DELL SuperMassive 9600 01-SSC-3880 Manuale Utente
Codici prodotto
01-SSC-3880
Extensible architecture for
extreme scalability and
performance
extreme scalability and
performance
The RFDPI engine is designed from the
ground up with an emphasis on
providing security scanning at a high
level of performance, to match both the
inherently parallel and ever-growing
nature of network traffic. When
combined with 24-, 32-, 48- or 96-core
processor systems, this parallelism-
centric software architecture scales up
perfectly to address the demands of
deep packet inspection at high traffic
loads. The SuperMassive platform relies
on processors that, unlike x86, are
optimized for packet, crypto and
network processing while retaining
flexibility and programmability in the
field—a weak point for ASICs systems.
This flexibility is essential when new
code and behavior updates are
necessary to protect against new attacks
that require updated and more
ground up with an emphasis on
providing security scanning at a high
level of performance, to match both the
inherently parallel and ever-growing
nature of network traffic. When
combined with 24-, 32-, 48- or 96-core
processor systems, this parallelism-
centric software architecture scales up
perfectly to address the demands of
deep packet inspection at high traffic
loads. The SuperMassive platform relies
on processors that, unlike x86, are
optimized for packet, crypto and
network processing while retaining
flexibility and programmability in the
field—a weak point for ASICs systems.
This flexibility is essential when new
code and behavior updates are
necessary to protect against new attacks
that require updated and more
sophisticated detection techniques.
Another aspect of the platform design is
the unique ability to establish new
connections on any core in the system,
providing ultimate scalability and the
ability to deal with traffic spikes. This
Another aspect of the platform design is
the unique ability to establish new
connections on any core in the system,
providing ultimate scalability and the
ability to deal with traffic spikes. This
approach delivers extremely high new
session establishment rates (new conn/
sec) while Deep Packet Inspection is
enabled—a key metric that is often a
bottleneck for data center deployments.
session establishment rates (new conn/
sec) while Deep Packet Inspection is
enabled—a key metric that is often a
bottleneck for data center deployments.
Reassembly-Free Deep Packet
Inspection engine
Inspection engine
The Dell SonicWALL Reassembly-Free
Deep Packet Inspection (RFDPI) engine
provides superior threat protection
and application control without
compromising performance. This
patented engine relies on streaming
traffic payload inspection in order to
provides superior threat protection
and application control without
compromising performance. This
patented engine relies on streaming
traffic payload inspection in order to
detect threats at Layers 3-7. The RFDPI
engine takes network streams through
extensive and repeated normalization
engine takes network streams through
extensive and repeated normalization
and decryption in order to neutralize
advanced evasion techniques that
seek to confuse detection engines
and sneak malicious code into the
network. Once a packet undergoes the
necessary pre-processing, including SSL
decryption, it is analyzed against a single
proprietary memory representation of
three signature databases: intrusion
attacks, malware and applications. The
connection state is then advanced to
represent the position of the stream
relative to these databases until it
advanced evasion techniques that
seek to confuse detection engines
and sneak malicious code into the
network. Once a packet undergoes the
necessary pre-processing, including SSL
decryption, it is analyzed against a single
proprietary memory representation of
three signature databases: intrusion
attacks, malware and applications. The
connection state is then advanced to
represent the position of the stream
relative to these databases until it
encounters a state of attack, or other
“match” event, at which point a pre-
set action is taken. In most cases, the
connection is terminated and proper
logging and notification events are
created. However, the engine can also
be configured for inspection only or, in
case of application detection, to provide
Layer 7 bandwidth management services
for the remainder of the application
stream as soon as the application is
identified.
connection is terminated and proper
logging and notification events are
created. However, the engine can also
be configured for inspection only or, in
case of application detection, to provide
Layer 7 bandwidth management services
for the remainder of the application
stream as soon as the application is
identified.
Traffic in
Packet assembly-based process
Traffic out
Proxy
Dell SonicWALL architecture
Competitive architecture
Scanning
When proxy becomes full
or content too large,
files bypass scanning
files bypass scanning
Packet
disassembly
Traffic in
Traffic out
Packet reassembly-free process
Reassembly-free packet scanning
without proxy or content size limitations
Inspection time
Inspection time
Inspection
capacity
Inspection
capacity
16 x 1 GbE SFP
6 x 10 GbE SFP+
96 Cores
240 GbE
SM Interconnect
3