Achieving Low-Latency Security

Similar documents
- Introduction to PIX/ASA Firewalls -

Cisco Integrated Services Routers Performance Overview

50. DFN Betriebstagung

Demonstrating the high performance and feature richness of the compact MX Series

Layer 3 Network + Dedicated Internet Connectivity

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

SEC , Cisco Systems, Inc. All rights reserved.

Radware s Attack Mitigation Solution On-line Business Protection

Table of Contents. Cisco How Does Load Balancing Work?

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

Virtual Privacy vs. Real Security

Bivio 7000 Series Network Appliance Platforms

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Cisco Network Convergence System 6000 Series 10-Port 100-Gbps Multiservice Line Cards with Cisco AnyPort Technology

Enhance Service Delivery and Accelerate Financial Applications with Consolidated Market Data

Colt IP VPN Services Colt Technology Services Group Limited. All rights reserved.

VXLAN: Scaling Data Center Capacity. White Paper

Block based, file-based, combination. Component based, solution based

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Faculty of Engineering Computer Engineering Department Islamic University of Gaza Network Chapter# 19 INTERNETWORK OPERATION

IP SAN Best Practices

Network Simulation Traffic, Paths and Impairment

High Performance VPN Solutions Over Satellite Networks

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Integrated Services Router with the "AIM-VPN/SSL" Module

Accelerating UTM with Specialized Hardware WHITE PAPER

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Computer Networks CS321

High performance security for low-latency networks

Lab Testing Summary Report

Integrated Services Router with the "AIM-VPN/SSL" Module

VMWARE WHITE PAPER 1

White Paper Solarflare High-Performance Computing (HPC) Applications

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

CompTIA Network+ (Exam N10-005)

Preparing Your IP Network for High Definition Video Conferencing

Course Contents CCNP (CISco certified network professional)

Performance of Software Switching

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer

Torii-HLMAC: Torii-HLMAC: Fat Tree Data Center Architecture Elisa Rojas University of Alcala (Spain)

TCP Offload Engines. As network interconnect speeds advance to Gigabit. Introduction to

Transport and Network Layer

Secured Voice over VPN Tunnel and QoS. Feature Paper

Question: 3 When using Application Intelligence, Server Time may be defined as.

A SENSIBLE GUIDE TO LATENCY MANAGEMENT

Router Architectures

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Influence of Load Balancing on Quality of Real Time Data Transmission*

EXINDA NETWORKS. Deployment Topologies

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Brocade SDN 2015 NFV

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Strategies. Addressing and Routing

Technical Brief. DualNet with Teaming Advanced Networking. October 2006 TB _v02

Introduction. Technology background

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP

Data Center Architecture Overview

Understanding Latency in IP Telephony

NComputing L-Series LAN Deployment

Group Encrypted Transport VPN

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NETWORK SERVICES

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Preparing Your IP network for High Definition Video Conferencing

DEFENSE NETWORK FAQS DATA SHEET

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

FWSM introduction Intro 5/1

Copyright 2008 Link Technologies,Inc. A Proud Vendor Member of the

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

The Evolution of the Enterprise And Enterprise Security

Definition of a White Box. Benefits of White Boxes

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

TechBrief Introduction

Allen-Bradley Stratix 5700 Network Address Translation (NAT)

1Fortinet. 2How Logtrust. Firewall technologies from Fortinet offer integrated, As your business grows and volumes of data increase,

SAN Conceptual and Design Basics

Designing and Developing Scalable IP Networks

Low Latency 10 GbE Switching for Data Center, Cluster and Storage Interconnect

Cisco Wireless Security Gateway R2

Data Center and Cloud Computing Market Landscape and Challenges

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

Cisco VPN Internal Service Module for Cisco ISR G2

INTRODUCTION TO FIREWALL SECURITY

Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip

Leased Line + Remote Dial-in connectivity

Versalar Switch Router Market Opportunity and Product Overview

Frequently Asked Questions

Wherever there is a conflict, the Addenda to the RFP document and the RFP document (in that order) override the explanations that are provided here.

VPN. Date: 4/15/2004 By: Heena Patel

Making Multicore Work and Measuring its Benefits. Markus Levy, president EEMBC and Multicore Association

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Transcription:

Achieving Low-Latency Security In Today's Competitive, Regulatory and High-Speed Transaction Environment Darren Turnbull, VP Strategic Solutions - Fortinet

Agenda 1 2 3 Firewall Architecture Typical Requirements 2

What is latency? Latency defines your reaction time to an event with the delay in completing a task At the simplest level you receive input, make a decision and take an action, this all takes time Different system components contribute to the latency, but the total value is all that we care about Latency accumulates APPLICATION MIDDLEWARE NETWORK

Impact of Latency It depends Consider different applications Media Streaming Voice over IP Email Web Browsing Peer to Peer networks Financial Market Data Algorithmic Trading 4

