Intel logo

Jagoran Fasaha
Inganta Ayyukan NGFW tare da
Intel® Xeon® Processors akan gajimaren Jama'a

Marubuta
Xiang Wang
Jayprakash Patidar
Declan Doherty
Eric Jones
Subhiksha Ravisundar
Heqing Zhu

Abubuwan da ke ciki boye
1 Gabatarwa
2 Fage da Ƙarfafawa
3 Aiwatar da Maganar NGFW
4 Aiwatar da Cloud na Aiwatar da Maganar NGFW
5 Ƙimar Ayyuka da Kuɗi
6 Takaitawa
7 Shafi A Kanfigareshan Platform
8 Takardu / Albarkatu
8.1 Magana

Gabatarwa

Firewalls na gaba na gaba (NGFWs) sune tushen tushen hanyoyin tsaro na cibiyar sadarwa. Wuraren wuta na gargajiya suna gudanar da duban ababen hawa na yanayi, yawanci bisa tashar jiragen ruwa da ka'idojin da ba za su iya kare su yadda ya kamata daga zirga-zirgar ƙeta na zamani ba. NGFWs suna haɓakawa kuma suna faɗaɗa kan bangon wuta na gargajiya tare da zurfin binciken fakiti mai zurfi, gami da gano kutse/tsarin rigakafi (IDS/IPS), gano malware, gano aikace-aikacen da sarrafawa, da sauransu.
NGFWs ayyuka ne masu ƙididdigewa suna yin aiki, misaliample, ayyukan sirri don ɓoyayyen zirga-zirgar hanyar sadarwa da ɓarna da ƙa'ida mai nauyi don gano ayyukan mugunta. Intel yana ba da mahimman fasahohin don haɓaka hanyoyin NGFW.
Na'urori na Intel suna sanye take da tsarin saiti na koyarwa daban-daban (ISAs), gami da Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) da Intel® QuickAssist Technology (Intel® QAT) waɗanda ke haɓaka aikin crypto mahimmanci.
Intel kuma yana saka hannun jari a inganta software gami da na Hyperscan. Hyperscan babban kirtani ne mai girma da kuma magana ta yau da kullun (regex) madaidaicin ɗakin karatu. Yana ba da damar koyarwa guda ɗaya fasahar bayanai da yawa (SIMD) akan na'urori na Intel don haɓaka aikin da ya dace. Haɗin hyperscan cikin tsarin NGFW IPS kamar Snort na iya haɓaka aiki har zuwa 3x akan masu sarrafa Intel.
Yawancin lokaci ana isar da NGFW azaman kayan aikin tsaro da aka tura a yankin da aka ware (DMZ) na cibiyoyin bayanan kasuwanci. Koyaya, akwai buƙatu mai ƙarfi don kayan aikin kama-da-wane na NGFW ko fakitin software waɗanda za'a iya tura su zuwa gajimare na jama'a, a cikin cibiyoyin bayanan kasuwanci, ko a wuraren da ke gefen hanyar sadarwa. Wannan samfurin tura software yana 'yantar da IT na kasuwanci daga ayyuka da kulawar da ke da alaƙa da kayan aikin jiki. Yana inganta sikelin tsarin kuma yana ba da sassauƙan saye da zaɓin siye.
Ƙara yawan kamfanoni suna karɓar jigilar girgije na jama'a na mafita na NGFW. Babban dalili na wannan shine kudin advantage na gudanar da kayan aikin kama-da-wane a cikin gajimare.
Duk da haka, tun da CSPs suna ba da nau'ikan misali da yawa tare da halaye daban-daban na ƙididdigewa da farashi, zaɓar misali tare da mafi kyawun TCO don NGFW na iya zama ƙalubale.
Wannan takarda tana gabatar da aiwatar da tunani na NGFW daga Intel, wanda aka inganta tare da fasahar Intel, gami da Hyperscan. Yana ba da tabbataccen hujja-ma'ana don haɓaka aikin NGFW akan dandamalin Intel. An haɗa shi azaman ɓangare na fakitin Software na NetSec Reference Software. Har ila yau, muna samar da Multi-Cloud Networking Automation Tool (MCNAT) a cikin wannan kunshin don sarrafa aikin aiwatar da aikin NGFW akan zaɓaɓɓen masu samar da girgije na jama'a. MCNAT yana sauƙaƙe bincike na TCO don misalan ƙididdigewa daban-daban kuma yana jagorantar masu amfani zuwa ga mafi kyawun misali na ƙididdigewa na NGFW.
Da fatan za a tuntuɓi marubuta don ƙarin koyo game da fakitin Software na NetSec.

Tarihin Bita daftarin aiki

Bita Kwanan wata Bayani
001 Maris 2025 Sakin farko.

