SonicWALL's initial response to results of our SSL decryption tests was "you've got to be kidding - we go way faster than that." Indeed, the vendor's internal tests showed the Supermassive decrypting SSL traffic at rates well into the gigabit range, compared with less than 100 Mbps in some of our tests.
SonicWALL's initial response to results of our SSL decryption tests was "you've got to be kidding - we go way faster than that." Indeed, the vendor's internal tests showed the Supermassive decrypting SSL traffic at rates well into the gigabit range, compared with less than 100Mbps in some of our tests.
The difference has to do with the rate at which we offered traffic, and the results say something interesting about the way highly parallel systems work.
The Supermassive is aptly named. Its CPUs have 96 cores (and up to 384 cores in a high-availability cluster with four systems). As new flows come in, the system assigns them to new cores, repeating the process until all cores are fully utilized.
The forwarding-rate tests used the same configuration as the earlier evaluation of Palo Alto's PA-5060, with the Spirent Avalanche traffic generator configured to emulate concurrent 126 "SimUsers" (a load-generation concept similar to one user going through a list of URLs). With that load, the Supermassive's overall system CPU utilization barely topped 2%, suggesting it had plenty of headroom to handle higher traffic rates.
As SonicWALL predicted, rates shot up - way up - as we added SimUsers. The maximum load its system could handle without errors was around 5,800 SimUsers. The resulting forwarding rates - around 4.8Gbps in some cases - were far higher than those with 126 SimUsers.
We also tried a few SSL decryption tests with 5,800 SimUsers on the other vendors' systems, but none could handle that load without at least some transaction failures.
SonicWALL says the difference in results isn't so much a function of the number of users as the rate at which we offered traffic. We agree; on a per-user basis, the rates are pretty similar in the 126- and 5,800-SimUser tests. In this light, there's merit to SonicWALL's assertion that the 126-SimUser configuration didn't push its device hard enough.
On the other hand, other devices moved traffic from the same 126-SimUser configuration at higher rates. Since we used the same test with all devices, the different results can only be explained by device architecture. The other devices tested may have had higher CPU utilization, or deeper buffers, or both.
SonicWALL's Supermassive can decrypt SSL traffic very fast - in fact these one-off tests show it to be the fastest device by far. At the same time, its highly parallel architecture may produce lower rates in situations where a relatively few flows are active at any given time.
Wi-Fi is great when it works right – and when it’s secure. Although setting up Wi-Fi can seem...
IBM Hong Kong this morning issued an un-IBM-like press release in response to a report by Robert...
Buyers of the earthly explanation for whatever fell from the sky in Roswell, N.M. back in 1947 are...
Sponsored by AT&T
Sponsored by Brocade
Google Fiber is coming to the metro areas of Atlanta, Nashville, Charlotte and Raleigh-Durham, N.C.
Windows 10 may still be in beta, but it already has some fun and handy, hidden new features worth...
Three risks and three remedies to help ensure this doesn't happen to you
Not so long ago, the open source model was the rebellious kid on the block, viewed with suspicion by...