د ټیکنالوژۍ لارښود
Optimize NGFW Performance with
Intel® Xeon® Processors on Public Cloud
لیکوالان
Xiang Wang
Jayprakash Patidar
Declan Doherty
Eric Jones
Subhiksha Ravisundar
Heqing Zhu
پیژندنه
د راتلونکي نسل فایر والونه (NGFWs) د شبکې د امنیت حلونو په زړه کې دي. دودیز فایر والونه د ترافیکو بشپړ تفتیش ترسره کوي، معمولا د پورټ او پروتوکول پراساس چې نشي کولی په مؤثره توګه د عصري ناوړه ترافیک پروړاندې دفاع وکړي. NGFWs د پرمختللي ژورو پیکټ تفتیش وړتیاو سره دودیز فایر والونو ته وده ورکوي او پراخیږي، پشمول د مداخلې کشف / مخنیوي سیسټمونه (IDS/IPS)، مالویر کشف، د غوښتنلیک پیژندنه او کنټرول، او نور.
NGFWs د محاسبې-شدید کاري بارونه دي چې ترسره کوي، د مثال په توګهample, cryptographic operations for network traffic encryption and decryption and heavy rule matching for detecting malicious activities. Intel delivers core technologies to optimize NGFW solutions.
Intel processors are equipped with various instruction set architectures (ISAs), including Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) and Intel® QuickAssist Technology (Intel® QAT) which significantly accelerate crypto performance.
Intel also invests in software optimizations including those for Hyperscan. Hyperscan is a high-performance string and regular expression (regex) matching library. It leverages single instruction multiple data (SIMD) technology on Intel processors to boost pattern-matching performance. Hyperscan integration into NGFW IPS systems such as Snort can improve performance by up to 3x on Intel processors.
NGFWs are often delivered as a security appliance deployed in the demilitarized zone (DMZ) of enterprise data centers. However, there is a strong demand for NGFW virtual appliances or software packages that can be deployed to the public cloud, in enterprise data centers, or at network edge locations. This software deployment model frees up enterprise IT from the operations and maintenance overhead associated with physical appliances. It improves system scalability and provides flexible procurement and purchasinد g انتخابونه.
زیاتوالیasing number of enterprises are embracing public cloud deployments of NGFW solutions. A key reason for this is the cost advantage of running virtual appliances in the cloud.
Yet, since CSPs offer a multitude of instance types with varying compute characteristics and pricing, selecting the instance with the best TCO for NGFW can be challenging.
دا مقاله د انټیل څخه د NGFW حوالې پلي کول معرفي کوي، چې د انټیل ټیکنالوژیو سره غوره شوی، په شمول د هایپرسکن. دا د انټیل پلیټ فارمونو کې د NGFW فعالیت ځانګړتیا لپاره د باور وړ ثبوت ټکی وړاندې کوي. دا د انټیل د NetSec حوالې سافټویر پیکج برخې په توګه شامل دی. موږ په ورته پیکج کې د ملټي کلاوډ شبکې اتومات کولو وسیله (MCNAT) هم چمتو کوو ترڅو په غوره عامه کلاوډ چمتو کونکو کې د NGFW حوالې پلي کولو ځای په ځای کول اتومات کړو. MCNAT د مختلفو محاسبو مثالونو لپاره د TCO تحلیل ساده کوي او کاروونکو ته د NGFW لپاره غوره محاسبې مثال ته لارښوونه کوي.
د NetSec حوالې سافټویر پیکج په اړه د نورو معلوماتو لپاره مهرباني وکړئ د لیکوالانو سره اړیکه ونیسئ.