1.1 Kalmomi
Tebur 1. Kalmomi

Gajarta Bayani
DFA Ƙaddamar da Ƙarshen atomatik
DPI Duban Fakiti mai zurfi
HTTP Ka'idar Canja wurin Hypertext
IDS/IPS Tsarin Ganewa da Tsarin Kariya
ISA Umarni Saita Gine-gine
Farashin MCNAT Multi-Cloud Networking Automation Tool
NFA Ƙarshen Automaton mara iyaka
NGFW Firewall na gaba
PCAP Ɗaukar fakiti
PCRE Laburaren Magana na yau da kullun na Perl mai jituwa
Regex Magana akai-akai
SASE Tsaron Sabis na Samun Tsaro
SIMD Umarni Guda Dayawa Multiple Data Technology
TCP Toaukar da Canjin Siyayya
URI Mai Gano Albarkatun Uniform
WAF Web Aikace-aikacen Firewall

1.2 Takardun Magana
Tebur 2. Takardun Magana

Magana Source
Intel® Xeon® Platform Scalable Platform Gina don Mafi Yawan Ayyukan Aiki https://www.intc.com/news-events/press-releases/detail/1423/intel-xeon-scalable-platform-built-for-most-sensitive
Snort https://www.snort.org/
Dokokin Snort Talos https://www.snort.org/downloads#rules
Hyperscan https://www.intel.com/content/www/us/en/developer/articles/technical/introduction-to-hyperscan.html
Haɗin gwiwar Hyperscan da Snort https://www.intel.com/content/www/us/en/developer/articles/technical/hyperscan-and-snort-integration.html
Hyperscan: Mai Saurin Tsarin Regex Match don CPUs na zamani https://www.usenix.org/conference/nsdi19/presentation/wang-xiang
Teddy: Ingantacciyar Injin Ma'auni na Gaskiya na tushen SIMD don Binciken Fakitin Zurfin Ma'auni https://dl.acm.org/doi/10.1145/3472456.3473512
Intel® 64 da IA-32 Architectures Software Developer Manuals https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html
Jagorar Intrinsics Intel® https://www.intel.com/content/www/us/en/docs/intrinsics-guide/index.html
Haɓaka Ayyukan Ayyukan Suricata Ta Amfani da Hyperscan Tsarin-Matching Software https://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/hyperscan-scalability-solution-brief.pdf
Suricata https://suricata.io/
Hyperscan a cikin Suricata: Jihar Tarayyar https://suricon.net/wp-content/uploads/2016/11/SuriCon2016_GeoffLangdale.pdf
Haɓaka Ayyukan Snort tare da Hyperscan da Intel® Xeon® Processors akan Gajimaren Jama'a https://networkbuilders.intel.com/solutionslibrary/accelerate-snort-performance-with-hyperscan-and-intel-xeon-processors-on-public-clouds
Firewall na gaba na gaba - Ingantawa tare da 4th Gen Intel® Xeon® Scalable Processor https://networkbuilders.intel.com/solutionslibrary/next-generation-firewall- ingantawa-maganin-takaice
Haɓaka Abubuwan da ake amfani da su da Ƙarfin Wuta don Wuta na Ƙarshe na Gaba https://www.intel.com/content/www/us/en/products/docs/processors/xeon-accelerated/network/xeon6-firewall-solution-brief.html
Kunshin Software na NetSec https://www.intel.com/content/www/us/en/secure/design/confidential/software-kits/kit-details.html?kitId=853965

Fage da Ƙarfafawa

A yau, yawancin dillalai na NGFW sun tsawaita sawun su daga kayan aikin NGFW na zahiri zuwa mafita na NGFW na yau da kullun waɗanda za a iya tura su cikin girgijen jama'a. Ayyukan girgije na jama'a na NGFW suna ganin karuwar tallafi saboda fa'idodi masu zuwa:

  • Scalability: sauƙin haɓakawa ko ƙididdige albarkatun giciye-geo don biyan buƙatun aiki.
  • Tasirin farashi: m biyan kuɗi don ba da damar biya kowane amfani. Yana kawar da kashe kudi (capex) kuma yana rage farashin aiki mai alaƙa da kayan aikin jiki.
  • Haɗin kai na asali tare da sabis na girgije: haɗin kai mara kyau tare da sabis na girgije na jama'a kamar sadarwar sadarwar, ikon samun dama da kayan aikin AI / ML.
  • Kariyar kayan aikin gajimare: tace zirga-zirga na gida don yawan ayyukan kasuwanci wanda aka shirya akan gajimare na jama'a.

