Tæknihandbók
Optimize NGFW Performance with
Intel® Xeon® Processors on Public Cloud
Höfundar
Xiang Wang
Jayprakash Patidar
Declan Doherty
Eric Jones
Subhiksha Ravisundar
Heqing Zhu
Inngangur
Eldveggir næstu kynslóðar (NGFW) eru kjarninn í netöryggislausnum. Hefðbundnir eldveggir framkvæma umferðarskoðun með stöðubundinni aðferð, oftast byggt á tengi og samskiptareglum, sem geta ekki varið sig á áhrifaríkan hátt gegn nútíma skaðlegri umferð. NGFW þróast og stækka hefðbundna eldveggi með háþróaðri djúpri pakkaskoðunargetu, þar á meðal innbrotsgreiningar-/varnakerfum (IDS/IPS), spilliforritagreiningu, auðkenningu og stjórnun forrita o.s.frv.
NGFW eru reiknifrek vinnuálag sem framkvæmir til dæmisample, cryptographic operations for network traffic encryption and decryption and heavy rule matching for detecting malicious activities. Intel delivers core technologies to optimize NGFW solutions.
Intel processors are equipped with various instruction set architectures (ISAs), including Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) and Intel® QuickAssist Technology (Intel® QAT) which significantly accelerate crypto performance.
Intel also invests in software optimizations including those for Hyperscan. Hyperscan is a high-performance string and regular expression (regex) matching library. It leverages single instruction multiple data (SIMD) technology on Intel processors to boost pattern-matching performance. Hyperscan integration into NGFW IPS systems such as Snort can improve performance by up to 3x on Intel processors.
NGFW-tæki eru oft afhent sem öryggistæki sem eru sett upp á afvopnuðu svæði (DMZ) í gagnaverum fyrirtækja. Hins vegar er mikil eftirspurn eftir NGFW sýndartækjum eða hugbúnaðarpakka sem hægt er að setja upp í almenningsskýinu, í gagnaverum fyrirtækja eða á jaðri netsins. Þessi hugbúnaðarútfærslulíkan losar upplýsingatæknifyrirtæki undan rekstrar- og viðhaldskostnaði sem tengist efnislegum tækjum. Það bætir sveigjanleika kerfisins og býður upp á sveigjanlega innkaupa- og kaupmöguleika.
Fjöldi fyrirtækja sem nýta sér almenna skýjauppsetningu á NGFW lausnum er sífellt fleiri. Lykilástæða fyrir þessu er kostnaðarhagur.tage of running virtual appliances in the cloud.
Yet, since CSPs offer a multitude of instance types with varying compute characteristics and pricing, selecting the instance with the best TCO for NGFW can be challenging.
Þessi grein kynnir NGFW viðmiðunarútfærslu frá Intel, sem hefur verið fínstillt með Intel tækni, þar á meðal Hyperscan. Hún býður upp á áreiðanlega sönnunargögn fyrir afköst NGFW á Intel kerfum. Hún er hluti af NetSec viðmiðunarhugbúnaðarpakka Intel. Við bjóðum einnig upp á Multi-Cloud Networking Automation Tool (MCNAT) í sama pakka til að sjálfvirknivæða uppsetningu NGFW viðmiðunarútfærslunnar á völdum opinberum skýjaþjónustuaðilum. MCNAT einfaldar TCO greiningu fyrir mismunandi reiknitilvik og leiðbeinir notendum að bestu reiknitilvikinu fyrir NGFW.
Vinsamlegast hafið samband við höfunda til að fá frekari upplýsingar um NetSec tilvísunarhugbúnaðarpakkann.
