Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
pkroupod
Employee
Employee
Jump to solution

Difference between the Secure Network Distributor (SND) and CoreXL Dynamic dispatcher?

Can someone please give a clear explanation, what is the difference between the Secure Network Distributor (SND) and CoreXL Dynamic dispatcher?

1 Solution

Accepted Solutions
pkroupod
Employee
Employee

The SND performs acceleration of traffic and if traffic is not accelerated then the SND will dispatch the traffic to the firewall workers, each having their own firewall kernel instance. The SND will distribute traffic evenly based on the amount of connections, however, it may not evenly distribute the load as some connections are "heavier" than others. I believe the heaviness is based on the bit rate value, I will need to verify that. The dynamic dispatcher will be aware of how heavy the connections are, so it will better distribute the load to each firewall worker. To recap, the SND thinks that the load should be distributed based on the amount of connections, but that's not true, because some connections are heavier than others. This is where dynamic dispatcher comes to the rescue.

View solution in original post

(1)
5 Replies
Martin_Valenta
Advisor
Great question from employee..
(1)
G_W_Albrecht
Legend Legend
Legend

Already has been answered in sk105261: CoreXL Dynamic Dispatcher in R77.30 / R80.10 and above

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Black_Cyborg
Participant
Timothy_Hall
Legend Legend
Legend

The best way to explain the difference is to list the responsibilities of cores designated as SND and cores designated as Firewall Instances/Workers.  This information is for R80.10 and earlier:

  • SND/IRQ Core: SXL/Accelerated path packet handling, Accept Template (Connection Rate Acceleration) initial formation, NAT template initial formation (if enabled), Dynamic Dispatcher, Multi-Queue, SoftIRQ processing, antispoofing enforcement
  • Firewall Worker Core: Throughput Acceleration Path Determination (SXL/PXL/F2F), PXL path packet handling, F2F path packet handling, Priority Queues (if enabled), Rule base evaluations/matching, QXL path packet handling, virtual reassembly of IP fragments, antispoofing enforcement, Geo Policy enforcement

Due to the big changes in SecureXL, R80.20 and later is, uh, different.  I have an initial guess of the separation of duties but am still verifying it.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
pkroupod
Employee
Employee

The SND performs acceleration of traffic and if traffic is not accelerated then the SND will dispatch the traffic to the firewall workers, each having their own firewall kernel instance. The SND will distribute traffic evenly based on the amount of connections, however, it may not evenly distribute the load as some connections are "heavier" than others. I believe the heaviness is based on the bit rate value, I will need to verify that. The dynamic dispatcher will be aware of how heavy the connections are, so it will better distribute the load to each firewall worker. To recap, the SND thinks that the load should be distributed based on the amount of connections, but that's not true, because some connections are heavier than others. This is where dynamic dispatcher comes to the rescue.

(1)