Rage farashin gudanar da aikin NGFW a cikin gajimare na jama'a shine kyakkyawar shawara ga shari'o'in amfani da kasuwanci.
Koyaya, zaɓin misali tare da mafi kyawun aiki da TCO don NGFW yana da ƙalubale, da aka ba da dama na zaɓuɓɓukan misali na girgije suna samuwa tare da CPUs daban-daban, girman ƙwaƙwalwar ajiya, bandwidth na IO, kuma kowanne yana farashi daban. Mun haɓaka Aiwatar da Magana ta NGFW don taimakawa tare da aiki da kuma nazarin TCO na lokuta daban-daban na girgije na jama'a dangane da na'urori masu sarrafa Intel. Za mu nuna aiki da aiki a kowane ma'auni na dala a matsayin jagora don zabar daidaitattun abubuwan tushen Intel don mafita na NGFW akan ayyukan girgije na jama'a kamar AWS da GCP.

Aiwatar da Maganar NGFW

Intel ya haɓaka fakitin Software na NetSec Reference (saki na ƙarshe 25.05) wanda ke ba da ingantattun hanyoyin magance ISAs da masu haɓakawa waɗanda ke cikin sabbin CPUs na Intel da dandamali don nuna ingantaccen aiki a kayan aikin kan-prem kasuwanci da kan gajimare. Ana samun software na tunani a ƙarƙashin lasisin mallakar Intel (IPL).
Babban mahimman abubuwan wannan kunshin software sune:

  • Ya haɗa da faffadan babban fayil na hanyoyin sadarwa don sadarwar da tsaro, tsarin AI don girgije da cibiyoyin bayanan kasuwanci da wurare na gefe.
  • Yana ba da damar lokaci don kasuwa da saurin karɓar fasahar Intel.
  • Akwai lambar tushe wanda ke ba da damar yin kwafin yanayin turawa da mahallin gwaji akan dandamalin Intel.

Da fatan za a tuntuɓi mawallafa don ƙarin koyo game da samun sabuwar sakin software na NetSec Reference.
A matsayin muhimmin ɓangare na fakitin Software na NetSec Reference, aiwatar da tunani na NGFW yana tafiyar da halayen aikin NGFW da bincike na TCO akan dandamali na Intel. Muna isar da haɗin kai mara kyau na fasahar Intel kamar Hyperscan a cikin aiwatar da tunani na NGFW. Yana gina ingantaccen tushe don nazarin NGFW akan dandamali na Intel. Tun da dandamali na kayan aikin Intel daban-daban suna ba da damar daban-daban daga ƙididdigewa zuwa IO, aiwatar da NGFW yana ba da ƙarin haske. view na damar dandamali don nauyin aikin NGFW kuma yana taimakawa nuna kwatancen aiki tsakanin tsararraki na masu sarrafa Intel. Yana ba da cikakkun bayanai game da ma'auni, gami da ƙididdige aikin, bandwidth na ƙwaƙwalwar ajiya, bandwidth na IO, da amfani da wutar lantarki. Dangane da sakamakon gwajin aiki, za mu iya ƙara gudanar da bincike na TCO (tare da aiki kowace dala) akan dandamalin Intel da aka yi amfani da su don NGFW.

Sabuwar saki (25.05) na aiwatar da tunani na NGFW ya haɗa da mahimman fasali masu zuwa:

  • Tacewar zaɓi na asali
  • Tsarin Rigakafin Kutse (IPS)
  • Goyon bayan na'urori na Intel na yanke-yanke ciki har da na'urori masu sarrafawa na Intel® Xeon® 6, Intel Xeon 6 SoC, da sauransu.

Ana shirin sakewa na gaba don aiwatar da ƙarin fasali masu zuwa:

  • VPN dubawa: IPsec decryption na zirga-zirga don binciken abun ciki
  • Binciken TLS: Wakilin TLS don ƙare haɗin kai tsakanin abokin ciniki da sabar sa'an nan kuma yin binciken abun ciki akan zirga-zirgar rubutu.

3.1 Tsarin Gine-gine

Intel Haɓaka Wuta na Gaba Na Gaba - Tsarin Gine-gine

Hoto na 1 yana nuna tsarin gine-ginen gabaɗaya. Muna amfani da buɗaɗɗen software a matsayin tushen gina tsarin:

  • VPP yana ba da ingantaccen bayani na jirgin sama na bayanai tare da ainihin ayyukan bangon wuta na jiha, gami da ACL na jihohi. Mun haifar da zaren VPP da yawa tare da ƙayyadaddun alaƙar asali. Kowane zaren ma'aikacin VPP an lika shi zuwa ainihin CPU mai sadaukarwa ko zaren aiwatarwa.
  • An zaɓi Snort 3 azaman IPS, wanda ke goyan bayan zaren da yawa. Zaren ma'aikacin Snort an haɗa shi zuwa keɓaɓɓen muryoyin CPU ko zaren aiwatarwa.
  • An haɗa Snort da VPP ta amfani da Snort plugin zuwa VPP. Wannan yana amfani da saitin nau'ikan layi don aika fakiti tsakanin VPP da Snort. An adana nau'i-nau'i na layi da fakitin kansu a cikin ƙwaƙwalwar ajiyar da aka raba. Mun ƙirƙira sabon sashin Samun Bayanai (DAQ) don Snort, wanda muke kira VPP Zero Copy (ZC) DAQ. Wannan yana aiwatar da ayyukan Snort DAQ API don karɓa da watsa fakiti ta hanyar karantawa da rubutawa zuwa ga layukan da suka dace. Saboda nauyin da aka biya yana cikin ƙwaƙwalwar ajiya, muna la'akari da wannan aiwatar da Zero-Copy.