د اسنادو بیاکتنې تاریخ
| بیاکتنه | نیټه | تفصیل |
| 001 | مارچ ۲۰۲۲ | ابتدايي خوشې کول. |
1.1 اصطلاحات
جدول 1. اصطلاحات
| لنډیز | تفصیل |
| د DFA پاڼې اړوند نور معلومات په فسبوک کې اوګورئ | Deterministic Finite Automaton |
| DPI | ژوره پاکټ معاینه |
| HTTP | د هایپر متن لیږد پروتوکول |
| IDS/IPS | Intrusion Detection and Prevention System |
| داعش | د معمارۍ ترتیب |
| MCNAT | Multi-Cloud Networking Automation Tool |
| NFA | Non-deterministic Finite Automaton |
| NGFW | Next-generation Firewall |
| PCAP | بسته بندي |
| PCRE | Perl Compatible Regular Expressions Library |
| Regex | منظم بیان |
| SASE | د خوندي لاسرسي خدمت څنډه |
| SIMD | Single Instruction Multiple Data Technology |
| TCP | د لیږد د کنټرول پروټوکول |
| URI | یونیفورم سرچینې پیژندونکی |
| WAF | Web د غوښتنلیک فایروال |
1.2 د حوالې اسناد
جدول ۲. د حوالې اسناد
Background and Motivation
نن ورځ، ډیری NGFW پلورونکو خپل نقشونه د فزیکي NGFW وسایلو څخه مجازی NGFW حلونو ته غځولي دي چې په عامه کلاوډ کې ځای په ځای کیدی شي. د عامه کلاوډ NGFW ځای پرځای کول د لاندې ګټو له امله ډیر منل کیږي:
- Scalability: easily scale up or scale down cross-geo compute resources to meet performance requirements.
- Cost effectiveness: flexible subscription to allow pay per use. Eliminates capital expenditure (capex) and reduces operational costs associated with physical appliances.
- Native integration with cloud services: seamless integration with public cloud services such as networking, access controls and AI/ML tools.
- Cloud workloads protection: local traffic filtering for enterprise workloads hosted on public cloud.
The reduced cost of running the NGFW workload in the public cloud is an attractive proposition for enterprise use cases.
However, selecting the instance with the best performance and TCO for NGFW is challenging, given a wide range of cloud instance options are available with various CPUs, memory sizes, IO bandwidth, and each is priced differently. We have developed NGFW Reference Implementation to help with performance and TCO analysis of different public cloud instances based on Intel processors. We will demonstrate performance and performance per dollar metrics as a guide for choosing the right Intel-based instances for NGFW solutions on public cloud services such as AWS and GCP.
NGFW Reference Implementation
Intel developed the NetSec Reference Software package (latest release 25.05) which delivers optimized reference solutions leveraging ISAs and accelerators available in the newest Intel CPUs and platforms to demonstrate optimized performance at the on-prem enterprise infrastructure and on the cloud. The reference software is available under Intel Proprietary License (IPL).
The key highlights of this software package are:
- Includes a broad portfolio of reference solutions for networking and security, AI frameworks for cloud and enterprise data centers and edge locations.
- Allows time to market and rapid adoption of Intel technologies.
- Source code is available that allows replicating deployment scenarios and testing environments on Intel platforms.
Please contact authors to learn more about obtaining the latest release of the NetSec Reference Software.
As a critical part of NetSec Reference Software package, NGFW reference implementation drives the NGFW performance characteristics and TCO analysis on Intel platforms. We deliver seamless integration of Intel technologies such as Hyperscan in the NGFW reference implementation. It builds a solid foundation for NGFW analysis on Intel platforms. Since different Intel hardware platforms offer different capabilities from compute to IO, the NGFW reference implementation presents a clearer view of platform capabilities for NGFW workloads and helps show performance comparisons between generations of Intel processors. It delivers thorough insights on metrics, including compute performance, memory bandwidth, IO bandwidth, and power consumption. Based on performance test results, we can further conduct TCO analysis (with performance per dollar) on Intel platforms used for NGFW.
The latest release (25.05) of NGFW reference implementation includes the following key features:
- Basic stateful firewall
- د نفوذ مخنیوي سیسټم (IPS)
- Support of cutting-edge Intel processors including Intel® Xeon® 6 processors, Intel Xeon 6 SoC, etc.
Future releases are planned to implement the following additional features:
- VPN inspection: IPsec decryption of traffic for content inspection
- TLS inspection: a TLS Proxy to terminate the connections between a client and a server and then perform content inspection on the plaintext traffic.
3.1 د سیسټم جوړښت
Figure 1 shows the overall system architecture. We leverage open-source software as the foundation to build the system:
- VPP provides a high-performance data plane solution with basic stateful firewall functions, including stateful ACLs. We spawn multiple VPP threads with configured core affinity. Each VPP worker thread is pinned to a dedicated CPU core or an execution thread.
- Snort 3 is chosen as IPS, which supports multi-threading. Snort worker threads are pinned to dedicated CPU cores or execution threads.