Impact of Latency It depends Consider different applications Media Streaming Voice over IP Email Web Browsing Peer to Peer networks Financial Market Data Algorithmic Trading TIME = MONEY 5

Making Time Your competitive advantage is derived from doing the right thing, first! You have no more time than the competition You can not make more time You need to use less of the available time Available time means the time used by your competition

Agenda 1 Latency and Time 2 3 Typical Requirements 7

Firewall Perception Firewalls were not designed with low latency in mind Throughput sensitive to packet size Latency is bad Firewalls become more complex over time Oversized rule base Limited, or no optimization Unable to effectively process multicast traffic Traditional firewalls start dropping packets at modest traffic levels Reducing firewall latency is the final piece of any optimization strategy

Why Do I Need a Firewall? Allows you to define a trusted set of connections between devices, people, companies and monitor them Enables topology hiding Infrastructure is not exposed to potential attack One external address ROUTER CLIENT FIREWALL Enables connectivity between conflicting networks Network Address Translation MARKET / EXCHANGE Compliance Requirement

Physical Limits on Latency Range Serialization delays Due to physical port speeds and internal connectivity bottlenecks in the case of distributed architectures Bits on the wire Propagation delays Caused by distance Limited by the speed of light No easy fix! Sample numbers Assume our crow flies straight In a vacuum Doesn t stop on the way And doesn t want to come back Triple these numbers to get latency 19 NEW YORK 27 BEIJING TOKYO 32

Latency Range Things We Change Features versus Performance Software based solutions are limited by general purpose CPU performance Offloading features in to hardware is more difficult A flexible approach is needed Distributed Architectures Are created to solve problems Latency is not always the prime consideration Complex to scale

Multicast and Unicast Unicast traffic has a one to one relationship between the sender and receiver. Multicast traffic is intended for multiple destinations from a single source A multicast packet can require replication by network devices to ensure all receivers are sent the data Multicast traffic is typically handles differently to unicast within a firewalll FortiGate can provide acceleration of both unicast, and multicast traffic types

Market Data Throughput Ideally delivered via multicast Network Address Translation requirement Source and destination Traditional Firewall Up to 100M Throughput Market data feeds typically fall under the same security policies as unicast data Provides particular challenges for traditional firewall solutions Greater than 100M Throughput Fortinet solution can provide more than 4.5Gbps of multicast forwarding 4.5Gps Throughput

Security Processor Offload Part of the FortiASIC family Security Processor Module includes physical connectivity and processing power Processing takes place at the interface level Phase 1 Full IPS Signature Analysis Simple to scale. Module = Port + Processing IPSec Multicast Unicast and Multicast acceleration Includes Low Latency IPv4 Firewall <2.5us(ADM-XE2) 14

Traditional Firewall Traditional Firewall Management CPU Management CPU Multiple Processing Cards / Modules added separately to I/O Processing Cards / Modules Switch Chip to connect from I/O to processing Switch Dumb I/O Modules or cards for external connectivity I/O I/O I/O I/O 15

Integrated Switch Fabric and the 3950 Series 3950 Architecture Dual Multi-core processors and FortiASIC CP7 for control, setup and proxy functions CPU Block FortiASIC CP7 FortiASIC NP or SP modules for packet processing, fast path forwarding and encryption NP/SP NP/SP NP/SP NP/SP NP/SP NP Integrated Switch Fabric 240Gbps non-blocking low latency path FMC 0 FMC 1 FMC 2 FMC 3 FMC 4 On Board I S F External Connectivity via 2 x 10Gbps or 20 x 1Gbps Ethernet PHY PHY PHY PHY PHY PHY 4x1G Physical port density and processing capability added via FMC Modules 16

Latency Numbers FortiGate firewall can provide unicast and multicast latency of 2.5us for a 64byte packet

Agenda 1 2 Latency and Time Firewall Architecture 3 18

Typical Requirements Total 15 microsecond roundtrip time Sub 5 microsecond Unicast and Multicast Firewall latency True 10Gbit Capabilities Over 2 Gbps Multicast streams Small Packet Size Full BGP and OSPF Routing Capabilities Sub Second High Availability Failover Virtualisation

Why Virtualization? Provides the ability to create customer specific topologies, and services. For example: Allows predictable failover of market data delivery Zero convergence Same data is available via multiple paths Two active streams CLIENT NETWORK

Conclusion Financial Markets provide a demanding set of requirements for even the most advanced traditional firewall vendor Fortinet have worked closely with our Financial market customer base to develop focused solutions to their needs FortiGate Appliance range provides maximum security with minimum latency to the leading financial trading firms and exchanges worldwide, including 9 of the top 10 Fortune banking companies

Questions Come meet us on our stand or contact us at FortiFinance@fortinet.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information