Tun da Snort 3 babban aiki ne mai ƙididdigewa wanda ke buƙatar ƙarin albarkatun ƙididdigewa fiye da sarrafa bayanan jirgin sama, muna ƙoƙarin daidaita ƙayyadaddun ƙayyadaddun ƙayyadaddun kayan aikin sarrafawa da daidaitawa tsakanin adadin zaren VPP da zaren Snort3 don samun mafi girman matakin matakin tsarin aiki akan dandamalin kayan aikin da ke gudana.
Hoto 2 (a shafi na 6) yana nuna kullin jadawali a cikin VPP, gami da waɗanda ke ɓangaren ACL da Snort. plugins. Mun haɓaka sabbin nodes ɗin hoto na VPP guda biyu:

  • snort-enq: ya yanke shawarar daidaita nauyi game da abin da zaren Snort ya kamata ya sarrafa fakitin sannan ya ba da fakitin zuwa layin da ya dace.
  • snort-deq: aiwatar da shi azaman kumburin shigarwa wanda ke yin zaɓe daga layukan da yawa, ɗaya kowane zaren ma'aikacin Snort.

Intel Haɓaka Firewalls na Gaba na gaba - Nodes Graph

3.2 Ingantattun Ingantawa
Ayyukan mu na NGFW yana ɗaukar advantage na abubuwan ingantawa masu zuwa:

  • Snort yana ba da damar yin amfani da ɗakin karatu mai girma na Hyperscan don samar da haɓaka mai mahimmanci a cikin aiki idan aka kwatanta da injin bincike na asali a cikin Snort. Hoto na 3 yana ba da haske game da haɗin gwiwar Hyperscan tare da Snort zuwa
    haɓaka aikin machng na zahiri da regex matching. Snort 3 yana ba da haɗin kai na asali tare da Hyperscan inda masu amfani zasu iya kunna Hyperscan ko dai ta hanyar daidaitawa file ko zabin layin umarni.

Intel Haɓaka Firewalls na Gaba na gaba - Snort tare da Hyperscan

  • VPP yana ɗaukar advantage na Karɓi Side Scaling (RSS) a cikin Intel® Ethernet Network Adapters don rarraba zirga-zirga a cikin zaren ma'aikatan VPP da yawa.
  • Intel QAT da umarnin Intel AVX-512: Sabuntawar gaba waɗanda ke goyan bayan IPsec da TLS za su ɗauki advantage na fasahar haɓaka crypto daga Intel. Intel QAT yana haɓaka aikin crypto, musamman maɓallin maɓalli na jama'a wanda ake amfani da shi sosai don kafa haɗin yanar gizo. Intel AVX-512 kuma yana haɓaka aikin ɓoyayyiya, gami da VPMADD52 (yawan ayyuka da tarawa), vector AES (vector version of the Intel AES-NI umarnin), vPCLMUL (vectorized carry-less ninka, amfani da shi don inganta AES-GCM), da Intel® Secure Hash Algorithm - Sabbin Umarni - NI .

Aiwatar da Cloud na Aiwatar da Maganar NGFW

4.1 Kanfigareshan Tsari
Tebura 3. Gwajin gwaji

Ma'auni Daraja
Amfani Case Binciken Cleartext (FW + IPS)
Traffic Profile HTTP 64KB GET (GET 1 kowace Haɗin)
Farashin ACL Ee (2 ACL na jihohi)
Dokokin Snort Lightspd (~ Dokokin 49k)
Manufar Snort Tsaro (~ 21k dokokin sun kunna)

Muna mai da hankali kan yanayin duba bayanan bayyanannu dangane da shari'o'in amfani da KPI a cikin RFC9411. Mai samar da zirga-zirga zai iya ƙirƙirar ma'amalar HTTP 64KB tare da buƙatar 1 GET akan kowane haɗin gwiwa. An saita ACLs don ba da izinin IPs a cikin ƙayyadadden ƙayyadaddun hanyoyin sadarwa. Mun ɗauki ka'idodin Snort Lightspd da manufofin tsaro daga Cisco don yin ma'auni. Hakanan akwai sabar sabar da aka keɓe don ba da buƙatun daga masu samar da ababen hawa.

