የቴክኖሎጂ መመሪያ
Optimize NGFW Performance with
Intel® Xeon® Processors on Public Cloud
ደራሲያን
Xiang Wang
Jayprakash Patidar
Declan Doherty
Eric Jones
Subhiksha Ravisundar
Heqing Zhu
መግቢያ
የሚቀጥለው ትውልድ ፋየርዎል (NGFWs) የአውታረ መረብ ደህንነት መፍትሔዎች ዋና አካል ናቸው። ባህላዊ ፋየርዎል ዘመናዊ የትራፊክ ፍተሻን ያከናውናሉ፣ በተለይም ወደብ እና ፕሮቶኮል ላይ ተመስርተው ከዘመናዊ ጎጂ ትራፊክ በብቃት መከላከል አይችሉም። NGFWዎች የላቁ የጥልቅ ፓኬት ፍተሻ ችሎታዎች ባላቸው ባህላዊ ፋየርዎሎች ላይ ይሻሻላሉ እና ያስፋፋሉ፣የወረራ ማወቂያ/መከላከያ ስርዓቶች (IDS/IPS)፣ ማልዌር ማወቅ፣ የመተግበሪያ መለያ እና ቁጥጥር፣ ወዘተ.
NGFWዎች በሒሳብ ስሌት የተጠናከረ የሥራ ጫናዎች ናቸው፣ ለምሳሌample, cryptographic operations for network traffic encryption and decryption and heavy rule matching for detecting malicious activities. Intel delivers core technologies to optimize NGFW solutions.
Intel processors are equipped with various instruction set architectures (ISAs), including Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) and Intel® QuickAssist Technology (Intel® QAT) which significantly accelerate crypto performance.
Intel also invests in software optimizations including those for Hyperscan. Hyperscan is a high-performance string and regular expression (regex) matching library. It leverages single instruction multiple data (SIMD) technology on Intel processors to boost pattern-matching performance. Hyperscan integration into NGFW IPS systems such as Snort can improve performance by up to 3x on Intel processors.
NGFWs ብዙውን ጊዜ የሚቀርቡት ከወታደራዊ ነፃ በሆነው የኢንተርፕራይዝ የመረጃ ማእከላት ክልል (DMZ) ውስጥ እንደተሰማራ የደህንነት መሳሪያ ነው። ነገር ግን፣ ለህዝብ ደመና፣ በድርጅት ዳታ ማእከላት ወይም በኔትወርክ ጠርዝ ቦታዎች ላይ ሊሰማሩ የሚችሉ የNGFW ምናባዊ እቃዎች ወይም የሶፍትዌር ፓኬጆች ከፍተኛ ፍላጎት አለ። ይህ የሶፍትዌር ማሰማራት ሞዴል ኢንተርፕራይዝ ITን ከአካላዊ እቃዎች ጋር ከተያያዙ ስራዎች እና የጥገና ወጪዎች ነፃ ያወጣል። የስርአት መስፋፋትን ያሻሽላል እና ተለዋዋጭ የግዥ እና የግዢ አማራጮችን ይሰጣል።
ቁጥራቸው እየጨመረ የመጣ ኢንተርፕራይዞች የ NGFW መፍትሄዎችን የህዝብ ደመና ማሰማራትን እየተቀበሉ ነው። ለዚህ ዋነኛው ምክንያት ወጪ አድቫን ነውtage of running virtual appliances in the cloud.
Yet, since CSPs offer a multitude of instance types with varying compute characteristics and pricing, selecting the instance with the best TCO for NGFW can be challenging.