Endurskoðunarsaga skjala
| Endurskoðun | Dagsetning | Lýsing |
| 001 | mars 2025 | Upphafleg útgáfa. |
1.1 Hugtök
Tafla 1. Hugtök
| Skammstöfun | Lýsing |
| DFA | Deterministic Finite Automaton |
| DPI | Djúp pakkaskoðun |
| HTTP | Hypertext Transfer Protocol |
| IDS/IPS | Intrusion Detection and Prevention System |
| ISA | Kennslusett arkitektúr |
| MCNAT | Multi-Cloud Networking Automation Tool |
| NFA | Non-deterministic Finite Automaton |
| NGFW | Next-generation Firewall |
| PCAP | Pakkataka |
| PCRE | Perl Compatible Regular Expressions Library |
| Regex | Regluleg tjáning |
| SASE | Öruggur aðgangsþjónusta Edge |
| SIMD | Single Instruction Multiple Data Technology |
| TCP | Siðareglur um flutningsstýringu |
| URI | Samræmt auðkenni fyrir auðlindir |
| WAF | Web Umsókn eldveggur |
1.2 Tilvísunarskjöl
Tafla 2. Tilvísunarskjöl
Background and Motivation
Í dag hafa flestir NGFW-framleiðendur aukið umfang sitt frá því að nota raunveruleg NGFW-tæki yfir í sýndar NGFW-lausnir sem hægt er að setja upp í almenningsskýinu. Notkun NGFW í almenningsskýinu er að aukast vegna eftirfarandi ávinnings:
- Scalability: easily scale up or scale down cross-geo compute resources to meet performance requirements.
- Cost effectiveness: flexible subscription to allow pay per use. Eliminates capital expenditure (capex) and reduces operational costs associated with physical appliances.
- Native integration with cloud services: seamless integration with public cloud services such as networking, access controls and AI/ML tools.
- Cloud workloads protection: local traffic filtering for enterprise workloads hosted on public cloud.
The reduced cost of running the NGFW workload in the public cloud is an attractive proposition for enterprise use cases.
However, selecting the instance with the best performance and TCO for NGFW is challenging, given a wide range of cloud instance options are available with various CPUs, memory sizes, IO bandwidth, and each is priced differently. We have developed NGFW Reference Implementation to help with performance and TCO analysis of different public cloud instances based on Intel processors. We will demonstrate performance and performance per dollar metrics as a guide for choosing the right Intel-based instances for NGFW solutions on public cloud services such as AWS and GCP.
NGFW Reference Implementation
Intel developed the NetSec Reference Software package (latest release 25.05) which delivers optimized reference solutions leveraging ISAs and accelerators available in the newest Intel CPUs and platforms to demonstrate optimized performance at the on-prem enterprise infrastructure and on the cloud. The reference software is available under Intel Proprietary License (IPL).
The key highlights of this software package are:
- Includes a broad portfolio of reference solutions for networking and security, AI frameworks for cloud and enterprise data centers and edge locations.
- Allows time to market and rapid adoption of Intel technologies.
- Source code is available that allows replicating deployment scenarios and testing environments on Intel platforms.
Please contact authors to learn more about obtaining the latest release of the NetSec Reference Software.
As a critical part of NetSec Reference Software package, NGFW reference implementation drives the NGFW performance characteristics and TCO analysis on Intel platforms. We deliver seamless integration of Intel technologies such as Hyperscan in the NGFW reference implementation. It builds a solid foundation for NGFW analysis on Intel platforms. Since different Intel hardware platforms offer different capabilities from compute to IO, the NGFW reference implementation presents a clearer view of platform capabilities for NGFW workloads and helps show performance comparisons between generations of Intel processors. It delivers thorough insights on metrics, including compute performance, memory bandwidth, IO bandwidth, and power consumption. Based on performance test results, we can further conduct TCO analysis (with performance per dollar) on Intel platforms used for NGFW.
The latest release (25.05) of NGFW reference implementation includes the following key features:
- Basic stateful firewall
- Innbrotsvarnakerfi (IPS)
- Support of cutting-edge Intel processors including Intel® Xeon® 6 processors, Intel Xeon 6 SoC, etc.