- Snort and VPP are integrated using the Snort plugin to VPP. This uses a set of queue pairs for sending packets between VPP and Snort. The queue pairs and the packets themselves are stored in shared memory. We developed a new Data Acquisition (DAQ) component for Snort, which we call the VPP Zero Copy (ZC) DAQ. This implements the Snort DAQ API functions to receive and transmit packets by reading from and writing to the relevant queues. Because the payload is in shared memory, we consider this a Zero-Copy implementation.
Since Snort 3 is a compute-intensive workload that requires more computing resources than data plane processing, we are trying to configure an optimized processor core allocation and balance between the number of VPP threads and Snort3 threads to get the highest system level performance on the running hardware platform.
Figure 2 (on page 6) shows the graph node within VPP, including those that are part of the ACL and Snort pluginsموږ دوه نوي VPP ګراف نوډونه رامینځته کړل:
- snort-enq: makes a load-balancing decision about which Snort thread should process the packet and then enqueues the packet to the corresponding queue.
- snort-deq: implemented as an input node that polls from multiple queues, one per Snort worker thread.
۳.۲ د انټل اصلاح کول
زموږ د NGFW حوالې پلي کول ګټور ديtage of the following optimizations:
- Snort leverages the Hyperscan high-performance multiple regex matching library to provide a significant boost in performance compared to the default search engine in Snort. Figure 3 highlights Hyperscan integration with Snort to
accelerate both literal machng and regex matching performance. Snort 3 provides native integration with Hyperscan where users can turn on Hyperscan either via config file یا د قوماندې کرښې انتخابونه.
- VPP takes advantage of Receive Side Scaling (RSS) in Intel® Ethernet Network Adapters to distribute traffic across multiple VPP worker threads.
- Intel QAT and Intel AVX-512 instructions: Future releases that support IPsec and TLS will be taking advantage of crypto acceleration technologies from Intel. Intel QAT accelerates crypto performance, especially the public key cryptography which is widely used for establishing network connections. Intel AVX-512 also boosts cryptographic performance, including VPMADD52 (multiply and accumulation operations), vector AES (vector version of the Intel AES-NI instructions), vPCLMUL (vectorized carry-less multiply, used to optimize AES-GCM), and Intel® Secure Hash Algorithm – New Instructions (Intel® SHA-NI).
Cloud Deployment of NGFW Reference Implementation
4.1 د سیسټم ترتیب
جدول ۳. د ازموینې ترتیبونه
| میټریک | ارزښت |
| قضیه وکاروئ | Cleartext Inspection (FW + IPS) |
| ټرافیک پروfile | HTTP 64KB GET (1 GET per Connection) |
| VPP ACLs | Yes (2 stateful ACLs) |
| Snort Rules | Lightspd (~49k rules) |
| Snort Policy | Security (~21k rules enabled) |
موږ په RFC9411 کې د کارونې قضیو او KPIs پراساس د واضح متن تفتیش سناریوګانو تمرکز کوو. د ترافیک جنراتور کولی شي د هر ارتباط لپاره د 64 GET غوښتنې سره 1KB HTTP لیږدونه رامینځته کړي. ACLs په ټاکل شوي فرعي نیټونو کې د IPs اجازه ورکولو لپاره تنظیم شوي. موږ د بنچمارکینګ لپاره د Snort Lightspd قواعد او د سیسکو څخه د امنیت پالیسي غوره کړه. د ترافیک جنراتورونو څخه غوښتنو ته د خدمت کولو لپاره یو وقف شوی سرور هم شتون درلود.
As shown in Figure 4 and Figure 5, the system topology includes three primary instance nodes: a client, a server and a proxy for public cloud deployment. There is also a bastion node to serve connections from user. Both client (running WRK) and server (running Nginx) have a single dedicated data-plane network interface, and the proxy (running NGFW) has two data-plane network interfaces for testing. Data-plane network interfaces are attached to dedicated subnet A (client-proxy) and subnet B (proxy-server) which maintain isolation from instance management traffic. Dedicated IP address ranges are defined with corresponding routing and ACL rules programmed onto the infrastructure to allow flow of traffic.
۴.۲ د سیسټم ځای پر ځای کول
MCNAT د سافټویر یوه وسیله ده چې د انټیل لخوا رامینځته شوې چې په عامه کلاوډ کې د بې سیمه شبکې کاري بار ځای پرځای کولو لپاره اتوماتیک چمتو کوي او د فعالیت او لګښت پراساس د غوره کلاوډ نمونې غوره کولو لپاره وړاندیزونه وړاندې کوي.
