CPU cores are divided into two groups: SND (SecureXL) and Firewall instances (CoreXL). Each group handles different tasks.
Tasks distribution:
| Task |
R80.10 |
R80.20+ |
| Soft IRQ processing |
SND |
SND |
| Multi-Queue |
SND |
SND |
| TPUT acceleration & Path determination |
SND |
Firewall |
| Accept templates matching (new connection) & offload to SecureXL |
SND |
Firewall |
| Nat templates matching (new connection) & offload to SecureXL |
SND |
Firewall |
| SecureXL/Acceleration path packet handling |
SND |
SND |
| Dynamic dispatcher |
SND |
SND |
| Fragmentation - IP fragments always sent F2F |
SND |
N/A |
| Fragmentation - Virtual reassembly of IP fragments (non-accelerated) |
Firewall |
Firewall |
| Fragmentation - Virtual reassembly of IP fragments (accelerated) |
Firewall |
SND |
| QoS - Traffic handling (non-accelerated) |
Firewall |
Firewall |
| QoS - Traffic handling (accelerated) |
Firewall |
SND |
| Rule base matching (non-accelerated) |
Firewall |
Firewall |
| Rule base matching (accelerated) |
N/A |
SND |
| PSLXL path packets handling |
Firewall |
Firewall |
| F2F path + CPAS |
Firewall |
Firewall |
| PSLXL, CPASXL paths |
Firewall |
Firewall |
| Priority queue (when enabled) |
Firewall |
Firewall |
| VPN (accelerated) |
SND |
SND |
| VPN (fragmented, compression, HMAC-SHA384, L2TP, Multicast IPsec (GDOI), flagged with accounting) |
Firewall |
Firewall |
| SSL, SNX tunnel, Mobile Access Portal |
Firewall |
Firewall |
Tip:
- CPU cores are divided into two groups: SND and Firewall instances. Each group handles different tasks.
- When one or both groups is/are stressed, the machine cannot function properly.
- Each group can get highly stressed for different reasons.
- It is important to identify which group is the bottleneck in order to track the source of the problem. For more information, refer to sk98348).
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