Future releases are planned to implement the following additional features:
- VPN inspection: IPsec decryption of traffic for content inspection
- TLS inspection: a TLS Proxy to terminate the connections between a client and a server and then perform content inspection on the plaintext traffic.
3.1 Kerfisarkitektúr
Figure 1 shows the overall system architecture. We leverage open-source software as the foundation to build the system:
- VPP provides a high-performance data plane solution with basic stateful firewall functions, including stateful ACLs. We spawn multiple VPP threads with configured core affinity. Each VPP worker thread is pinned to a dedicated CPU core or an execution thread.
- Snort 3 is chosen as IPS, which supports multi-threading. Snort worker threads are pinned to dedicated CPU cores or execution threads.
- Snort and VPP are integrated using the Snort plugin to VPP. This uses a set of queue pairs for sending packets between VPP and Snort. The queue pairs and the packets themselves are stored in shared memory. We developed a new Data Acquisition (DAQ) component for Snort, which we call the VPP Zero Copy (ZC) DAQ. This implements the Snort DAQ API functions to receive and transmit packets by reading from and writing to the relevant queues. Because the payload is in shared memory, we consider this a Zero-Copy implementation.
Since Snort 3 is a compute-intensive workload that requires more computing resources than data plane processing, we are trying to configure an optimized processor core allocation and balance between the number of VPP threads and Snort3 threads to get the highest system level performance on the running hardware platform.
Figure 2 (on page 6) shows the graph node within VPP, including those that are part of the ACL and Snort pluginsVið þróuðum tvo nýja VPP grafhnúta:
- snort-enq: makes a load-balancing decision about which Snort thread should process the packet and then enqueues the packet to the corresponding queue.
- snort-deq: implemented as an input node that polls from multiple queues, one per Snort worker thread.
3.2 Intel hagræðingar
NGFW tilvísunarútfærslan okkar nýtur góðs aftage of the following optimizations:
- Snort leverages the Hyperscan high-performance multiple regex matching library to provide a significant boost in performance compared to the default search engine in Snort. Figure 3 highlights Hyperscan integration with Snort to
accelerate both literal machng and regex matching performance. Snort 3 provides native integration with Hyperscan where users can turn on Hyperscan either via config file eða skipanalínuvalkostir.
- VPP takes advantage of Receive Side Scaling (RSS) in Intel® Ethernet Network Adapters to distribute traffic across multiple VPP worker threads.
- Intel QAT and Intel AVX-512 instructions: Future releases that support IPsec and TLS will be taking advantage of crypto acceleration technologies from Intel. Intel QAT accelerates crypto performance, especially the public key cryptography which is widely used for establishing network connections. Intel AVX-512 also boosts cryptographic performance, including VPMADD52 (multiply and accumulation operations), vector AES (vector version of the Intel AES-NI instructions), vPCLMUL (vectorized carry-less multiply, used to optimize AES-GCM), and Intel® Secure Hash Algorithm – New Instructions (Intel® SHA-NI).
Cloud Deployment of NGFW Reference Implementation
4.1 Kerfisstilling
Tafla 3. Prófunarstillingar
| Mæling | Gildi |
| Notkunarmál | Cleartext Inspection (FW + IPS) |
| Traffic Profile | HTTP 64KB GET (1 GET per Connection) |
| VPP ACLs | Yes (2 stateful ACLs) |
| Snort Rules | Lightspd (~49k rules) |
| Snort Policy | Security (~21k rules enabled) |
Við leggjum áherslu á skoðunarsviðsmyndir með skýrum texta byggðar á notkunartilvikum og lykilárangursvísum (KPI) í RFC9411. Umferðarframleiðandinn gæti búið til 64KB HTTP færslur með einni GET beiðni á hverja tengingu. Aðgangsstýringar (ACL) eru stilltar til að leyfa IP tölur í tilgreindum undirnetum. Við notuðum Snort Lightspd reglusettið og öryggisstefnu frá Cisco fyrir viðmiðunarprófanir. Það var einnig sérstakur netþjónn til að afgreiða beiðnir frá umferðarframleiðendum.
