Datasheet

ManualsBrandsDell ManualsNetworking01-SSC-3811

1

2

3

4

5

6

7

8

9

Extensible architecture for

extreme scalability and

performance

The RFDPI engine is designed from the

ground up with an emphasis on

providing security scanning at a high

level of performance, to match both the

inherently parallel and ever-growing

nature of network trac. When

combined with 24-, 32-, 48- or 96-core

processor systems, this parallelism-

centric software architecture scales up

perfectly to address the demands of

deep packet inspection at high trac

loads. The SuperMassive platform relies

on processors that, unlike x86, are

optimized for packet, crypto and

network processing while retaining

ﬂexibility and programmability in the

ﬁeld—a weak point for ASICs systems.

This ﬂexibility is essential when new

code and behavior updates are

necessary to protect against new attacks

that require updated and more

sophisticated detection techniques.

Another aspect of the platform design is

the unique ability to establish new

connections on any core in the system,

providing ultimate scalability and the

ability to deal with trac spikes. This

approach delivers extremely high new

session establishment rates (new conn/

sec) while Deep Packet Inspection is

enabled—a key metric that is often a

bottleneck for data center deployments.

Reassembly-Free Deep Packet

Inspection engine

The Dell SonicWALL Reassembly-Free

Deep Packet Inspection (RFDPI) engine

provides superior threat protection

and application control without

compromising performance. This

patented engine relies on streaming

trac payload inspection in order to

detect threats at Layers 3-7. The RFDPI

engine takes network streams through

extensive and repeated normalization

and decryption in order to neutralize

advanced evasion techniques that

seek to confuse detection engines

and sneak malicious code into the

network. Once a packet undergoes the

necessary pre-processing, including SSL

decryption, it is analyzed against a single

proprietary memory representation of

three signature databases: intrusion

attacks, malware and applications. The

connection state is then advanced to

represent the position of the stream

relative to these databases until it

encounters a state of attack, or other

“match” event, at which point a pre-

set action is taken. In most cases, the

connection is terminated and proper

logging and notiﬁcation events are

created. However, the engine can also

be conﬁgured for inspection only or, in

case of application detection, to provide

Layer 7 bandwidth management services

for the remainder of the application

stream as soon as the application is

identiﬁed.

Trac in

Packet assembly-based process

Trac out

Proxy

Dell SonicWALL architectureCompetitive architecture

Scanning

When proxy becomes full

or content too large,

ﬁles bypass scanning

Packet

disassembly

Trac in Traﬃc out

Packet reassembly-free process

Reassembly-free packet scanning

without proxy or content size limitations

Inspection time Inspection time

Inspection

capacity

Inspection

capacity

16 x 1 GbE SFP

6 x 10 GbE SFP+

96 Cores

240 GbE

SM Interconnect

3