ይህ ወረቀት ከኢንቴል የNGFW ማጣቀሻ ትግበራን ያስተዋውቃል፣ በIntel ቴክኖሎጂዎች የተመቻቸ፣ ሃይፐርስካንን ጨምሮ። በኢንቴል መድረኮች ላይ ለNGFW የአፈጻጸም ባህሪ አስተማማኝ ማረጋገጫ ነጥብ ያቀርባል። እንደ ኢንቴል ኔትሴክ ሪፈረንስ ሶፍትዌር ጥቅል አካል ሆኖ ተካቷል። እንዲሁም የNGFW ማጣቀሻ ትግበራ በተመረጡ የህዝብ ደመና አቅራቢዎች ላይ በራስ ሰር እንዲሰማራ ለማድረግ የMulti-Cloud Networking Automation Tool (MCNAT)ን በተመሳሳይ ፓኬጅ እናቀርባለን። MCNAT ለተለያዩ የስሌት ምሳሌዎች የTCO ትንታኔን ያቃልላል እና ተጠቃሚዎችን ለኤንጂኤፍደብሊው ጥሩ ስሌት ምሳሌ ይመራቸዋል።
እባክዎ ስለ ኔትሴክ ሪፈረንስ ሶፍትዌር ጥቅል የበለጠ ለማወቅ ደራሲያንን ያግኙ።
የሰነድ ማሻሻያ ታሪክ
| ክለሳ | ቀን | መግለጫ |
| 001 | ማርች 2025 | የመጀመሪያ ልቀት |
1.1 ቃላት
ሠንጠረዥ 1. ቃላቶች
| ምህጻረ ቃል | መግለጫ |
| ዲኤፍኤ | Deterministic Finite Automaton |
| ዲፒአይ | ጥልቅ ፓኬት ምርመራ |
| HTTP | የከፍተኛ ጽሑፍ ማስተላለፍ ፕሮቶኮል |
| መታወቂያ/አይፒኤስ | Intrusion Detection and Prevention System |
| ኢሳ | መመሪያ አዘጋጅ አርክቴክቸር |
| MCNAT | Multi-Cloud Networking Automation Tool |
| ኤንኤፍኤ | Non-deterministic Finite Automaton |
| NGFW | Next-generation Firewall |
| PCAP | ፓኬት ቀረጻ |
| PCRE | Perl Compatible Regular Expressions Library |
| Regex | መደበኛ አገላለጽ |
| SASE | ደህንነቱ የተጠበቀ የመዳረሻ አገልግሎት ጠርዝ |
| ሲምዲ | Single Instruction Multiple Data Technology |
| TCP | የማስተላለፍ ቁጥጥር ፕሮቶኮል |
| ዩአርአይ | ዩኒፎርም ሪሶርስ መለያ |
| ዋፍ | Web የመተግበሪያ ፋየርዎል |
1.2 የማጣቀሻ ሰነዶች
ሠንጠረዥ 2. የማጣቀሻ ሰነዶች
Background and Motivation
ዛሬ፣ አብዛኛዎቹ የNGFW አቅራቢዎች አሻራቸውን ከአካላዊ NGFW ዕቃዎች ወደ ምናባዊ NGFW መፍትሄዎች በሕዝብ ደመና ውስጥ ሊዘረጉ ይችላሉ። በሚከተሉት ጥቅማጥቅሞች ምክንያት የህዝብ ደመና NGFW ማሰማራቶች ጉዲፈቻ ጨምሯል እያዩ ነው፡
- Scalability: easily scale up or scale down cross-geo compute resources to meet performance requirements.
- Cost effectiveness: flexible subscription to allow pay per use. Eliminates capital expenditure (capex) and reduces operational costs associated with physical appliances.
- Native integration with cloud services: seamless integration with public cloud services such as networking, access controls and AI/ML tools.
- Cloud workloads protection: local traffic filtering for enterprise workloads hosted on public cloud.
The reduced cost of running the NGFW workload in the public cloud is an attractive proposition for enterprise use cases.
However, selecting the instance with the best performance and TCO for NGFW is challenging, given a wide range of cloud instance options are available with various CPUs, memory sizes, IO bandwidth, and each is priced differently. We have developed NGFW Reference Implementation to help with performance and TCO analysis of different public cloud instances based on Intel processors. We will demonstrate performance and performance per dollar metrics as a guide for choosing the right Intel-based instances for NGFW solutions on public cloud services such as AWS and GCP.
NGFW Reference Implementation
Intel developed the NetSec Reference Software package (latest release 25.05) which delivers optimized reference solutions leveraging ISAs and accelerators available in the newest Intel CPUs and platforms to demonstrate optimized performance at the on-prem enterprise infrastructure and on the cloud. The reference software is available under Intel Proprietary License (IPL).
The key highlights of this software package are:
- Includes a broad portfolio of reference solutions for networking and security, AI frameworks for cloud and enterprise data centers and edge locations.
- Allows time to market and rapid adoption of Intel technologies.
- Source code is available that allows replicating deployment scenarios and testing environments on Intel platforms.
Please contact authors to learn more about obtaining the latest release of the NetSec Reference Software.