Intel Haɓaka Wuta na Gaba Na Gaba - Tsarin Tsarin TsarinIntel Haɓaka Firewalls na Gaba na gaba - Tsarin Topology 2

Kamar yadda aka nuna a cikin Hoto na 4 da Hoto 5, tsarin tsarin tsarin ya haɗa da nodes na farko na farko: abokin ciniki, uwar garken da wakili don ƙaddamar da girgije na jama'a. Hakanan akwai kullin bastion don ba da haɗin kai daga mai amfani. Dukansu abokin ciniki (wanda ke gudana WRK) da uwar garken (Nginx mai gudana) suna da keɓancewar hanyar sadarwar jirgin sama guda ɗaya, kuma wakili (NGFW mai gudana) yana da hanyoyin sadarwa na bayanai-jirgin sama guda biyu don gwaji. Abubuwan mu'amalar hanyar sadarwar jirgin sama suna haɗe zuwa keɓaɓɓen subnet A (abokin ciniki-wakili) da subnet B (proxy-uwar garken) waɗanda ke kiyaye keɓancewa daga zirga-zirgar gudanarwa misali. An ayyana kewayon adireshi na IP da aka keɓe tare da madaidaicin hanya da dokokin ACL waɗanda aka tsara akan abubuwan more rayuwa don ba da damar zirga-zirga.

4.2 Tsare-tsare
MCNAT kayan aikin software ne wanda Intel ya haɓaka wanda ke ba da aiki da kai don ƙaddamar da ayyukan aikin sadarwar da ba su dace ba akan gajimare na jama'a kuma yana ba da shawarwari kan zaɓin mafi kyawun misalin girgije dangane da aiki da farashi.
An saita MCNAT ta hanyar jerin profiles, kowane yana bayyana masu canji da saitunan da ake buƙata don kowane misali. Kowane nau'in misali yana da nasa profile wanda za'a iya wuce zuwa kayan aikin MCNAT CLI don tura wannan takamaiman nau'in misali akan mai bada sabis na girgije (CSP). ExampAna nuna amfani da layin umarni a ƙasa kuma a cikin Tebur 4.

Intel Haɓaka Firewalls na Gaba na gaba - Alama 1

Tebur 4. Amfani da Layin Umurnin MCNAT

Zabin Bayani
– tura Yana umurtar kayan aiki don ƙirƙirar sabon turawa
-u Yana bayyana waɗanne takaddun shaidar mai amfani don amfani
-c CSP don ƙirƙirar turawa akan (AWS, GCP, da sauransu)
-s Yanayin da za a tura
-p Profile don amfani

Kayan aikin layin umarni na MCNAT na iya ginawa da tura misalai a mataki guda. Da zarar an ƙaddamar da misalin, matakan daidaitawar post ɗin suna ƙirƙirar daidaitaccen tsarin SSH don ba da damar isa ga misalin.
4.3 Tsarin Ma'auni
Da zarar MCNAT ta aika da misalin, duk gwajin aiki na iya gudana ta amfani da kayan aikin MCNAT.
Da farko, muna buƙatar saita shari'o'in gwaji a kayan aiki/mcn/applications/configurations/ngfw-intel/ngfw-intel.json kamar yadda ke ƙasa:

Intel Haɓaka Firewalls na Gaba na gaba - Alama 2

Sa'an nan za mu iya amfani da example umurnin kasa don kaddamar da gwajin. DEPLOYMENT_PATH shine inda ake adana yanayin jigilar mahalli, misali, kayan aiki/mcn/kayan ababen more rayuwa/kayan aiki/examples/ngfw-ntel/gcp/terraform.tfstate. d/tfws_default.

Intel Haɓaka Firewalls na Gaba na gaba - Alama 3

Yana gudanar da NGFW tare da ƙayyadaddun ƙayyadaddun ƙa'idodi akan zirga-zirgar http da WRK ke samarwa akan abokin ciniki, yayin da yake haɗa nau'ikan nau'ikan nau'ikan CPU, don tattara cikakkun saitin lambobi don misali a ƙarƙashin gwaji. Lokacin da aka kammala gwaje-gwajen, ana tsara duk bayanan azaman csv kuma an mayar da su ga mai amfani.

Ƙimar Ayyuka da Kuɗi

A cikin wannan sashe, muna kwatanta jigilar NGFW akan nau'ikan girgije daban-daban dangane da masu sarrafa Intel Xeon a AWS da GCP.
Wannan yana ba da jagora akan gano mafi dacewa nau'in misalin girgije don NGFW dangane da aiki da farashi. Mun zaɓi misalai tare da 4 vCPUs kamar yadda yawancin dillalai na NGFW suka ba da shawarar su. Sakamako akan AWS da GCP sun haɗa da:

  • Ayyukan NGFW akan ƙananan nau'ikan misali waɗanda ke karɓar 4 vCPUs tare da Intel® Hyper-Threading Technology (Intel® HT Technology) da Hyperscan kunna.
  • Ayyukan aikin tsara-zuwa-ƙarni daga 1st Gen Intel Xeon Scalable na'urori masu sarrafawa zuwa na'urori na 5th Gen Intel Xeon Scalable.
  • Ayyukan haɓaka-zuwa-ƙarni a kowace riba daga 1st Gen Inte® Xeon Scalable na'urori masu sarrafawa zuwa 5th Gen Intel Xeon Scalable processors.

