By now you have probably seen Check Point’s exciting announcement regarding 10 Gig capacity on a $5k to $7k platform. I have had lots of readers and customers contact me regarding the specifics on this platform, and have recently found more detailed information.

Swizzling

There is a specific piece that has been enabled for this significant performance gain: IRQ Swizzling. Traditionally in a PCIe bus, all PCIe ports are mapped to one interrupt. Swizzling allows the PCIe slots to be balanced across four interrupts instead of one. “Swizzling” is something that is only available (at this time) on the Intel 5000 chipset. It also appears that Swizzling is specifically geared for the PCIe bus architecture. Intel has a whitepaper on Swizzling. Enabling Swizzling requires a BIOS update.

Reference Server

In its press release, Check Point mentions a reference server that was used for this test. Below are the detailed specifications:

Brand SuperMicro
CPU 2 * Intel 5160 3.0Ghz
Front Side Bus 1333 Mhz
Memory 4 GB
SecureXL On
Splat ver NGX (R60) Build 244
Take 178
Fw ver NGX (R60) – Build 458
SD ver 591000001
WI ver 591000001
Nic driver e1000 version: 7.0.32-NAPI

The throughput tests were done using 10x1Gig PCIe cards in the system.

Other Woodcrest systems that are on the SecurePlatform HCL, their BIOS updates will be available shortly:

There is a rumor that Crossbeam will have a BIOS update as well.

It is important to remember that there are several conditions for using Swizzling in these systems:

  1. Woodcrest Xeon 5100 multi-core CPU
  2. SecureXL
  3. The BIOS upgrade must be available and installed for the system
  4. Four or more NICs must be present to take advantage of Swizzling due to Processor Affinity

Without SecureXL, each NIC is normally handled by all of the processors. SecureXL uses Affinity to bind a CPU to a specific NIC resulting in significant throughput gains. Affinity is normally performed dynamically, but can also be set manually. See the Performance Pack Manual for more information.

So should you order Woodcrest servers? I would say yes for several reasons:

  1. The cost is relatively low: $5k to $7k per server and you will see significant performance gains with or without the Swizzling function.
  2. You are helping to future-proof your environment. What do I mean by future-proof? Let’s say that today you only have throughput requirements for a few Gigs. Then after a few months something like storage (for example) is introduced that requires heavy throughput. Now all you do is apply the Swizzling BIOS, and enable SecureXL. If you were using Juniper SSGs you would have to replace the gateways with high-end expensive boxes ($40-$250k each). If it was Cisco….well forget it as the ASA 5550 can only pass 1.2 Gig (their numbers) and that is without any real inspection.
SecurePlatform 10Gig and Swizzling

One thought on “SecurePlatform 10Gig and Swizzling

Comments are closed.