoft Forefront Threat
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
Feature PA-7000-20G-NPC PA-5060 Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID,
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-3020 PA-850 PA-820 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID,
More informationNetwork Services, Cloud Computing and Virtualization
Network Services, Cloud Computing and Virtualization Client Side Virtualization Purpose of virtual machines Resource requirements Emulator requirements Security requirements Network requirements Hypervisor
More informationAdvanced Network Routers. Datasheet. Model: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features
Advanced Network Routers Model: ERPro-8, ER-8, ERPoe-5, ERLite-3 Sophisticated Routing Features Advanced Security, Monitoring, and Management High-Performance Gigabit Ports Advanced Routing Technology
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
PA-220 PA-200 Feature Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured with App-ID, User-ID,
More informationASIT-33018PFM. 18-Port Full Gigabit Managed PoE Switch (ASIT-33018PFM) 18-Port Full Gigabit Managed PoE Switch.
() Introduction Description 16 * 10/100/1000M PoE ports + 2 * Gigabit SFP optical ports. L2+ function with better performance of management, safety & QoS etc. Supprt Layer 2 switching function, including
More information*Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM
PA-820 PA-500 Feature Performance *Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM models please refer to hypervisor, cloud specific data sheet
More information*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.
Feature PA-7080 PA-7050 PA-7000-20GQXM-NPC Performance *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2. Threat prevention throughput measured
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationConfiguration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0
Configuration Guide TL-ER5120/TL-ER6020/TL-ER6120 1910012186 REV3.0.0 June 2017 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Viewing Status Information... 2 System
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationNext-Generation Firewall Series Datasheet
RUIJIE NETWORKS COMPANY LIMITED www.ruijienetworks.com Ruijie 1600 Next-Generation Firewall Series Datasheet Ruijie 1600 Firewall Series is a collection of nextgeneration firewall offering security, routing
More informationHTG XROADS NETWORKS. Network Appliance How To Guide: EdgeBPR (Shaping) How To Guide
HTG X XROADS NETWORKS Network Appliance How To Guide: EdgeBPR (Shaping) How To Guide V 3. 8 E D G E N E T W O R K A P P L I A N C E How To Guide EdgeBPR XRoads Networks 17165 Von Karman Suite 112 888-9-XROADS
More informationIntegrate Clavister Firewall
Integrate Clavister Firewall EventTracker v7.x Publication Date: July 7, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The highly acclaimed Clavister cos offers
More informationSurat Smart City Development Ltd. Surat Municipal Corporation 1
Surat Smart City Development Ltd. Surat Municipal Corporation 1 Surat Smart City Development Limited (SSCDL) ADDENDUM AND CORRIGENDUM-1 Name of the work: - [SSCDL-Network-01-2018] The Bidders are requested
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any
More informationUser Guide TL-R470T+/TL-R480T REV9.0.2
User Guide TL-R470T+/TL-R480T+ 1910012468 REV9.0.2 September 2018 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Accessing the Router Overview... 3 Web Interface
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationSystrome Next Gen Firewalls
N E T K S Systrome Next Gen Firewalls Systrome s Next Generation Firewalls provides comprehensive security protection from layer 2 to layer 7 for the mobile Internet era. The new next generation security
More informationFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t he Energy Efficient Solutions logo, mobilegt, PowerQUICC,
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t he Energy Efficient Solutions logo, mobilegt, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More informationHuawei AR1000V Brochure
Huawei AR1000V Brochure AR1000V Brochure AR1000V Brochure Huawei AR1000V is a virtual router based on Network Functions Virtualization (NFV). As a software product, the AR1000V uses the x86 server hardware
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:
Managing and Securing Computer Networks Guy Leduc Chapter 2: Software-Defined Networks (SDN) Mainly based on: Computer Networks and Internets, 6 th Edition Douglas E. Comer Pearson Education, 2015 (Chapter
More informationOverview 1. Service Features 1
Table of Contents Overview 1 Service Features 1 Introduction 1 Feature List 1 Feature Introduction 3 Firewall Web Manual 3 Security Volume 12 Access Volume 14 IP Services Volume 15 IP Routing Volume 16
More informationBIG-IP Local Traffic Management: Basics. Version 12.1
BIG-IP Local Traffic Management: Basics Version 12.1 Table of Contents Table of Contents Introduction to Local Traffic Management...7 About local traffic management...7 About the network map...7 Viewing
More informationPalo Alto Networks PCNSE7 Exam
Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match
More informationChapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.
Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP
More informationRelease README August 2005
Known Issues with this Release and Notes New for this release: 11.4.1 Release README August 2005 Microsoft s 802.11i supplicant is incompatible with NSE s implementation of 802.11i Broadcast packets are
More informationCCNA Routing and Switching (NI )
CCNA Routing and Switching (NI400+401) 150 Hours ` Outline The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that is
More informationIdentify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)
Course Outline Network+ Duration: 5 days (30 hours) Learning Objectives: Install and configure a network card Define the concepts of network layers Understand and implement the TCP/IP protocol Install
More informationBIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III
BIG-IP V11.3: PRODUCT UPDATE David Perodin Field Systems Engineer III Contents V11.3 Product Update 1. BIG-IP v.11.3.0 (Local Traffic Manager & Access Policy Manager) 2. Advanced Firewall Module (AFM)
More informationISG-600 Cloud Gateway
ISG-600 Cloud Gateway Cumilon ISG Integrated Security Gateway Integrated Security Gateway Cumilon ISG-600C cloud gateway is the security product developed by Systrome for the distributed access network
More informationQCVS Frame Distributor Wizard User Guide
NXP Semiconductors Document Number: QCVS_FDW_User_Guide User's Guide Rev. 4.x, 02/2017 QCVS Frame Distributor Wizard User Guide Contents Contents Chapter 1 Frame Distributor Wizard...3 1.1 Introduction...
More informationDraytek Vigor M9000 M2M Industrial Ruggedised Router
Product Name: Manufacturer: - Model Number: M9000 Please Note: The M9000 has been discontinued. The Vigor M9000 is a ruggesised, high-performance router suitable for various industrial applications where
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 The Zyxel is built with remote management and ironclad security for organizations with multiple distributed sites. With an extensive suite of security features including ICSAcertified firewall,
More informationCisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationMax sessions (IPv4 or IPv6) 500, , ,000
PA-3060 PA-3050 PA-3020 Feature Performance App-ID firewall throughput 4 Gbps 4 Gbps 2 Gbps Threat prevention throughput 2 Gbps 2 Gbps 1 Gbps IPSec VPN throughput 500 Mbps 500 Mbps 500 Mbps Connections
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationA Next Generation Home Access Point and Router
A Next Generation Home Access Point and Router Product Marketing Manager Network Communication Technology and Application of the New Generation Points of Discussion Why Do We Need a Next Gen Home Router?
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationIdentity Firewall. About the Identity Firewall
This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History
More informationZyWALL VPN2S VPN Firewall
ZyWALL 2S Firewall The ZyWALL 2S is designed for small businesses, branch offices and home/remote workers. it provides you Internet connections with high reliability, high performance and high security
More informationSpirent Avalanche. Applications and Security Testing Solutions. Application. Features & Benefits. Data Sheet. Network Performance Testing
Data Sheet Spirent Avalanche Spirent s Avalanche Layer 4-7 testing solution provides capacity, security and performance testing for network infrastructures, cloud and virtual environments, Web application
More informationMultiprocessor System. Multiprocessor Systems. Bus Based UMA. Types of Multiprocessors (MPs) Cache Consistency. Bus Based UMA. Chapter 8, 8.
Multiprocessor System Multiprocessor Systems Chapter 8, 8.1 We will look at shared-memory multiprocessors More than one processor sharing the same memory A single CPU can only go so fast Use more than
More informationASACAMP - ASA Lab Camp (5316)
ASACAMP - ASA Lab Camp (5316) Price: $4,595 Cisco Course v1.0 Cisco Security Appliance Software v8.0 Based on our enhanced FIREWALL and VPN courses, this exclusive, lab-based course is designed to provide
More information5.4 Release README January 2005
5.4 Release README January 2005 Known Issues with this Release In rare situations, the NSE may fail to send LCP Echo-Requests to the PPPoE server, even though configured to do so. When this occurs, a physical
More informationConfiguring Virtual Servers
3 CHAPTER This section provides an overview of server load balancing and procedures for configuring virtual servers for load balancing on an ACE appliance. Note When you use the ACE CLI to configure named
More informationIntegrating Microsoft Forefront Threat Management Gateway (TMG)
Integrating Microsoft Forefront Threat Management Gateway (TMG) EventTracker v7.x Publication Date: Sep 16, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This
More informationODP Relationship to NFV. Bill Fischofer, LNG 31 October 2013
ODP Relationship to NFV Bill Fischofer, LNG 31 October 2013 Alphabet Soup NFV - Network Functions Virtualization, a carrier initiative organized under ETSI (European Telecommunications Standards Institute)
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More information