5.1 Aiwatar da AWS
5.1.1 Jerin Nau'in Misali
Tebur 5. Matsalolin AWS da Farashin Sa'o'in da ake buƙata

Nau'in Misali Samfurin CPU vCPU Ƙwaƙwalwar ajiya (GB) Ayyukan hanyar sadarwa (Gbps) Akan buqatar hourly ar ($)
c5- ku 2nd Gen Intel® Xeon® Scalable masu sarrafawa 4 8 10 0.17
c5n-x babba 1st Gen Intel® Xeon® Scalable masu sarrafawa 4 10.5 25 0.216
c6i - girma 3rd Gen Intel® Xeon® Scalable masu sarrafawa 4 8 12.5 0.17
c6 in-x babba 3rd Gen Intel Xeon Scalable processors 4 8 30 0.2268
c7i - girma 4th Gen Intel® Xeon® Scalable masu sarrafawa 4 8 12.5 0.1785

Table 5 yana nuna ƙarshenview Abubuwan da muke amfani da su na AWS. Da fatan za a koma zuwa Kanfigareshan Platform don ƙarin cikakkun bayanai na dandamali. Hakanan ya lissafta hourldarajar y (https://aws.amazon.com/ec2/pricing/on-demand/) ga dukkan alamu. Abin da ke sama shi ne adadin da ake buƙata a lokacin buga wannan takarda kuma ya mai da hankali kan gabar tekun yammacin Amurka.
Abin da ake bukata hourlƘimar y na iya bambanta da yanki, samuwa, asusun kamfanoni, da sauran dalilai.

5.1.2 Sakamako

Intel Haɓaka Wuta na Gaba Na Gaba - Sakamako

Hoto na 6 yana kwatanta aiki da aiki a kowace awa akan duk nau'ikan misalin da aka ambata zuwa yanzu:

  • Aiki ya inganta tare da misalai dangane da sabbin tsararraki na masu sarrafa Intel Xeon. Haɓakawa daga c5.xlarge (dangane da 2nd Gen Intel Xeon Scalable processor) zuwa c7i.xlarge (dangane da 4th Gen Intel Xeon Scalable processor)
    yana nuna ingantaccen aikin 1.97x.
  • Ayyukan kowace dala sun inganta tare da misalai dangane da sababbin tsararraki na masu sarrafa Intel Xeon. Haɓakawa daga c5n.xlarge (dangane da 1st Gen Intel Xeon Scalable processor) zuwa c7i.xlarge (dangane da 4th Gen Intel Xeon Scalable processor) yana nuna haɓaka aikin 1.88x / sa'a.

5.2 GCP Ƙarfafawa
5.2.1 Jerin Nau'in Misali
Tebur 6. Matsalolin GCP da Farashin Sa'o'in da ake buƙata

Nau'in Misali Samfurin CPU vCPU Ƙwaƙwalwar ajiya (GB) Tsohuwar bandwidth egress (Gbps) Akan buqatar hourly ar ($)
n1-std-4 1st Gen Intel® Xeon®
Na'urori masu ƙima		 4 15 10 0.189999
n2-std-4 3rd Gen Intel® Xeon®
Na'urori masu ƙima		 4 16 10 0.194236
c3-std-4 4th Gen Intel® Xeon®
Na'urori masu ƙima		 4 16 23 0.201608
n4-std-4 5th Gen Intel® Xeon®
Na'urori masu ƙima		 4 16 10 0.189544
c4-std-4 5th Gen Intel® Xeon®
Na'urori masu ƙima		 4 15 23 0.23761913

Table 6 yana nuna ƙarshenview GCP da muke amfani da su. Da fatan za a koma zuwa Kanfigareshan Platform don ƙarin cikakkun bayanai na dandamali. Hakanan ya lissafta hourldarajar y (https://cloud.google.com/compute/vm-instance-pricing?hl=en) ga dukkan alamu. Abin da ke sama shi ne adadin da ake buƙata a lokacin buga wannan takarda kuma ya mai da hankali kan gabar tekun yammacin Amurka. Abin da ake bukata hourlƘimar y na iya bambanta da yanki, samuwa, asusun kamfanoni, da sauran dalilai.