As shown in Figure 4 and Figure 5, the system topology includes three primary instance nodes: a client, a server and a proxy for public cloud deployment. There is also a bastion node to serve connections from user. Both client (running WRK) and server (running Nginx) have a single dedicated data-plane network interface, and the proxy (running NGFW) has two data-plane network interfaces for testing. Data-plane network interfaces are attached to dedicated subnet A (client-proxy) and subnet B (proxy-server) which maintain isolation from instance management traffic. Dedicated IP address ranges are defined with corresponding routing and ACL rules programmed onto the infrastructure to allow flow of traffic.
4.2 Kerfisuppsetning
MCNAT er hugbúnaðartól þróað af Intel sem býður upp á sjálfvirkni fyrir óaðfinnanlega dreifingu netvinnuálags á almenningsskýi og býður upp á tillögur um val á besta skýjatilvikinu út frá afköstum og kostnaði.
MCNAT er stillt með röð af faglegumfiles, þar sem hvert skilgreinir breytur og stillingar sem krafist er fyrir hvert tilvik. Hvert tilvikstegund hefur sína eigin eiginleika.file sem síðan er hægt að senda til MCNAT CLI tólsins til að dreifa þeirri tilteknu tegund tilviks á tilteknum skýjaþjónustuaðila (CSP).ampNotkun skipanalínunnar er sýnd hér að neðan og í töflu 4.
Tafla 4. Notkun MCNAT skipanalínu
| Valkostur | Lýsing |
| –dreifa | Leiðbeinir tólinu um að búa til nýja dreifingu |
| -u | Skilgreinir hvaða notendaupplýsingar á að nota |
| -c | CSP til að búa til dreifingu á (AWS, GCP, o.s.frv.) |
| -s | Atburðarás til að dreifa |
| -p | Profile að nota |
Skipanalínutólið MCNAT getur smíðað og dreift tilvikum í einu skrefi. Þegar tilvikið hefur verið dreift, búa skrefin eftir stillingu til nauðsynlegar SSH stillingar til að leyfa aðgang að tilvikinu.
4.3 Kerfisviðmiðun
Once MCNAT has deployed the instances, all performance tests can run using the MCNAT application toolkit.
First, we need to configure test cases at tools/mcn/applications/configurations/ngfw-intel/ngfw-intel.json as below:
Þá getum við notað fyrrverandiample skipunina hér að neðan til að ræsa prófunina. DEPLOYMENT_PATH er þar sem dreifingarstaða markumhverfisins er geymd, t.d. tools/mcn/infrastructure/infrastructure/examples/ngfw-ntel/gcp/terraform.tfstate. d/tfws_default.
Það keyrir NGFW með tilteknum reglum um http-umferð sem WRK býr til á notanda, en festir fjölda örgjörvakjarna til að safna saman fullum afköstum fyrir tilvikið sem verið er að prófa. Þegar prófunum er lokið eru öll gögnin sniðin sem csv-skrá og send aftur til notandans.
Performance and Cost Evaluation
In this section, we compare NGFW deployments on different cloud instances based on Intel Xeon processors at AWS and GCP.
This gives guidance on finding the most suitable cloud instance type for NGFW based on performance and cost. We choose instances with 4 vCPUs as they are recommended by most NGFW vendors. Results on AWS and GCP include:
- NGFW performance on small instance types that host 4 vCPUs with Intel® Hyper-Threading Technology (Intel® HT Technology) and Hyperscan enabled.