As a critical part of NetSec Reference Software package, NGFW reference implementation drives the NGFW performance characteristics and TCO analysis on Intel platforms. We deliver seamless integration of Intel technologies such as Hyperscan in the NGFW reference implementation. It builds a solid foundation for NGFW analysis on Intel platforms. Since different Intel hardware platforms offer different capabilities from compute to IO, the NGFW reference implementation presents a clearer view of platform capabilities for NGFW workloads and helps show performance comparisons between generations of Intel processors. It delivers thorough insights on metrics, including compute performance, memory bandwidth, IO bandwidth, and power consumption. Based on performance test results, we can further conduct TCO analysis (with performance per dollar) on Intel platforms used for NGFW.
The latest release (25.05) of NGFW reference implementation includes the following key features:
- Basic stateful firewall
- የጣልቃ መከላከያ ስርዓት (አይፒኤስ)
- Support of cutting-edge Intel processors including Intel® Xeon® 6 processors, Intel Xeon 6 SoC, etc.
Future releases are planned to implement the following additional features:
- VPN inspection: IPsec decryption of traffic for content inspection
- TLS inspection: a TLS Proxy to terminate the connections between a client and a server and then perform content inspection on the plaintext traffic.
3.1 የስርዓት አርክቴክቸር
Figure 1 shows the overall system architecture. We leverage open-source software as the foundation to build the system:
- VPP provides a high-performance data plane solution with basic stateful firewall functions, including stateful ACLs. We spawn multiple VPP threads with configured core affinity. Each VPP worker thread is pinned to a dedicated CPU core or an execution thread.
- Snort 3 is chosen as IPS, which supports multi-threading. Snort worker threads are pinned to dedicated CPU cores or execution threads.
- Snort and VPP are integrated using the Snort plugin to VPP. This uses a set of queue pairs for sending packets between VPP and Snort. The queue pairs and the packets themselves are stored in shared memory. We developed a new Data Acquisition (DAQ) component for Snort, which we call the VPP Zero Copy (ZC) DAQ. This implements the Snort DAQ API functions to receive and transmit packets by reading from and writing to the relevant queues. Because the payload is in shared memory, we consider this a Zero-Copy implementation.
Since Snort 3 is a compute-intensive workload that requires more computing resources than data plane processing, we are trying to configure an optimized processor core allocation and balance between the number of VPP threads and Snort3 threads to get the highest system level performance on the running hardware platform.
Figure 2 (on page 6) shows the graph node within VPP, including those that are part of the ACL and Snort plugins. ሁለት አዲስ የቪፒፒ ግራፍ ኖዶችን አዘጋጅተናል፡-
- snort-enq: makes a load-balancing decision about which Snort thread should process the packet and then enqueues the packet to the corresponding queue.
- snort-deq: implemented as an input node that polls from multiple queues, one per Snort worker thread.
3.2 Intel Optimizations
የእኛ የNGFW ማጣቀሻ ትግበራ አድቫን ይወስዳልtage of the following optimizations:
- Snort leverages the Hyperscan high-performance multiple regex matching library to provide a significant boost in performance compared to the default search engine in Snort. Figure 3 highlights Hyperscan integration with Snort to
accelerate both literal machng and regex matching performance. Snort 3 provides native integration with Hyperscan where users can turn on Hyperscan either via config file ወይም የትእዛዝ መስመር አማራጮች።
- VPP takes advantage of Receive Side Scaling (RSS) in Intel® Ethernet Network Adapters to distribute traffic across multiple VPP worker threads.
- Intel QAT and Intel AVX-512 instructions: Future releases that support IPsec and TLS will be taking advantage of crypto acceleration technologies from Intel. Intel QAT accelerates crypto performance, especially the public key cryptography which is widely used for establishing network connections. Intel AVX-512 also boosts cryptographic performance, including VPMADD52 (multiply and accumulation operations), vector AES (vector version of the Intel AES-NI instructions), vPCLMUL (vectorized carry-less multiply, used to optimize AES-GCM), and Intel® Secure Hash Algorithm – New Instructions (Intel® SHA-NI).