5.2.2 Sakamako

Intel Haɓaka Firewalls na Gaba na gaba - Sakamako 2

Hoto na 7 yana kwatanta aiki da aiki a kowace awa akan duk nau'ikan misalin da aka ambata zuwa yanzu:

  • Aiki ya inganta tare da misalai dangane da sabbin tsararraki na masu sarrafa Intel Xeon. Haɓakawa daga n1-std-4 (dangane da 1st Gen Intel Xeon Scalable processor) zuwa c4-std-4 (dangane da 5th Gen Intel Xeon Scalable processor) yana nuna haɓakar aikin 2.68x.
  • Ayyukan kowace dala sun inganta tare da misalai dangane da sababbin tsararraki na masu sarrafa Intel Xeon. Haɓakawa daga n1-std-4 (dangane da 1st Gen Intel Xeon Scalable processor) zuwa c4-std-4 (dangane da 5th Gen Intel Xeon Scalable processor) yana nuna haɓaka aikin 2.15x / sa'a.

Takaitawa

Tare da haɓaka nau'ikan jigilar kayayyaki da yawa-da matasan-girgije, isar da mafita na NGFW akan gajimare na jama'a yana ba da daidaiton kariya a cikin mahalli, daidaitawa don biyan buƙatun tsaro, da sauƙi tare da ƙaramin ƙoƙarin kiyayewa. Masu siyar da tsaro na cibiyar sadarwa suna ba da mafita na NGFW tare da nau'ikan misalin girgije iri-iri akan girgijen jama'a. Yana da mahimmanci don rage jimillar farashin mallaka (TCO) da haɓaka dawowa kan saka hannun jari (ROI) tare da misalin gajimare da ya dace. Mabuɗin abubuwan da za a yi la'akari sun haɗa da ƙididdige albarkatu, bandwidth na cibiyar sadarwa, da farashi. Mun yi amfani da aiwatar da tunani na NGFW azaman aikin wakilcin aiki kuma mun ba da damar MCNAT don sarrafa aikin turawa da gwaji akan nau'ikan misalin girgije na jama'a daban-daban. Dangane da ma'auni na mu, misalai tare da sabon ƙarni na Intel Xeon Scalable na'urori masu sarrafawa akan AWS (wanda aka yi amfani da su ta 4th Intel Xeon Scalable na'urori masu sarrafawa) da GCP (wanda 5th Intel Xeon Scalable na'urori masu ƙarfi) ke isar da duka ayyuka da haɓaka TCO. Suna haɓaka aikin har zuwa 2.68x da ƙimar aiki a kowace awa har zuwa 2.15x sama da al'ummomin da suka gabata. Wannan kimantawa yana haifar da ingantattun nassoshi akan zabar abubuwan girgije na jama'a na Intel don NGFW.

Shafi A Kanfigareshan Platform

Kanfigareshan Dandali
c5-xlarge - "Gwaji ta Intel kamar na 03/17/25. 1-kumburi, 1x Intel (R) Xeon (R) Platinum 8275CL CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GBn DDR4 2933 .1.0) MT, microUknown 0x5003801, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1 "
c5n-xlarge - "Gwajin ta Intel kamar na 03/17/25. 1-kumburi, 1x Intel (R) Xeon (R) Platinum 8124M CPU @ 3.00GHz, 2 cores, HT On, Turbo On, Total Memory 10.5GB (1 × 10.5GB4 DDR2933 , microcode 1.0 × 0GB, 2007006s) DDR1 1 micro-code. 32x22.04.5, 6.8.0x Elastic Network Adapter (ENA), 1024x 11.4G Amazon Elastic Block Store, Ubuntu 24.12 LTS, 5.6.1-XNUMX-aws, gcc XNUMX, NGFW XNUMX, Hyperscan XNUMX "
c6i-xlarge - "Gwajin ta Intel kamar na 03/17/25. 1-kumburi, 1x Intel (R) Xeon (R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT] / s da aka sani), BIOS . 1.0xd0f0003, 6x Elastic Network Adapter (ENA), 1x 1G Amazon Elastic Block Store, Ubuntu 32 LTS, 22.04.5-6.8.0-aws, gcc 1024, NGFW 11.4, Hyperscan 24.12 "
c6in-xlarge - "Gwajin ta Intel kamar na 03/17/25. 1-kumburi, 1x Intel (R) Xeon (R) Platinum 8375C CPU @ 2.90GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 3200 MT] / s), da aka sani da BIOS. 1.0xd0f0003, 6x Elastic Network Adapter (ENA), 1x 1G Amazon Elastic Block Store, Ubuntu 32 LTS, 22.04.5-6.8.0-aws, gcc 1024, NGFW 11.4, Hyperscan 24.12 "
c7i-xlarge - "Gwaji ta Intel kamar na 03/17/25. 1-kumburi, 1x Intel (R) Xeon (R) Platinum 8488C CPU @ 2.40GHz, 2 cores, HT On, Turbo On, Total Memory 8GB (1x8GB DDR4 4800 MT], BIOS 1.0n), da aka sani. 0x2b000620, 1x Elastic Network Adapter (ENA), 1x 32G Amazon Elastic Block Store, Ubuntu 22.04.5 LTS, 6.8.0-1024-aws, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1 "
n1-std-4 - "Gwajin ta Intel kamar na 03/17/25. 1-node, 1x Intel (R) Xeon (R) CPU @ 2.00GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffsk1, Ubuntu sis 1GB na'urar 32 LTS, 22.04.5-6.8.0gcp, gcc 1025, NGFW 11.4, Hyperscan 24.12"
n2-std-4 - Gwaji ta Intel har zuwa 03/17/25. 1-node, 1 x Intel (R) Xeon (R) CPU @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x na'urar, 1x 32G PersistentDisk, Ubuntu 22.04.5 gcc 6.8.0, NGFW 1025, Hyperscan 11.4"
c3-std-4 - Gwaji ta Intel kamar na 03/14/25. 1-node, 1 x Intel(R) Xeon (R) Platinum 8481C CPU @ 2.70GHz @ 2.60GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffxffff, 1x Compute EngineIC 1 Ethernet [g32]. nvme_card-pd, Ubuntu 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1"
n4-std-4 - Gwaji ta Intel tun daga 03/18/25. 1-node, 1 x Intel (R) Xeon (R) PLATINUM 8581C CPU @ 2.10GHz, 2 cores, HT On, Turbo On, Total Memory 16GB (1x16GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC 1]-G npd. 32 LTS, 22.04.5-6.8.0-gcp, gcc 1025, NGFW 11.4, Hyperscan 24.12"
c4-std-4 - Gwaji ta Intel har zuwa 03/18/25. 1-node, 1 x Intel (R) Xeon (R) PLATINUM 8581C CPU @ 2.30GHz, 2 cores, HT On, Turbo On, Total Memory 15GB (1x15GB RAM []), BIOS Google, microcode 0xffffffff, 1x Compute Engine Virtual Ethernet [gVNIC 1], 32pd. 22.04.5 LTS, 6.8.0-1025-gcp, gcc 11.4, NGFW 24.12, Hyperscan 5.6.1"