MCNAT د پرو لړۍ له لارې تنظیم شوی دیfiles، هر یو د هر مثال لپاره اړین متغیرات او ترتیبات تعریفوي. د هر مثال ډول خپل مسلکي لريfile کوم چې بیا د MCNAT CLI وسیلې ته لیږدول کیدی شي ترڅو دا ځانګړی ډول په ورکړل شوي کلاوډ خدمت چمتو کونکي (CSP) کې ځای په ځای کړي. مثالampد کمانډ لاین کارول لاندې او په جدول 4 کې ښودل شوي.
جدول ۴. د MCNAT د قوماندې کرښې کارول
| اختیار | تفصیل |
| - ځای پر ځای کول | وسیلې ته لارښوونه کوي چې یو نوی ځای پرځای کول رامینځته کړي |
| -u | تعریفوي چې کوم کارن اسناد باید وکارول شي |
| -c | CSP به په (AWS، GCP، او نورو) کې ځای پرځای کول رامینځته کړي. |
| -s | د ځای پر ځای کولو سناریو |
| -p | پروfile کارول |
د MCNAT د قوماندې لاین وسیله کولی شي په یوه مرحله کې مثالونه جوړ او ځای پر ځای کړي. کله چې مثال ځای پر ځای شي، د پوسټ ترتیب مرحلې اړین SSH ترتیب رامینځته کوي ترڅو مثال ته لاسرسی ومومي.
۴.۳ د سیسټم بنچمارکینګ
Once MCNAT has deployed the instances, all performance tests can run using the MCNAT application toolkit.
First, we need to configure test cases at tools/mcn/applications/configurations/ngfw-intel/ngfw-intel.json as below:
بیا موږ کولی شو پخوانی وکارووampد ازموینې د پیل کولو لپاره لاندې قومانده ورکړئ. DEPLOYMENT_PATH هغه ځای دی چیرې چې د هدف چاپیریال د ځای پرځای کولو حالت زیرمه کیږي، د بیلګې په توګه، tools/mcn/infrastructure/infrastructure/examples/ngfw-ntel/gcp/terraform.tfstate. d/tfws_default.
دا د WRK لخوا په مراجعینو کې د http ټرافیک په اړه د مقرراتو د ټاکل شوي سیټ سره NGFW چلوي، پداسې حال کې چې د CPU کورونو لړۍ پین کوي، ترڅو د ازموینې لاندې مثال لپاره د فعالیت شمیرو بشپړ سیټ راټول کړي. کله چې ازموینې بشپړې شي، ټول معلومات د csv په توګه فارمیټ کیږي او کارونکي ته بیرته راستنیږي.
Performance and Cost Evaluation
In this section, we compare NGFW deployments on different cloud instances based on Intel Xeon processors at AWS and GCP.
This gives guidance on finding the most suitable cloud instance type for NGFW based on performance and cost. We choose instances with 4 vCPUs as they are recommended by most NGFW vendors. Results on AWS and GCP include:
- NGFW performance on small instance types that host 4 vCPUs with Intel® Hyper-Threading Technology (Intel® HT Technology) and Hyperscan enabled.
- Generation-to-generation performance gains from 1st Gen Intel Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
- Generation-to-generation performance per dollar gain from 1st Gen Inte® Xeon Scalable processors to 5th Gen Intel Xeon Scalable processors.
۳.۱ د AWS ځای پرځای کول
۳.۱.۱ د مثال ډول لیست
جدول ۵. د AWS مثالونه او د غوښتنې پر اساس ساعت نرخونه
| Instance Type | د CPU ماډل | vCPU | حافظه (GB) | Network performance (Gbps) | On-demand hourly rate ($) |
| c5-xlarge | 2nd Gen Intel® Xeon® Scalable processors | 4 | 8 | 10 | 0.17 |
| c5n-xlarge | 1st Gen Intel® Xeon® Scalable processors | 4 | 10.5 | 25 | 0.216 |
| c6i-xlarge | 3rd Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.17 |
| c6in-xlarge | 3rd Gen Intel Xeon Scalable processors | 4 | 8 | 30 | 0.2268 |
| c7i-xlarge | 4th Gen Intel® Xeon® Scalable processors | 4 | 8 | 12.5 | 0.1785 |
جدول ۵ دview د AWS مثالونه چې موږ یې کاروو. مهرباني وکړئ د نورو پلیټ فارم توضیحاتو لپاره د پلیټ فارم ترتیب ته مراجعه وکړئ. دا د غوښتنې پر اساس هو هم لیست کويurly rate (https://aws.amazon.com/ec2/pricing/on-demand/) for all instances. The above was the ondemand rate at the time of publishing this paper and focuses on the US west coast.
