: Software Cut-through Based Offload
Focus
Focus

Software Cut-through Based Offload

Table of Contents

Software Cut-through Based Offload

Use software cut-through offload for environments that do not support DPU.
If your environment does not support DPU or require container based next-gen firewall and the traffic type happens to have offloadable flows, you can take advantage of software cut-through based offload. In order to configure software cut-through, your firewall (PAN-OS) can be configured to implement software cut-through on the software to do offloads.
Software cut-through is able to understand GTP-U traffic and therefore will help in increasing handled throughput for 5G Security use-cases. With Software Cut-through enabled, within the GTPU, the inner session completes the L7 packet inspection then follows the existing software cut-through data path. It bypasses unnecessary operations, and leverages cache to complete the operation, thereby improving throughput handling and performance of the software firewall.
When using software cut-through please consider:
  • Software cut-through is disabled by default on software firewalls. You can enable this feature using bootstrap or CLI on VM-Series and CN-Series.
  • On VM-Series - you can use software cut-through and ITO simultaneously.
  • For upgrades to the current version with ITO enabled, enable software cut-through session offload using CLI post upgrade.
  • On Software firewalls - if you plan to use software cut-through - you need a minimum of 6 cores.
  • You can use software cut-through across software firewalls deployed in an on-prem environment such as KVM or ESXi, or in a public cloud namely AWS, Azure, or GCP
Configure Software Cut-through based offload for a deployed VM using the CLI
Use the CLI to enable software cut-through on your VM-Series firewall without hardware support. Software cut-through is disabled by default.
  1. Access the VM-Series firewall as an administrator.
  2. Use the CLI command set session sw-cut-thru yes to enable software cut-through.
  3. To disable software cut-through, enter set session sw-cut-thru no.
Configure Software Cut-through based offload using bootstrap
To configure software cut-through using bootstrap add the following in the init-cfg.txt file:
plugin-op-commands=sw_cut_through:enable
To disable software cut-through using bootstrap:
plugin-op-commands=sw_cut_through disable
To display the status of software cut-through, use show session info | match "Software Cut Through".