ALTEN Calsoft Labs - vFirewall › resource-center › ...ALTEN Calsoft Labs' vFirewall Framework is...
Transcript of ALTEN Calsoft Labs - vFirewall › resource-center › ...ALTEN Calsoft Labs' vFirewall Framework is...
Deep Packet Inspection (DPI) is playing an increasingly important role in
networking today, becoming more and more of a service enabler for
quality of experience (QoE), data center and network security, Virtual
CPE services, network and subscriber analytics, and more. With
advancements in Network Function Virtualization (NFV) and Software
Defined Networking (SDN), new use cases for Virtualized Deep Packet
Inspection (vDPI), or DPI solutions deployed at a virtual network
function (VNF), have emerged.
Overview
vFirewallFramework
Subscriber Analytics
DPIUSE CASES
YTIR
UC
ES
BUSINESS S
TR
AT
EG
IES
Billing & Application
Network Monitoring
Small Cells/WiFi Offload
Service Chaining
Packet Steering
Content CachingQoE
ApplicationSecurity
Firewall
IDS/IPS
ALTEN Calsoft Labs vFirewall Framework
ALTEN Calsoft Labs' vFirewall Framework is a reusable high performance
DPDK optimized security solution developed to run on Intel x86 based
platforms that can be used by Network Equipment Manufacturers
(NEMs) to develop customized Virtual CPE (vCPE), Firewall or IDS/IPS
solutions for network operators.
Software and Hardware architecture of our vFirewall Framework delivers up to 25x performance over traditional Linux appliances based on
x86 processors. It forms an integral part of our vCPE solution with the addition of Firewall, IDS/IPS and application-aware QoS services. The
framework offers an optimized and balanced combination of Access Control Lists (ACLs), Stateful Firewall, Intrusion Detection/Prevention
and application visibility & control.
ALTEN Calsoft Labs' vFirewall Framework is able to deliver industry leading performance by using innovative techniques such as Receive side
scaling, hyper threading, SIMD instructions, and by keeping the signature database small enough to fit in to the processor cache thereby
avoiding memory calls during runtime packet processing.
Supported Platforms
Deployable on COTS x86 platforms
Support for different virtualization environments (KVM, Xen, etc.)
IO Virtualization: VirtIO, SR-IOV
†
†
†
Deployment Options
Bare metal deployment
Standalone instance as a Virtual Machine (VM)
Cloud deployment e.g. GCP, AWS,
OpenStack clouds
†
†
†
Performance & Scalability
High performance detection engine
4.8Gbps of packet inspection per CPU core with 18K+ rules loaded
Scales linearly with the number of CPU cores
†
†
Intel DPDK based optimized packet handling for high
performance fast path processing
IPv6 support
Tunnel decoding
TCP session tracking & stream reassembly
File identification, extraction and logging
Stateful HTTP parsing and IP reputation
†
†
†
†
†
†
Detection of 1000+ protocols & applications such as Facebook,
Twitter, WhatsApp, Warcraft, Skype, YouTube, etc. using industry
leading DPI libraries.performance
Malware/botnet/DoS/DDoS protection
Signature/Rule management with Emerging Threats
User friendly GUI with comprehensive analytics
Inherent multi-threaded architecture to deliver high
†
†
†
†
†
vFirewall Framework - Features
© ALTEN Calsoft Labs. All rights Reserved.
ALTEN Calsoft Labs is a next gen digital transformation, enterprise IT and product engineering services provider. The
company enables clients innovate, integrate, and transform their business by leveraging disruptive technologies like
mobility, big data, analytics, cloud, IoT and software-defined networking (SDN/NFV). ALTEN Calsoft Labs provides concept to
market offerings for industry verticals like education, healthcare, networking & telecom, hi- tech, ISV and retail.
Headquartered in Bangalore, India, the company has offices in US, Europe and Singapore. ALTEN Calsoft Labs is a part of
ALTEN group, a leader in technology consulting and engineering services.
ABOUT ALTEN CALSOFT LABS
www.altencalsoftlabs.com
vDPI Framework - Deployment Scenarios
OPENSTACK CONTROLLER
Compute Network Stroage
vVPN vFW vRouter
Switch
VM1 VM2 VM3
SERVICE PROVIDENETWORK
Hosted Server
vFirewall - Service chain
Hypervisor
Host OS
Server
vRoutervFirewall
vFirewall - Enterprise
ENTERPRISE CLOUD
VM
DPDK
Data Plane
SyncModule
VNFC in vCPE
Hypervisor
Host OS
Server
Container Engine
Host OS
Server
NFVI
Control Plane
vFirewall - VNFC
IPsecVPN
QOS
Routing vFirewall
NAT ACL
OSPF RIP IKE
DHCP UPnP
MANOMANOIntegration
Load Balancer(L2-L7 Switch)
INTERNET
Small Cell/HeNB WiFI AP Roaming User Branch Office
ALTEN Calsoft Labs Services
Alten Calsoft Labs offers product engineering services to NEMs to help them reduce time-to-market to develop high performance
security solutions for residential and enterprise deployments. Our services include:
†
†
VNF Development, Customization & Integration
VNF Benchmarking & Performance optimization
†
†
ETSI compliant MANO solution development
VNF Porting across hardware, hypervisor and OS environments
vFirewall components (ACL, IDS/IPS or AVC)
can be deployed in a service chain along with
other VNFs such as VPN, NAT, Router, etc. to
bring greater flexibility and efficiency to NFV
deployments.
vFirewall can used to build application-aware
enterprise firewalls with IDS/IPS capability in
OpenStack orchestrated private clouds, or
public clouds such as AWS, Google Cloud, etc.
vFirewall can be integrated as a standalone
VNFC to develop solutions for Subscriber
analytics, Content caching, Application
security and QoS.
vFirewall as VNF ComponentEnterprise FirewallNFV Service Chain