The on-demand hourly rate might vary with the region, availability, corporate accounts, and other factors.
5.1.2 پایلې
شکل ۶ تر اوسه پورې ذکر شوي ټولو نمونو ډولونو کې فعالیت او د هر ساعت فعالیت پرتله کوي:
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5.xlarge (based on 2nd Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor)
shows a 1.97x performance improvement. - Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from c5n.xlarge (based on 1st Gen Intel Xeon Scalable processor) to c7i.xlarge (based on 4th Gen Intel Xeon Scalable processor) shows a 1.88x performance/hour rate improvement.
۳.۲ د GCP ځای پرځای کول
۳.۱.۱ د مثال ډول لیست
جدول ۶. د GCP مثالونه او د غوښتنې پر اساس ساعت نرخونه
| Instance Type | د CPU ماډل | vCPU | حافظه (GB) | Default egress bandwidth (Gbps) | On-demand hourly rate ($) |
| n1-std-4 | 1st Gen Intel® Xeon® د توزیع وړ پروسیسرونه |
4 | 15 | 10 | 0.189999 |
| n2-std-4 | 3rd Gen Intel® Xeon® د توزیع وړ پروسیسرونه |
4 | 16 | 10 | 0.194236 |
| c3-std-4 | 4th Gen Intel® Xeon® د توزیع وړ پروسیسرونه |
4 | 16 | 23 | 0.201608 |
| n4-std-4 | 5th Gen Intel® Xeon® د توزیع وړ پروسیسرونه |
4 | 16 | 10 | 0.189544 |
| c4-std-4 | 5th Gen Intel® Xeon® د توزیع وړ پروسیسرونه |
4 | 15 | 23 | 0.23761913 |
جدول ۵ دview د GCP مثالونو چې موږ یې کاروو. مهرباني وکړئ د نورو پلیټ فارم توضیحاتو لپاره د پلیټ فارم ترتیب ته مراجعه وکړئ. دا د غوښتنې پر اساس هو هم لیست کويurly rate (https://cloud.google.com/compute/vm-instance-pricing?hl=en) for all instances. The above was the on-demand rate at the time of publishing this paper and focuses on the US west coast. The on-demand hourlد y نرخ ممکن د سیمې، شتون، کارپوریټ حسابونو، او نورو فکتورونو سره توپیر ولري.
5.2.2 پایلې
شکل ۶ تر اوسه پورې ذکر شوي ټولو نمونو ډولونو کې فعالیت او د هر ساعت فعالیت پرتله کوي:
- Performance improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.68x performance improvement.
- Performance per dollar improved with instances based on newer generations of Intel Xeon processors. Upgrading from n1-std-4 (based on 1st Gen Intel Xeon Scalable processor) to c4-std-4 (based on 5th Gen Intel Xeon Scalable processor) shows a 2.15x performance/hour rate improvement.
لنډیز
د زیاتوالي سرهasing adoption of multi- and hybrid-cloud deployment models, delivering NGFW solutions on public cloud provides consistent protection across environments, scalability to meet security requirements, and simplicity with minimal maintenance efforts. Network security vendors offer NGFW solutions with a variety of cloud instance types on public cloud. It’s critical to minimize total cost of ownership (TCO) and maximize return on investment (ROI) with the right cloud instance. The key factors to consider include compute resources, network bandwidth, and price. We used NGFW reference implementation as the representative workload and leveraged MCNAT to automate the deployment and testing on different public cloud instance types. Based on our benchmarking, instances with the latest generation of Intel Xeon Scalable processors on AWS (powered by 4th Intel Xeon Scalable processors) and GCP (powered by 5th Intel Xeon Scalable processors) deliver both performance and TCO improvements. They improve the performance by up to 2.68x and the performance per hour rate by up to 2.15x over prior generations. This evaluation generates solid references on selecting Intel based public cloud instances for NGFW.
