Pseries Installation Guide

ManualsBrandsForce10 Networks ManualsNetwork CardPSeries 100-00055-01

121

122

123

124

125

126

127

128

129

130

P-Series Installation and Operation Guide, version 2.3.1.2 127

Appendix E Glossary

ACK An Acknowledgment packet (ACK) is a packet that is sent from the client to the server to

complete a TCP connection. See SYN.

DHCP Dynamic Host Configuration Protocol (DHCP) is a protocol that automatically requests an IP

address, subnet mask, and default gateway for a network client.

DMA Direct Memory Access (DMA) is a method by which devices in a hardware system can transfer

data without occupying the CPU. In the case of the P-Series, the network interface card can

transfer matched packets directly to the host memory by taking control of the PCI-X bus.

DPI Dynamic Parallel Inspection (DPI) is an engine based on Multiple Instruction Single Data

(MISD) hardware architecture that can simultaneously execute thousands of security policies

and capture/blocking operations on the same data.

Dynamic Rules Dynamic rules allocate generic registers inside the firmware to allow you to create and modify

rules at runtime without changing the firmware.

Flow A flow is a series of packets with the same state. See State.

FPGA Field Programmable Gate Array (FPGA) is a logic device that is re-programmable; it is a

counterpart to the Application-Specific Integrated Circuit (ASIC) that cannot be modified once it

has been programmed.

Garbage

Collection

Garbage is data that is no longer necessary; garbage collection is the process of discarding

this data to free resources. In the context of the P-Series, garbage is old state or flows.

IDS/IPS Intrusion Detection System/Intrusion Prevention System

MISD Multiple Instruction Single Data (MISD) is a computer architecture that executes many

operations simultaneously on one set of data. It is a counterpart to Single Instruction Multiple

Data (SIMD) and Multiple Instruction Multiple Data (MIMD) architectures.

Null Firmware Null firmware is firmware that has no static rules. Null firmware is used to maximize the

dynamic rule capacity on the FPGA.

Offset Offset is a Snort keyword that specifies a pattern-matching start location within a packet. For

example, an offset of 5 directs Snort inspect packets beginning after the first 5 bytes of the

payload. The P-Series does not support this Snort keyword. Rather, the P-Series has an offset

feature that enables offsets for all rules. This feature is optionally activated during the

PNIC-Compiler configuration phase.

meta.rules meta.rules is a Snort rules file supplied with the P-Series appliance by Force10. The rules in

this file report on flow information and handle possible TCP segmentation evasion attempts.

They also provide compatibility with Snort, and including them allows you to run Snort on the

DPI interface.

SFP Small Form-factor Pluggable (SFP) is an optical transceiver that interfaces a network device

and a fiber or unshielded twisted pair (UTP) network cable. SFPs support the SONET and

Gigabit Ethernet standards and can transmit data at a rate of 4.25 Gb/s.