Firewall Network Processor: basic concept and solutions - PowerPoint PPT Presentation

Loading...

PPT – Firewall Network Processor: basic concept and solutions PowerPoint presentation | free to download - id: 14a1a9-MWY3M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Firewall Network Processor: basic concept and solutions

Description:

basic concept and solutions FNP is a trademark of Fractel Incorporated ... multi protocol IP/IPX scalable firewall solution ... – PowerPoint PPT presentation

Number of Views:207
Avg rating:3.0/5.0
Slides: 23
Provided by: anon345
Learn more at: http://www.neva.ru
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Firewall Network Processor: basic concept and solutions


1
Firewall Network Processor basic concept and
solutions
  • FNP is a trademark of Fractel Incorporated

2
Content
  • Introduction
  • Network Processor common aspects
  • Network Processor FNP architecture stealth
    mode, performance, functionality
  • Conclusion

3
Introduction distributed network concept and
security aspects
Superposition of overlay layers and networks
  • Distributed Network
  • interconnected grid of paths without sharp
    boundaries between zones,
  • Internet - superposition of the overlay networks
    without central and third-party control point
  • Security aspects
  • all of them depend on the concept of trust
    third-party of direct
  • Where are the boundaries of the trust?

4
Multilevel Network environment and security
problems
virtual grid
channel structure
Physical nodes
5
Network security aspects transit security and
traffic regulation
Traffic- transport and app. control
Transit - packets control
6
Tasks, technology, products
  • Communication
  • Share
  • info apps
  • Remote access
  • Internet presence

Filtering Tunnelling Authentication Encryption
Management
Firewall Anti-virus VPN PKI Security manageme
nt
7
Security concept and basic components
  • Concept Many layers packet processing which
    retains openness of Internet original design.
  • Basic Components
  • administrative solution, including VLANs, Access
    Control Lists, MAC locks
  • special network processor which separate data
    traffic, provide authentication and encryption

8
Network Processor common aspects
  • Definition
  • NPs programmable devices aimed generally at
    communication tasks and packet specific data set.
  • Challenge
  • What are software architectures that are
    effective for network tasks?
  • Why we need new functionality?
  • What do network processors do?

Prototypes Intel IXP 1200 special chip which
combine high-speed core with system bus and 6
programmable microengines. Interphase
iNAV4000 PCI chip which offers unparalleled
features including packet processing and
switching.
9
Basic types of hardware architecture
GPP general purpose
processor CSI common switch
interface (packets) PHY physical network
interface (bytes)
10
FNP core
Filtering module
Service module (logging, authorization, UI
daemon)
Local storage
11
NP basic characteristics
  • manipulate packet specific data on Internet
    layers 2 -4
  • based in open software interface

performance
openness
programmability
Target Deliver hardware level performance of
packet processing tasks to software
programmable system
12
Packet processing tasks
parse
modify
forward
resolve
search
Silicon design limited flexibility wire
speed performance
Program design limited performance new
features can be added
13
Firewall Network Processor (FNP)
  • Processing tasks
  • identifying a packet based on headers
    characteristics (address, VC, protocol, etc)
  • forwarding or discard a packet to the appropriate
    interface(s) (security police rules)
  • Specific tasks (stealth mode)
  • no modification (no updating fields in the packet
    header)
  • no scheduling (no queuing for specific
    application)
  • provide speed improvement through
  • parallel processing (cluster)
  • pipeline processing (conveyor)

14
FNP specific design
  • stealth mode for packet processing (no MAC, IP
    address on PHYs interfaces)
  • orthogonal address spaces for control and data
    interfaces
  • cluster architectures
  • specific structure of buffer and cache memory
    (depends on fractal nature of network traffic)
  • multi protocol IP/IPX scalable firewall solution

15
Architecture for secure corporate network
Open Network Segment
Web database portals
DNS, servers
Confidential catalogues and data
VPN Segment
16
FNP-100 Security Platform
17
Stealth and Control interfaces
FNP-100/4
18
FNP redundancy mode
access segment
access segment
stealth interfaces
stealth interfaces
control VPN or trusted distinct network
segment
c o r p o r a t e s e g m e n t s
protected servers and hosts
19
FNP-1000 Cluster Platform
WDM access (?1,...,?4 modes) MUX or multi Gigabit
VLAN Ethernet splitter
cluster of the security appliances
protected network segment
internal Ethernet 100BT switched infrastructure
20
Multi layers Security conveyor
public Internet
external perimeter of secure network
control commands
transaction data
SNMPdata

SNMPdata

external perimeter of secure network
inner perimeter of secure network
21
Performance characteristics
throughput (Mbps) vs packet size (byte)
throughput (Mbps) vs number of rules
22
Conclusion
  • Network Processor (NP) - a new type of
    programmable device for network specific
    applications
  • FNP or Firewall NP - scalable network device
    based on open source OS, standard PCI platform
    and stealth interfaces
  • FNP can be viewed as a platform for broad types
    of network appliances which based on clusters
    architecture and many layers packets processing
About PowerShow.com