Shafi B Intel NGFW Reference Software Kanfigareshan

Kanfigareshan Software Sigar Software
Mai watsa shiri OS Ubuntu 22.04 LTS
Kwaya 6.8.0-1025
Mai tarawa GCC 11.4.0
WRK 74b9437
WRK2 44a94c17
VPP 24.02
Snort 3.1.36.0
DAQ 3.0.9
LuaJIT 2.1.0-beta3
Libpcap 1.10.1
PCRE 8.45
ZLIB 1.2.11
Hyperscan 5.6.1
LZMA 5.2.5
NGINX 1.22.1
DPDK 23.11

Intel logo

Aiki ya bambanta ta amfani, daidaitawa da sauran dalilai. Ƙara koyo a www.Intel.com/PerformanceIndex.
Sakamakon ayyuka sun dogara ne akan gwaji kamar na kwanakin da aka nuna a cikin jeri kuma maiyuwa baya nuna duk sabbin abubuwan da ake samu a bainar jama'a. Duba madadin don cikakkun bayanai. Babu wani samfur ko abin da zai iya zama cikakkiyar amintaccen tsaro.
Intel yana ƙin duk cikakkun bayanai da garanti mai ma'ana, gami da ba tare da iyakancewa ba, garantin ciniki, dacewa don wata manufa, da rashin cin zarafi, da kowane garanti da ya taso daga hanyar aiki, hanyar mu'amala, ko amfani a kasuwanci.
Fasahar Intel na iya buƙatar kayan aikin da aka kunna, software ko kunnawa sabis.
Intel ba ya sarrafa ko duba bayanan ɓangare na uku. Ya kamata ku tuntubi wasu kafofin don kimanta daidaito.
Samfuran da aka siffanta na iya ƙunsar lahani na ƙira ko kurakurai da aka sani da errata wanda zai iya sa samfurin ya saba da ƙayyadaddun bayanai da aka buga. Ana samun siffa ta halin yanzu akan buƙata.
© Kamfanin Intel. Intel, tambarin Intel, da sauran alamun Intel alamun kasuwanci ne na Kamfanin Intel Corporation ko rassan sa. Ana iya da'awar wasu sunaye da alamun a matsayin mallakin wasu.
0425/XW/MK/PDF 365150-001US

Takardu / Albarkatu

Intel Haɓaka Firewalls na gaba na gaba [pdf] Jagorar mai amfani
Haɓaka Firewalls na Gaba na Gaba, Ingantawa, Wuta na Gaba, Wuta na Ƙarshe, Wuta

Magana

Bar sharhi

Ba za a buga adireshin imel ɗin ku ba. Ana yiwa filayen da ake buƙata alama *