networkZONE Products for the week of January 15, 2007
Mistletoe Technologies Says…
Enterprise-Class Security Protection For Small-To-Medium
Businesses
Integrated system-on-a-chip provides high-speed layer 4-7
network processing for security appliances
Mistletoe Technologies, Inc. has announced the first security product for the small-to-medium business (SMB) market that allows system manufacturers to add powerful value-add capabilities such as anti-virus and intrusion detection and prevention (IDP) services without sacrificing system performance or security. The VF2110 provides enterprise-class security performance and protection for the SMB market, enabling system manufacturers to develop feature-rich systems that are ideal for deployment by value-added resellers (VARs) and Internet service providers (ISPs).
Based on Mistletoe's patented RDX (Re-loadable Direct Execution) technology, the VF2110 enables systems to offer high-performance anti-virus processing and deep packet inspection for application-level protection. This contrasts with many legacy security systems, where the activation of these functions reduces security performance by over 90 percent, from hundreds of megabits per second performance down to less than five megabits per second. Systems using Mistletoe products enable VARs and ISPs to eliminate the traditional patchwork of additional security appliances historically used to support these features. This reduces end customer capital expenditures and lowers operational costs by simplifying network management.
"By developing the first architecture optimized for Layer 4-7 network processing, Mistletoe Technologies has made it possible to economically add intelligence to the network, without sacrificing performance or features," said Michael McDonald, vice president of marketing for Mistletoe Technologies. "This makes our architecture particularly well-suited for the SMB market, where security, features and cost are all strongly valued".
Mistletoe Technologies' patented RDX technology enables system manufacturers to intelligently process Layer 4-7 network data with a purpose-built ASIC to improve security and significantly increase performance, lower power consumption and reduce overall system cost. Alternative architectures based on generic general purpose processors are rapidly saturated by basic security functions such as VPN and firewall, forcing a compromise in security, performance or cost whenever new functions are added. The RDX core technology optimizes Layer 4-7 processing, in much the same way that dedicated ASICs enabled the rapid and cost-effective migration from Ethernet to Gigabit Ethernet.
This fundamental architectural change dramatically reduces a multi-gigabit security appliance to the size of a deck of playing cards. The RDX architecture's increased Layer 4-7 capability improves network and server utilization through intelligent load balancing, provides inherent protection against distributed denial of service (DDoS) attacks and supports application-based routing and billing, among many other things. In addition, it enables major system manufacturers to leverage in-house software to provide a seamless roadmap for customers, reduce development time, retain product differentiation, and lower development risk.
Systems based on the Mistletoe RDX technology are shipping in the market today and are actively protecting major networks.
About the Mistletoe VF2110
Mistletoe Technologies' VF2110 is a highly integrated SoC for next-generation
SMB security products. As a dedicated security ASIC, it reduces latency
and consistently provides 200 Megabits per second (Mbps) firewall and virtual
private network throughput for all packet sizes, making it well-suited for
VoIP and gaming applications. It supports two Gigabit Ethernet ports, which
can be easily extended to support a variety of Gigabit and Fast Ethernet
port configurations with an inexpensive external Ethernet switch chip. Targeting
the performance requirements of the SMB, the VF2110 supports 65,000 sessions,
300 policies and 250 tunnels.
The VF2110 also supports a variety of mechanisms to detect and prevent intrusions and attacks including:
To accelerate time-to-market and reduce development costs, Mistletoe
Technologies offers a reference platform as well as turn-key solutions for
customers. These complete software and hardware packages enable customers
to easily and rapidly bring a product to market. In addition, major OEMs
with their own software can easily integrate their own proprietary security
and routing software.
analogZONE Says . . .
Sometimes smaller is better. Take, for example, the VF2110, a scaled-down (200 Mbit/s - 1 Gbit/s), version of their multi-Gigabit RDX (re-loadable direct execution) security processor (reviewed here in depth May 2006: time and space do not permit a full explanation of the RDX architecture here, but, if you're interested, the earlier review includes a brief overview, and Mistletoe has posted a much more detailed technical primer). This less expensive, lower-powered processor has been tailored to address the needs of the SMB market where the need is high and the potential sales volumes are even higher. Much like the original chip is allowing OEMs/ODMs to build enterprise class security products at a fraction of the $50 k prices they traditionally sold for, the new chip is designed to cut the cost of sub-Gigabit UTMs, firewalls, and other packet processing/filtering boxes down to a very modest $500 - $1500.
Mistletoe has adjusted the VF2110 innards to these smaller, higher-volume applications by scaling down its price and performance and providing interfaces that are appropriate to the slower systems and compact form factors it is expected to serve in. Its integrated PCI-X bus allows it to slide easily into a generic server box or other low-cost chassis sports, while two RGMII GbE ports give you all the throughput you need. This smaller, slower processor can only support 65 k secure sessions (instead of 500 k), 250 VPN tunnels (vs 20 k) and 300 policies (vs 24 k), but it also boasts dramatically-reduced operating power. While Mistletoe was a bit cagey about precise numbers, they would reveal that many of the products they've seen based on this processor drawing 15 W - 25 W -- a far cry from the 100 W - 200 W current security appliances of equivalent capacity.
The high level of integration
Mistletoe crammed into its RDX means that about the only thing you have
to add for most low-end applications is small chunk of DRAM (256 Mbyte -1
Gbyte), a PHY and the switching silicon of your choice (see Fig. 1). About
the only other thing you might have to add would be a TCAM (typically NetLogic)
if your design needs to support a large access control list (i.e., 10s of
1000s of entries).
In keeping with the SMB space it's expected to serve in, they've also added load balancing feature to help businesses make best use of the redundant ISP services they often use. A new chunk of microcode allows the VF2110 to make efficient use of both Internet connections rather than let one stand by on idle in case of failover - implemented by new microcode in the RDX that supports load balancing control plane algorithms.
Like its big brother, the processor's programmability can support pre-developed canned applications or custom software. It will also enable OEMs to easily add their own code for value-add and support of proprietary protocols. Besides writing their own applications, manufacturers can offer software-based upgrades and subscription services to keep customers protected from the latest threats.
The VF2110 is currently sampling to early access
customers. Mistletoe was very reluctant to discuss specific pricing but
given Mistletoe's claims that the device allows manufacturers to build 200
Mbit/s - 500 Mbit/s security appliances that carry street prices of $750
- $1,000, I'd back out a rough estimate of volume pricing AT somewhere between
$75 and $150. Despite repeated requests, Mistletoe was unable to furnish
links to data sheets, but will make them available upon request.
|
| ||||