Cloud Deployment of NGFW Reference Implementation
4.1 የስርዓት ውቅር
ሠንጠረዥ 3. የሙከራ ውቅሮች
| መለኪያ | ዋጋ |
| መያዣ ይጠቀሙ | Cleartext Inspection (FW + IPS) |
| Traffic Profile | HTTP 64KB GET (1 GET per Connection) |
| VPP ACLs | Yes (2 stateful ACLs) |
| Snort Rules | Lightspd (~49k rules) |
| Snort Policy | Security (~21k rules enabled) |
በአጠቃቀም ጉዳዮች እና በ RFC9411 KPIዎች ላይ በመመስረት ግልጽ ጽሑፍ ፍተሻ ላይ እናተኩራለን። የትራፊክ ጀነሬተር በየግንኙነቱ 64 GET ጥያቄ ያለው የ1KB HTTP ግብይቶችን መፍጠር ይችላል። ኤሲኤሎች በተገለጹት ንዑስ አውታረ መረቦች ውስጥ አይፒዎችን ለመፍቀድ ተዋቅረዋል። ለቤንችማርክ የ Snort Lightspd ደንቦችን እና የደህንነት ፖሊሲን ከሲስኮ ተቀብለናል። ከትራፊክ ማመንጫዎች የሚቀርቡ ጥያቄዎችን ለማቅረብ ራሱን የቻለ አገልጋይም ነበር።
As shown in Figure 4 and Figure 5, the system topology includes three primary instance nodes: a client, a server and a proxy for public cloud deployment. There is also a bastion node to serve connections from user. Both client (running WRK) and server (running Nginx) have a single dedicated data-plane network interface, and the proxy (running NGFW) has two data-plane network interfaces for testing. Data-plane network interfaces are attached to dedicated subnet A (client-proxy) and subnet B (proxy-server) which maintain isolation from instance management traffic. Dedicated IP address ranges are defined with corresponding routing and ACL rules programmed onto the infrastructure to allow flow of traffic.
4.2 የስርዓት መዘርጋት
ኤምሲኤንኤት በIntel የተሰራ የሶፍትዌር መሳሪያ ሲሆን እንከን የለሽ የኔትወርክ የስራ ጫናዎችን በህዝብ ደመና ላይ ለማሰማራት አውቶሜትሽን የሚያቀርብ እና በአፈጻጸም እና ወጪ ላይ ተመስርቶ ምርጡን የደመና ምሳሌ ለመምረጥ ምክሮችን ይሰጣል።
ኤምሲኤንኤቲ የተዋቀረው በተከታታይ ፕሮፌሽናል ነው።files፣ እያንዳንዱ ለእያንዳንዱ ምሳሌ የሚያስፈልጉትን ተለዋዋጮች እና መቼቶች ይገልጻል። እያንዳንዱ የአብነት አይነት የራሱ ፕሮfile ያንን የተወሰነ የአብነት አይነት በተሰጠው የደመና አገልግሎት አቅራቢ (ሲኤስፒ) ላይ ለማሰማራት ወደ MCNAT CLI መሳሪያ ሊተላለፍ ይችላል። ምሳሌampየትእዛዝ መስመር አጠቃቀም ከዚህ በታች እና በሰንጠረዥ 4 ውስጥ ይታያል።
ሠንጠረዥ 4. የMCNAT ትዕዛዝ መስመር አጠቃቀም
| አማራጭ | መግለጫ |
| - ማሰማራት | አዲስ ማሰማራት ለመፍጠር መሳሪያውን ያስተምራል። |
| -u | የትኛዎቹ የተጠቃሚ ምስክርነቶች እንደሚጠቀሙ ይገልጻል |
| -c | በ(AWS፣ GCP፣ ወዘተ) ላይ ማሰማራትን ለመፍጠር CSP |
| -s | ለማሰማራት ሁኔታ |
| -p | ፕሮfile ለመጠቀም |
የኤምሲኤንኤቲ የትእዛዝ መስመር መሳሪያ ምሳሌዎችን በአንድ እርምጃ መገንባት እና ማሰማራት ይችላል። አንዴ ምሳሌው ከተዘረጋ፣ የልጥፍ ውቅር እርምጃዎች ምሳሌው እንዲደረስበት አስፈላጊውን የኤስኤስኤች ውቅር ይፈጥራል።
4.3 የስርዓት ቤንችማርክ
Once MCNAT has deployed the instances, all performance tests can run using the MCNAT application toolkit.
