I've only just realized I don't know the answer to this after many years with the product.
Without SDF, the following happens:
- Connection 5-tuple -> hash function -> last 8(?) bits determine bucket -> connection processed by fw with bucket
WITH SDF, what changes? We know in particular that...
- Acceleration is neutralized
- It copes better with NAT (tho docs say static manual NAT only, oddly)
So, best guess....it does ONE of...
- Attempts to process NAT rules on mid-TCP packet before determining a bucket
- Relies on a synced state table to actually check the table, and only then decides whether it is the right node to process the packet to completion
- Tries to optimize the source port in NAPT so that it goes in the right bucket for return traffic (unlikely)
- Some unknowable combo of the above.
Not only is the documentation terrible for this (it talks about what SDF might do for you without any hint about how), but no-one even seems to have talked about this. Google turns up nothing. Dameon Welch-Abernathy (or anyone) - can you give us a definitive answer?