The Single-Pass Parallel Processing (SP3) architecture is meant to compete with the traditional performance of firewalls. Traditionally, when additional features are activated, firewall performance decreases.
SP3 addresses these performance challenges with single-pass parallel architecture. The single-pass architecture allows a packet to pass through a processing chain once for all sub-processes or features.

Latency is reduced with Single-Pass Parallel Processing (SP3) architecture. Components include:
- Single-pass software
- Parallel processing hardware
Compared to the multi-pass architecture, a packet goes through a processing chain, such as a feature, more than once. This process adds features in a sequence of separate engines but adds latency and negatively impacts performance.

SP3 architecture of choice for Palo Alto networks NGFW. Stream-based components provide a way to classify and control traffic in a “single pass”.
Palo Alto Networks NGFWs take the “scan it all, scan it once” approach for physical and virtual NGFWs.
Management and Data Planes
Management and data plane functions are separate on physical and virtual firewalls. They each have dedicated resources such as CPU, RAM, and storage.
If load is applied to one plane, it doesn’t adversely impact the other plane’s performance.
Control plane features:
- Firewall configuration
- Logging
- Reporting
Data plane features:
- Signature matching
- Security processing
- Network processing
The Single-Pass Parallel Processing (SP3) architecture is meant to compete with the traditional performance of firewalls. Traditionally, when additional features are activated, firewall performance decreases.
SP3 addresses these performance challenges with single-pass parallel architecture. The single-pass architecture allows a packet to pass through a processing chain once for all sub-processes or features.

Leave a Reply