First, we need to configure test cases at tools/mcn/applications/configurations/ngfw-intel/ngfw-intel.json as below:
ከዚያ እኛ የቀድሞውን መጠቀም እንችላለንampሙከራውን ለመጀመር ከዚህ በታች ትእዛዝ ይስጡ። DEPLOYMENT_PATH የታለመው የአካባቢ ማሰማራት ሁኔታ የሚከማችበት ነው፣ ለምሳሌ መሳሪያዎች/mcn/መሠረተ ልማት/መሰረተ ልማት/ለምሳሌamples/ngfw-ntel/gcp/terraform.tfstate. d/tfws_default.
በፈተና ላይ ላለው ምሳሌ የተሟላ የአፈፃፀም ቁጥሮችን ለመሰብሰብ NGFWን በ WRK በደንበኛ በሚመነጨው የ http ትራፊክ ላይ የተወሰኑ ህጎችን ያካሂዳል ፣የተለያዩ ሲፒዩ ኮሮችን እየሰካ። ፈተናዎቹ ሲጠናቀቁ, ሁሉም መረጃዎች እንደ csv ተቀርጾ ወደ ተጠቃሚው ይመለሳል.
Performance and Cost Evaluation
In this section, we compare NGFW deployments on different cloud instances based on Intel Xeon processors at AWS and GCP.
This gives guidance on finding the most suitable cloud instance type for NGFW based on performance and cost. We choose instances with 4 vCPUs as they are recommended by most NGFW vendors. Results on AWS and GCP include:
- NGFW performance on small instance types that host 4 vCPUs with Intel® Hyper-Threading Technology (Intel® HT Technology) and Hyperscan enabled.
- Generation-to-generation performance gains from 1st Gen Intel Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
- Generation-to-generation performance per dollar gain from 1st Gen Inte® Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
5.1 AWS ማሰማራት
5.1.1 የምሳሌ ዓይነት ዝርዝር
ሠንጠረዥ 5. AWS ምሳሌዎች እና በፍላጎት የሰዓት ተመኖች
| Instance Type | የሲፒዩ ሞዴል | vCPU | ማህደረ ትውስታ (ጂቢ) | Network performance (Gbps) | On-demand hourly rate ($) |
| c5-xlarge | 2nd Gen Intel® Xeon® Scalable processors | 4 | 8 | 10 | 0.17 |
| c5n-xትልቅ | 1st Gen Intel® Xeon® Scalable processors | 4 | 10.5 | 25 | 0.216 |
| c6i-xlarge | 3rd Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.17 |
| c6in-xትልቅ | 3rd Gen Intel Xeon Scalable processors | 4 | 8 | 30 | 0.2268 |
| c7i-xlarge | 4th Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.1785 |
ሠንጠረዥ 5 መጨረሻውን ያሳያልview የምንጠቀማቸው የAWS አጋጣሚዎች። ለበለጠ የመድረክ ዝርዝሮች እባክዎን የፕላትፎርም ውቅረትን ይመልከቱ። በተጨማሪም በጥያቄ ላይ ያለውን ሆ ይዘረዝራል።urly rate (https://aws.amazon.com/ec2/pricing/on-demand/) for all instances. The above was the ondemand rate at the time of publishing this paper and focuses on the US west coast.
The on-demand hourly rate might vary with the region, availability, corporate accounts, and other factors.
5.1.2 ውጤቶች
ምስል 6 እስካሁን ከተጠቀሱት ሁሉም የአብነት ዓይነቶች በሰዓት አፈጻጸምን እና አፈጻጸምን ያነጻጽራል።
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5.xlarge (based on 2nd Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor)
shows a 1.97x performance improvement. - Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5n.xlarge (based on 1st Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor) shows a 1.88x performance/hour rate improvement.
