Glossary, Appendix e, Appendix e glossary – Force10 Networks PSeries 100-00055-01 User Manual

P-Series Installation and Operation Guide, version 2.3.1.2

127

Appendix E

Glossary

ACK

An Acknowledgment packet (ACK) is a packet that is sent from the client to the server to
complete a TCP connection. See

SYN

.

DHCP

Dynamic Host Configuration Protocol (DHCP) is a protocol that automatically requests an IP
address, subnet mask, and default gateway for a network client.

DMA

Direct Memory Access (DMA) is a method by which devices in a hardware system can transfer
data without occupying the CPU. In the case of the P-Series, the network interface card can
transfer matched packets directly to the host memory by taking control of the PCI-X bus.

DPI

Dynamic Parallel Inspection (DPI) is an engine based on Multiple Instruction Single Data
(MISD) hardware architecture that can simultaneously execute thousands of security policies
and capture/blocking operations on the same data.

Dynamic Rules

Dynamic rules allocate generic registers inside the firmware to allow you to create and modify
rules at runtime without changing the firmware.

Flow

A flow is a series of packets with the same state. See

State

.

FPGA

Field Programmable Gate Array (FPGA) is a logic device that is re-programmable; it is a
counterpart to the Application-Specific Integrated Circuit (ASIC) that cannot be modified once it
has been programmed.

Garbage
Collection

Garbage is data that is no longer necessary; garbage collection is the process of discarding
this data to free resources. In the context of the P-Series, garbage is old state or flows.

IDS/IPS

Intrusion Detection System/Intrusion Prevention System

MISD

Multiple Instruction Single Data (MISD) is a computer architecture that executes many
operations simultaneously on one set of data. It is a counterpart to Single Instruction Multiple
Data (SIMD) and Multiple Instruction Multiple Data (MIMD) architectures.

Null Firmware

Null firmware is firmware that has no static rules. Null firmware is used to maximize the
dynamic rule capacity on the FPGA.

Offset

Offset is a Snort keyword that specifies a pattern-matching start location within a packet. For
example, an offset of 5 directs Snort inspect packets beginning after the first 5 bytes of the
payload. The P-Series does not support this Snort keyword. Rather, the P-Series has an offset
feature that enables offsets for all rules. This feature is optionally activated during the
PNIC-Compiler configuration phase.

meta.rules

meta.rules is a Snort rules file supplied with the P-Series appliance by Force10. The rules in
this file report on flow information and handle possible TCP segmentation evasion attempts.
They also provide compatibility with Snort, and including them allows you to run Snort on the
DPI interface.

SFP

Small Form-factor Pluggable (SFP) is an optical transceiver that interfaces a network device
and a fiber or unshielded twisted pair (UTP) network cable. SFPs support the SONET and
Gigabit Ethernet standards and can transmit data at a rate of 4.25 Gb/s.