HyperFlow will be available in future firewalls R81.20+ and is currently EA.

Integrated with additional existing gateway performance features like Dynamic Balancing, HyperFlow allows seamless gateway tuning and optimization in the way to utilize the hardware.

A growing demand to address different traffic volumes per connection, HyperFlow is designed to automatically tackle such challenges.

In computer networking, an elephant flow is an extremely large (in total bytes) continuous flow set up by a TCP flow measured over a network link. Elephant flows, though not numerous, can occupy a disproportionate share of the total bandwidth over a period of time.

An elephant flow is one single network session made up of a large flow of continuous TCP packets for example, for backup connections or large downloads.

With a single core assigned to process the trffic, there's a limit on the firewall throughput for that connection.This can lead to one core being 100% utilized while other cores do nothing. HyperFlow dynamically add more cores to process an elephant flow and increas the elephant flow througput.

For this purpose CPU cores are automatically used as PPE "parallel processing engine" core that automatically balances available PPE cores. For the management of the elefant flows there is also a PPE_MGR process, which manages the PPE processes.

Now the connection is distributed to several PPE CPU cores. This increases the throughput significantly.

More read here:
Quantum - HyperFlow, Now in EA!

An example:

1) System resources are continuously monitored to detect elephant flow.

2) When an elephant flow is detected multiple cores (PPE) are assigned to process the flow.

3) When the elephant flow is no longer present, the PPE cores are dynamically removed.














Here are some deep dive informations:

The gateway should first separate between the FW instance handling the connection, and HyperFlow cores doing DPI processing. The only thing that is being shared between each FW instance and HyperFlow cores is relevant data for the DPI jobs to be processed in parallel.

Streaming and blade logic layer is still being handled by the FW instance owning the connection.

Packet flow design description:

-      This example showcases a single data packet flow

-      In this case, FW instance 1 is the connection owner

-      PPE Manager dispatches DPI jobs to PPE workers

-      Once the last job is done, a message is sent to FW, notifying that the DPI processing has been completed, allowing it to continue to outbound processing

-      PPE Manager can dispatch jobs to any PPE worker, even for the same connection, allowing multiple buffer’s jobs of the same connection to be processed concurrently

o    For example, multiple PM jobs of different buffers of the same connection can run concurrently on different PPE workers



Special thanks to @Chen_Muchtar  for allowing me to use this information in the forum.