Deep Packet Inspection (DPI) is playing an increasingly important role in networking today, becoming more and more of a service enabler for quality of experience (QoE), data center and network security, Virtual CPE services, network and subscriber analytics, and more. With advancements in Network Function Virtualization (NFV) and Software Defined Networking (SDN), new use cases for Virtualized Deep Packet Inspection (vDPI), or DPI solutions such as Virtual Firewall deployed at a virtual network function (VNF), have emerged.
ALTEN Calsoft Labs’ Virtual Firewall Framework is a reusable high performance DPDK optimized security solution developed to run on Intel x86 based platforms that can be used by Network Equipment Manufacturers (NEM) to develop customized Virtual CPE (vCPE), Firewall or IDS/IPS solutions for network operators. Software and hardware architecture of our Virtual Firewall Framework delivers up to 5x performance over traditional Linux appliances based on x86 processors. It forms an integral part of our vCPE solution with the addition of Firewall, IDS/IPS and application-aware QoS services. The framework offers an optimized and balanced combination of Access Control Lists (ACL), Stateful Firewall, Intrusion Detection/Prevention and application visibility & control. ALTEN Calsoft Labs’ vFirewall Framework is able to deliver industry leading performance by using innovative techniques such as Receive side scaling, hyper threading, SIMD instructions, and by keeping the signature database small enough to fit in to the processor cache thereby avoiding memory calls during runtime packet processing.
This security solution is developed to run on Intel x86 based platforms, using Intel DPDK (Data Plane Development Kit) Software Development Kit (SDK). The next gen firewall, deeply integrated with our DPI framework adds strong security functionality to the complete solution. The solution addresses a need for security tools to prevent increasingly sophisticated attacks, with sufficient intelligence and automation to take the guesswork out of attack prevention and resolution. The solution is optimized and balanced combination of Access Control Lists, Stateful Firewall, Intrusion Detection/Prevention system (IDS/IPS) & Application Visibility & control (AVC).