5.2 የጂሲፒ ማሰማራት
5.2.1 የምሳሌ ዓይነት ዝርዝር
ሠንጠረዥ 6. የጂሲፒ ምሳሌዎች እና በፍላጎት የሰዓት ተመኖች
| Instance Type | የሲፒዩ ሞዴል | vCPU | ማህደረ ትውስታ (ጂቢ) | Default egress bandwidth (Gbps) | On-demand hourly rate ($) |
| n1-std-4 | 1st Gen Intel® Xeon® ሊለኩ የሚችሉ ማቀነባበሪያዎች |
4 | 15 | 10 | 0.189999 |
| n2-std-4 | 3rd Gen Intel® Xeon® ሊለኩ የሚችሉ ማቀነባበሪያዎች |
4 | 16 | 10 | 0.194236 |
| c3-std-4 | 4th Gen Intel® Xeon® ሊለኩ የሚችሉ ማቀነባበሪያዎች |
4 | 16 | 23 | 0.201608 |
| n4-std-4 | 5th Gen Intel® Xeon® ሊለኩ የሚችሉ ማቀነባበሪያዎች |
4 | 16 | 10 | 0.189544 |
| c4-std-4 | 5th Gen Intel® Xeon® ሊለኩ የሚችሉ ማቀነባበሪያዎች |
4 | 15 | 23 | 0.23761913 |
ሠንጠረዥ 6 መጨረሻውን ያሳያልview የምንጠቀማቸው የጂሲፒ ምሳሌዎች። ለበለጠ የመድረክ ዝርዝሮች እባክዎን የፕላትፎርም ውቅረትን ይመልከቱ። በተጨማሪም በጥያቄ ላይ ያለውን ሆ ይዘረዝራል።urly rate (https://cloud.google.com/compute/vm-instance-pricing?hl=en) for all instances. The above was the on-demand rate at the time of publishing this paper and focuses on the US west coast. The on-demand hourlየዋጋ ተመን እንደ ክልሉ፣ ተገኝነት፣ የድርጅት መለያዎች እና ሌሎች ነገሮች ሊለያይ ይችላል።
5.2.2 ውጤቶች
ምስል 7 እስካሁን ከተጠቀሱት ሁሉም የአብነት ዓይነቶች በሰዓት አፈጻጸምን እና አፈጻጸምን ያነጻጽራል።
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.68x performance improvement.
- Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.15x performance/hour rate improvement.
ማጠቃለያ
የብዝሃ-እና ድብልቅ-ደመና ማሰማራት ሞዴሎች እየጨመረ በመምጣቱ የ NGFW መፍትሄዎችን በሕዝብ ደመና ላይ ማድረስ በሁሉም አከባቢዎች ላይ የማያቋርጥ ጥበቃን ይሰጣል ፣የደህንነት መስፈርቶችን የማሟላት አቅም እና ቀላልነት በትንሹ የጥገና ጥረቶች። የአውታረ መረብ ደህንነት አቅራቢዎች የ NGFW መፍትሄዎችን ከተለያዩ የደመና ምሳሌ አይነቶች ጋር በህዝብ ደመና ላይ ያቀርባሉ። አጠቃላይ የባለቤትነት ወጪን (TCO) መቀነስ እና የኢንቨስትመንት (ROI)ን በትክክለኛው የደመና ምሳሌ ከፍ ለማድረግ ወሳኝ ነው። ሊታሰብባቸው የሚገቡ ዋና ዋና ነገሮች የማስላት ሀብቶችን፣ የኔትወርክ ባንድዊድዝ እና ዋጋን ያካትታሉ። የ NGFW ማጣቀሻ አተገባበርን እንደ ተወካይ የስራ ጫና ተጠቅመን እና ኤምሲኤንኤትን በተለያዩ የህዝብ ደመና ምሳሌ አይነቶች ላይ ማሰማራትን እና ሙከራን በራስ ሰር ለመስራት ተጠቀምን። በእኛ ቤንችማርክ መሰረት፣ በAWS (በ4ኛ ኢንቴል Xeon Scalable ፕሮሰሰር የተጎለበተ) እና ጂሲፒ (በ5ኛ ኢንቴል Xeon Scalable ፕሮሰሰር የተጎለበተ) የቅርብ ጊዜዎቹ የኢንቴል Xeon Scalable ፕሮሰሰር ያላቸው አጋጣሚዎች ሁለቱንም የአፈጻጸም እና የTCO ማሻሻያዎችን ያቀርባሉ። አፈፃፀሙን እስከ 2.68x እና በሰአት አፈጻጸም እስከ 2.15x ከቀደምት ትውልዶች ያሻሽላሉ። ይህ ግምገማ ኢንቴል ላይ የተመሰረቱ የህዝብ ደመና ምሳሌዎችን ለNGFW በመምረጥ ረገድ ጠንካራ ማጣቀሻዎችን ይፈጥራል።
አባሪ የኤ መድረክ ውቅር
የመሣሪያ ስርዓት ውቅሮች
