SonicWALL's initial response to results of our SSL decryption tests was "you've got to be kidding - we go way faster than that." Indeed, the vendor's internal tests showed the Supermassive decrypting SSL traffic at rates well into the gigabit range, compared with less than 100 Mbps in some of our tests.
SonicWALL's initial response to results of our SSL decryption tests was "you've got to be kidding - we go way faster than that." Indeed, the vendor's internal tests showed the Supermassive decrypting SSL traffic at rates well into the gigabit range, compared with less than 100Mbps in some of our tests.
The difference has to do with the rate at which we offered traffic, and the results say something interesting about the way highly parallel systems work.
The Supermassive is aptly named. Its CPUs have 96 cores (and up to 384 cores in a high-availability cluster with four systems). As new flows come in, the system assigns them to new cores, repeating the process until all cores are fully utilized.
The forwarding-rate tests used the same configuration as the earlier evaluation of Palo Alto's PA-5060, with the Spirent Avalanche traffic generator configured to emulate concurrent 126 "SimUsers" (a load-generation concept similar to one user going through a list of URLs). With that load, the Supermassive's overall system CPU utilization barely topped 2%, suggesting it had plenty of headroom to handle higher traffic rates.
As SonicWALL predicted, rates shot up - way up - as we added SimUsers. The maximum load its system could handle without errors was around 5,800 SimUsers. The resulting forwarding rates - around 4.8Gbps in some cases - were far higher than those with 126 SimUsers.
We also tried a few SSL decryption tests with 5,800 SimUsers on the other vendors' systems, but none could handle that load without at least some transaction failures.
SonicWALL says the difference in results isn't so much a function of the number of users as the rate at which we offered traffic. We agree; on a per-user basis, the rates are pretty similar in the 126- and 5,800-SimUser tests. In this light, there's merit to SonicWALL's assertion that the 126-SimUser configuration didn't push its device hard enough.
On the other hand, other devices moved traffic from the same 126-SimUser configuration at higher rates. Since we used the same test with all devices, the different results can only be explained by device architecture. The other devices tested may have had higher CPU utilization, or deeper buffers, or both.
SonicWALL's Supermassive can decrypt SSL traffic very fast - in fact these one-off tests show it to be the fastest device by far. At the same time, its highly parallel architecture may produce lower rates in situations where a relatively few flows are active at any given time.
It had a good 36-year run, but its day is done.
What should an enterprise do with Flash. Ban it? Phase it out? Or accept that it will remain as legacy...
In 2010, Jim Gettys, a veteran computer programmer who currently works at Google, was at home uploading...
Cisco this week this week announced the death of its Secure Access Control System – a package customers...
For some companies, using cloud services isn’t what they hoped or expected it to be. Reason’s like...
The 17th annual Network World holiday gift guide has something for every techie (and techie-wanna-be)...
Virtual reality, augmented reality and cognitive computing engineers head the list