د پلیټ فارم ترتیب ضمیمه A
د پلیټ فارم تشکیلات
c5-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8275CL CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x5003801, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c5n-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 10.5GB (1×10.5GB DDR4 2933 MT/s [Unknown]), BIOS 1.0, microcode 0x2007006, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c6i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
c6in-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT/s [Unknown]), BIOS 1.0, microcode 0xd0003f6, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c7i-xlarge – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8488C CPU @ 2.40GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 4800 MT/s [Unknown]), BIOS 1.0, microcode 0x2b000620, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n1-std-4 – “Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.00GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1“
n2-std-4 – Test by Intel as of 03/17/25. 1-node, 1x Intel(R) Xeon(R) CPU @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x device, 1x 32G PersistentDisk, Ubuntu 22.04.5 LTS, 6.8.0-1025gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c3-std-4 – Test by Intel as of 03/14/25. 1-node, 1x Intel(R) Xeon(R) Platinum 8481C CPU @ 2.70GHz @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
n4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.10GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
c4-std-4 – Test by Intel as of 03/18/25. 1-node, 1x Intel(R) Xeon(R) PLATINUM 8581C CPU @ 2.30GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC], 1x 32G nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1”
ضمیمه ب د انټل NGFW حوالې سافټویر ترتیب
| د سافټویر ترتیب | د ساوتري نسخه |
| کوربه OS | اوبنټو 22.04 LTS |
| کرنل | 6.8.0-1025 |
| تالیف کوونکی | GCC 11.4.0 |
| WRK | 74eb9437 |
| WRK2 | ۲۵a۲۳۱c۳ |
| VPP | 24.02 |
| سنورټ | 3.1.36.0 |
| د DAQ | 3.0.9 |
| LuaJIT | 2.1.0-beta3 |
| Libpcap | 1.10.1 |
| PCRE | 8.45 |
| ZLIB | 1.2.11 |
| هایپرسکین | 5.6.1 |
| LZMA | 5.2.5 |
| NGINX | 1.22.1 |
| DPDK | 23.11 |
فعالیت د کارولو، ترتیب او نورو فکتورونو له مخې توپیر لري. نور معلومات په کې زده کړئ www.Intel.com/PerformanceIndex.
د فعالیت پایلې د ازموینې پراساس دي لکه څنګه چې په ترتیبونو کې ښودل شوي نیټې او ممکن ټول عامه موجود تازه معلومات منعکس نه کړي. د تشکیلاتو توضیحاتو لپاره بیک اپ وګورئ. هیڅ محصول یا برخه نشي کولی په بشپړ ډول خوندي وي.
Intel ټول څرګند او ضمیمه تضمینونه ردوي، پشمول د محدودیت پرته، د سوداګریزې وړتیا تضمین شوي تضمین، د یو ځانګړي هدف لپاره فټنس، او غیر سرغړونې، او همدارنګه د فعالیت، معاملې کورس، یا په سوداګرۍ کې د کارونې له لارې هر ډول تضمین.
انٹیل ټیکنالوژي ممکن وړ هارډویر ، سافټویر یا خدمت فعالولو ته اړتیا ولري.
Intel د دریمې ډلې ډاټا کنټرول یا پلټنه نه کوي. تاسو باید د دقت ارزولو لپاره نورو سرچینو سره مشوره وکړئ.
تشریح شوي محصولات ممکن د ډیزاین نیمګړتیاوې یا غلطۍ ولري چې د خطا په نوم پیژندل کیږي کوم چې ممکن محصول د خپاره شوي مشخصاتو څخه انحراف لامل شي. اوسني مشخصات شوي خطا په غوښتنه کې شتون لري.
© Intel Corporation. Intel، د Intel لوگو، او د Intel نورې نښې د Intel Corporation یا د هغې د فرعي شرکتونو سوداګریزې نښې دي. نور نومونه او نښې ممکن د نورو ملکیت په توګه ادعا شي.
0425/XW/MK/PDF 365150-001US
اسناد / سرچینې
 |
انټیل د راتلونکي نسل فایر والونه غوره کوي [pdf] د کارونکي لارښود د راتلونکي نسل فایر والونه اصلاح کړئ، اصلاح کړئ، د راتلونکي نسل فایر والونه، د نسل فایر والونه، فایر والونه |