- Generation-to-generation performance gains from 1st Gen Intel Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
- Generation-to-generation performance per dollar gain from 1st Gen Inte® Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
5.1 AWS innleiðing
5.1.1 Listi yfir tilvikategundir
Tafla 5. AWS tilvik og tímagjöld fyrir eftirspurn
| Instance Type | CPU líkan | vCPU | Minni (GB) | Network performance (Gbps) | On-demand hourly rate ($) |
| c5-xlarge | 2nd Gen Intel® Xeon® Scalable processors | 4 | 8 | 10 | 0.17 |
| c5n-xlarge | 1st Gen Intel® Xeon® Scalable processors | 4 | 10.5 | 25 | 0.216 |
| c6i-xlarge | 3rd Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.17 |
| c6 tommur - stór | 3rd Gen Intel Xeon Scalable processors | 4 | 8 | 30 | 0.2268 |
| c7i-xlarge | 4th Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.1785 |
Tafla 5 sýnir yfirview af AWS tilvikum sem við notum. Vinsamlegast skoðið stillingar á kerfinu fyrir frekari upplýsingar um kerfið. Þar er einnig listi yfir þjónustu á eftirspurn.urly rate (https://aws.amazon.com/ec2/pricing/on-demand/) for all instances. The above was the ondemand rate at the time of publishing this paper and focuses on the US west coast.
The on-demand hourly rate might vary with the region, availability, corporate accounts, and other factors.
5.1.2 Niðurstöður
Mynd 6 ber saman afköst og afköst á klukkustund fyrir allar tilvikagerðir sem nefndar hafa verið hingað til:
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5.xlarge (based on 2nd Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor)
shows a 1.97x performance improvement. - Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5n.xlarge (based on 1st Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor) shows a 1.88x performance/hour rate improvement.
5.2 GCP innleiðing
5.2.1 Listi yfir tilvikategundir
Tafla 6. GCP tilvik og tímagjöld á eftirspurn
| Instance Type | CPU líkan | vCPU | Minni (GB) | Default egress bandwidth (Gbps) | On-demand hourly rate ($) |
| n1-staðall-4 | 1st Gen Intel® Xeon® Skalanlegir örgjörvar |
4 | 15 | 10 | 0.189999 |
| n2-staðall-4 | 3rd Gen Intel® Xeon® Skalanlegir örgjörvar |
4 | 16 | 10 | 0.194236 |
| c3-staðall-4 | 4th Gen Intel® Xeon® Skalanlegir örgjörvar |
4 | 16 | 23 | 0.201608 |
| n4-staðall-4 | 5th Gen Intel® Xeon® Skalanlegir örgjörvar |
4 | 16 | 10 | 0.189544 |
| c4-staðall-4 | 5th Gen Intel® Xeon® Skalanlegir örgjörvar |
4 | 15 | 23 | 0.23761913 |
Tafla 6 sýnir yfirview af GCP tilvikum sem við notum. Vinsamlegast skoðið stillingar kerfisins fyrir frekari upplýsingar um kerfið. Þar er einnig listi yfir stillingar á eftirspurn.urly rate (https://cloud.google.com/compute/vm-instance-pricing?hl=en) for all instances. The above was the on-demand rate at the time of publishing this paper and focuses on the US west coast. The on-demand hourlY-hlutfallið getur verið breytilegt eftir svæðum, framboði, fyrirtækjareikningum og öðrum þáttum.
5.2.2 Niðurstöður
Mynd 7 ber saman afköst og afköst á klukkustund fyrir allar tilvikagerðir sem nefndar hafa verið hingað til:
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.68x performance improvement.
- Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.15x performance/hour rate improvement.
