Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R80.x - Performance Tuning Tip - SND vs. CoreXL

CoreXL vs. SND


CPU cores are divided into two groups: SND (SecureXL) and Firewall instances (CoreXL). Each group handles different tasks. 

Tasks distribution:

Task R80.10 R80.20+
Soft IRQ processing SND SND
Multi-Queue SND SND
TPUT acceleration & Path determination SND Firewall
Accept templates matching (new connection) & offload to SecureXL SND Firewall
Nat templates matching (new connection) & offload to SecureXL SND Firewall
SecureXL/Acceleration path packet handling SND SND
Dynamic dispatcher SND SND
Fragmentation - IP fragments always sent F2F SND N/A
Fragmentation - Virtual reassembly of IP fragments (non-accelerated) Firewall Firewall
Fragmentation - Virtual reassembly of IP fragments (accelerated) Firewall SND
QoS - Traffic handling (non-accelerated) Firewall Firewall
QoS - Traffic handling (accelerated) Firewall SND
Rule base matching (non-accelerated) Firewall Firewall
Rule base matching (accelerated) N/A SND
PSLXL path packets handling Firewall Firewall
F2F path + CPAS Firewall Firewall
PSLXL, CPASXL paths Firewall Firewall
Priority queue (when enabled) Firewall Firewall
VPN (accelerated) SND SND
VPN (fragmented, compression, HMAC-SHA384, L2TP, Multicast IPsec (GDOI), flagged with accounting) Firewall Firewall
SSL, SNX tunnel, Mobile Access Portal Firewall Firewall

 

Tip:

  • CPU cores are divided into two groups: SND and Firewall instances. Each group handles different tasks. 
  • When one or both groups is/are stressed, the machine cannot function properly.
  • Each group can get highly stressed for different reasons.
  • It is important to identify which group is the bottleneck in order to track the source of the problem. For more information, refer to sk98348). 
2 Replies
Highlighted
Participant

Is there also information about:

- Anti-Bot

- AV

- Application Control

- IPS

Highlighted
Participant

Interesting overview.

0 Kudos
Reply