This video provides a detailed explanation of Check Point CoreXL technology, focusing on its architecture and performance benefits. The instructor, Manuel Joe King, breaks down the components of CoreXL, explaining how they work together to improve packet processing speed and efficiency in multi-core systems.
Multi-core systems and the need for CoreXL: Traditional methods of increasing CPU performance by increasing frequency hit physical limitations, leading to the development of multi-core processors. Check Point's CoreXL was introduced in R65 to leverage these multi-core systems effectively.
CoreXL components: CoreXL utilizes firewall kernel instances (multiple instances of the firewall code running simultaneously), and a Secure Network Dispatcher to distribute traffic efficiently among the cores.
Parallel processing and performance gains: CoreXL enables parallel processing of packets across multiple cores, dramatically increasing throughput. The dispatcher acts as a load balancer, assigning packets to available cores. Data locality (keeping related data on the same CPU) and cache utilization further enhance performance.
Core Affinity & SIM Affinity: CoreXL allows for CPU affinity (binding processes to specific CPUs) and SIM affinity (binding network ports to specific CPUs). This enables fine-grained control over resource allocation to optimize performance and address potential bottlenecks. Multi-queuing allows a single port to be handled by multiple CPUs.
CoreXL Licensing: CoreXL is a separately licensed product, enabling customers to activate specific numbers of cores as needed.