Samantekt
Með vaxandi notkun fjöl- og blönduðu skýjadreifingarlíkana veitir afhending NGFW-lausna á almenningsskýi samræmda vernd í öllum umhverfum, sveigjanleika til að uppfylla öryggiskröfur og einfaldleika með lágmarks viðhaldsfyrirhöfn. Netöryggisframleiðendur bjóða upp á NGFW-lausnir með fjölbreyttum gerðum skýjatilvika á almenningsskýi. Það er mikilvægt að lágmarka heildarkostnað við eignarhald (TCO) og hámarka arðsemi fjárfestingar (ROI) með réttu skýjatilvikinu. Lykilþættir sem þarf að hafa í huga eru reikniauðlindir, netbandvídd og verð. Við notuðum NGFW-viðmiðunarútfærslu sem dæmigert vinnuálag og nýttum MCNAT til að sjálfvirknivæða dreifingu og prófanir á mismunandi gerðum almenningsskýjatilvika. Samkvæmt viðmiðum okkar skila tilvik með nýjustu kynslóð Intel Xeon Scalable örgjörva á AWS (knúið af 4. Intel Xeon Scalable örgjörvum) og GCP (knúið af 5. Intel Xeon Scalable örgjörvum) bæði afköstum og TCO. Þau bæta afköstin um allt að 2.68x og afköst á klukkustund um allt að 2.15x miðað við fyrri kynslóðir. Þetta mat gefur traustar viðmiðanir um val á Intel-byggðum almenningsskýjatilvikum fyrir NGFW.
Viðauki A Stillingar kerfis
Stillingar vettvangs
c5-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8275CL CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x5003801, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c5n-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 10.5GB (1×10.5GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x2007006, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c6i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c6in-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c7i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8488C CPU @ 2.40GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 4800 MT/s [Unknown]), BIOS 1.0, microcode 0x2b000620, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n1-std-4 – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.00GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
n2-std-4 – Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c3-std-4 – Test by Intel as of 03/14/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8481C CPU @ 2.70GHz @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.10GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.30GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
Viðauki B Uppsetning Intel NGFW tilvísunarhugbúnaðar
| Hugbúnaðarstillingar | Hugbúnaðarútgáfa |
| Host OS | Ubuntu 22.04 LTS |
| Kjarni | 6.8.0-1025 |
| Þjálfari | GCC 11.4.0 |
| WRK | 74eb9437 |
| WRK2 | 44a94c17 |
| VPP | 24.02 |
| Fnýst | 3.1.36.0 |
| DAQ | 3.0.9 |
| LuaJIT | 2.1.0-beta3 |
| Libpcap | 1.10.1 |
| PCRE | 8.45 |
| ZLIB | 1.2.11 |
| Ofurskönnun | 5.6.1 |
| LZMA | 5.2.5 |
| NGINX | 1.22.1 |
| DPDK | 23.11 |
Afköst eru mismunandi eftir notkun, uppsetningu og öðrum þáttum. Frekari upplýsingar á www.Intel.com/PerformanceIndex.
Niðurstöður árangurs byggjast á prófunum frá og með dagsetningum sem sýndar eru í stillingum og endurspegla ef til vill ekki allar opinberar uppfærslur. Sjá öryggisafrit fyrir upplýsingar um stillingar. Engin vara eða hluti getur verið algerlega örugg.
Intel afsalar sér öllum óbeinum og óbeinum ábyrgðum, þar með talið, án takmarkana, óbeinum ábyrgðum um söluhæfni, hæfni í ákveðnum tilgangi og að ekki sé brotið, sem og hvers kyns ábyrgð sem stafar af frammistöðu, viðskiptum eða notkun í viðskiptum.
Intel tækni kann að þurfa að virkja vélbúnað, hugbúnað eða þjónustu.
Intel stjórnar ekki eða endurskoðar gögn frá þriðja aðila. Þú ættir að hafa samband við aðrar heimildir til að meta nákvæmni.
Vörurnar sem lýst er geta innihaldið hönnunargalla eða villur sem kallast errata sem geta valdið því að varan víki frá birtum forskriftum. Núverandi einkennandi errata eru fáanlegar ef óskað er.
© Intel Corporation. Intel, Intel lógóið og önnur Intel merki eru vörumerki Intel Corporation eða dótturfélaga þess. Önnur nöfn og vörumerki má gera tilkall til sem eign annarra.
0425/XW/MK/PDF 365150-001US
Skjöl / auðlindir
 |
Intel fínstillir næstu kynslóð eldveggja [pdfNotendahandbók Fínstilla næstu kynslóð eldveggja, Fínstilla, næstu kynslóð eldveggja, kynslóð eldveggja, eldveggir |