c5-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8275CL CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x5003801, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c5n-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 10.5GB (1×10.5GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x2007006, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c6i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c6in-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c7i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8488C CPU @ 2.40GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 4800 MT/s [Unknown]), BIOS 1.0, microcode 0x2b000620, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n1-std-4 – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.00GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
n2-std-4 – Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c3-std-4 – Test by Intel as of 03/14/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8481C CPU @ 2.70GHz @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.10GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.30GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
አባሪ ቢ ኢንቴል NGFW ማጣቀሻ ሶፍትዌር ውቅር
| የሶፍትዌር ውቅር | የሶፍትዌር ሥሪት |
| አስተናጋጅ ስርዓተ ክወና | ኡቡንቱ 22.04 LTS |
| ከርነል | 6.8.0-1025 |
| አቀናባሪ | GCC 11.4.0 |
| ደብሊው | 74eb9437 |
| WRK2 | 44a94c17 |
| ቪፒፒ | 24.02 |
| Snort | 3.1.36.0 |
| DAQ | 3.0.9 |
| LuaJIT | 2.1.0-beta3 |
| Libpcap | 1.10.1 |
| PCRE | 8.45 |
| ZLIB | 1.2.11 |
| ሃይፐርስካን | 5.6.1 |
| LZMA | 5.2.5 |
| NGINX | 1.22.1 |
| ዲፒዲኬ | 23.11 |
አፈፃፀም በአጠቃቀም ፣ በማዋቀር እና በሌሎች ምክንያቶች ይለያያል። የበለጠ ለመረዳት በ www.Intel.com/PerformanceIndex.
የአፈጻጸም ውጤቶቹ በቅንጅቶች ውስጥ እንደሚታየው በሙከራ ላይ የተመሰረቱ ናቸው እና ሁሉንም በይፋ የሚገኙ ዝመናዎችን ላያንጸባርቁ ይችላሉ። የውቅረት ዝርዝሮችን ለማግኘት ምትኬን ይመልከቱ። ምንም ምርት ወይም አካል ፍጹም ደህንነቱ የተጠበቀ ሊሆን አይችልም።
ኢንቴል ሁሉንም ግልጽ እና የተዘዋዋሪ ዋስትናዎች፣ ያለ ገደብ፣ የተዘዋዋሪ የሸቀጣሸቀጥ ዋስትናዎች፣ ለተወሰነ ዓላማ የአካል ብቃት እና ያለመብት እንዲሁም በአፈጻጸም ሂደት፣ በንግዱ ሂደት ወይም በንግድ አጠቃቀም ላይ የሚነሱ ማናቸውንም ዋስትናዎች ጨምሮ ውድቅ ያደርጋል።
የኢንቴል ቴክኖሎጂዎች የነቃ ሃርድዌር ፣ ሶፍትዌር ወይም የአገልግሎት ማግበር ሊፈልጉ ይችላሉ ፡፡
ኢንቴል የሶስተኛ ወገን መረጃን አይቆጣጠርም ወይም አይመረምርም። ትክክለኛነትን ለመገምገም ሌሎች ምንጮችን ማማከር አለብዎት.
የተገለጹት ምርቶች የንድፍ ጉድለቶች ወይም ኢራታ በመባል የሚታወቁ ስህተቶች ሊይዙ ይችላሉ ይህም ምርቱ ከታተመ ዝርዝር መግለጫዎች እንዲወጣ ሊያደርግ ይችላል። አሁን ያለው ተለይቶ የሚታወቅ ኢራታ በጥያቄ ላይ ይገኛል።
© ኢንቴል ኮርፖሬሽን. ኢንቴል፣ የኢንቴል አርማ እና ሌሎች የኢንቴል ምልክቶች የኢንቴል ኮርፖሬሽን ወይም የስርጭቱ የንግድ ምልክቶች ናቸው። ሌሎች ስሞች እና የንግድ ምልክቶች እንደ ሌሎች ንብረት ሊጠየቁ ይችላሉ።
0425/XW/MK/PDF 365150-001US
ሰነዶች / መርጃዎች
 |
ኢንቴል የሚቀጥለውን ትውልድ ፋየርዎልን ያመቻቹ [pdf] የተጠቃሚ መመሪያ ቀጣይ ትውልድ ፋየርዎልን ያሻሽሉ፣ ያሻሽሉ፣ ቀጣዩ ትውልድ ፋየርዎል፣ ትውልድ ፋየርዎል፣ ፋየርዎል |