A hardware platform that provides both network traffic protection using modern information security technologies and high performance combined with fault tolerance.
The platform has a modular structure. Depending on the customer's needs, the hardware platform may include one or several different modules with the following functionality:
- cryptographic protection of transmitted data;
- packet routing;
- packet switching;
- packet filtering based on rules;
- detection and prevention of attacks based on anomaly analysis;
- load balancing.
The capacity of modern communication networks is constantly increasing. By increasing the coverage of fiber-optic communication channels, data transmission at a higher speed becomes possible. At the same time, the number of network services is also increasing. If a few years ago the main network services were HTTP, SMTP, routing protocols, now IP telephony, video conferencing and other "heavy" services related to the transfer of media content are becoming more widespread.
The increase in the number of network services leads to the emergence of new and development of existing services and devices that provide these services. These services include the following:
Information security. These services include intelligent firewalling (parsing of packets to the application level, DPI), detection and prevention of network attacks (IPS / IDS), monitoring of information security events (SIEM), control of leaks of transmitted information (DLP) and other information security services
Providing fault tolerance and load balancing network links.
These services include load balancing (NLB) and disaster recovery.
Providing traffic routing services using modern routing protocols such as OSPF, BGP v4 and others.
Provision of services for the transfer of media content (IP telephony, video conferencing, IPTV and others).
Currently, the market offers a wide selection of various network equipment that implements these services. However, in all currently available solutions, the hardware platform is built either on the basis of a physical server or using proprietary microcircuits.
Russian developers of network equipment usually use servers as a hardware platform, which leads to a rather low performance and, therefore, the impossibility of simultaneous use of the entire range of telecommunication services within one platform. Solutions based on specialized network processors (Tilera, Cavium, Netronome, EzChip, Broadcom, etc.) are not flexible enough and, moreover, have a closed nature.
Thus, the closed nature and often inaccessibility of information on the element base and software does not make it possible to research and fully implement new technologies.
In this regard, the main requirements for the platform: accessibility / openness, functionality / versatility, performance.