Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
| Lightspeed Overview |
|---|
The new Quantum Lightspeed firewalls (QLS250, QLS 450, QLS 650, QLS 800) are much better in performance because they use NVIDIA ASIC's on ConnectX NIC’s with accelerated packet processing technology.
Faster firewall security at line-rate speed
- 250 to 800 Gbps Hyper-Fast througput
- Ultra low latency at 3us (10 x faster as GAIA software)
- Scalability up to 3 Tbps with Maestro (MLS 200, MLS 400 - available Q2/2022)
- Acceleration of elephant flows
| Lightspeed Design |
|---|
Only traffic on the same NVIDIA network card can be accelerated by Lightspeed.
Network traffic between different network cards cannot be accelerated by Lightspeed (uses regular flow and speed).
An important point at the moment is that only firewall traffic can be optimised via Lightspeed on the same network card. As soon as traffic has to be analysed by F2F path or PSLXL path - for example by the IPS blade - the connection is not optimised by Lightspeed.
Security Gateway does not support these features when you install a NVIDIA 2-port 100G Card:
- ClusterXL in the Load Sharing mode or Active-Active mode.
- VSX mode
- SecureXL Drop Templates (see sk153832).
- VRRP Cluster.
- Rate Limiting rules for DoS Mitigation configured with the commands 'fwaccel dos deny' and 'fwaccel dos allow' (see sk112454).
| How does it work? |
|---|
1) First packet in every connection validated by security policy check in the CoreXL instance.
2) Approved traffic flow offloaded to Quantum Lightspeed ASIC via rte_flow API
3) Subsequent packetes are secured by accelerated packet processing via NVIDIA ASIC
NVIDIA accelerated packet processing supports the following features on ASIC:
- TCP state validation
- Tunneling and NAT support
- Header validation
- Accelerated firewall packet flow
