User manual | Deep Packet Inspection and Application

June 22, 2010
Deep Packet Inspection and Application
Classification with VortiQa Software
Basem Barakat
Senior Systems Engineer Software Products
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
Agenda
► Why
deep packet inspection (DPI) is needed
► What
should be inspected during a given DPI
► DPI
deployment scenarios: intrusion detection system (IDS)
versus intrusion prevention system (IPS)
► DPI
with VortiQa software
► Freescale
solution-centric approach offers DPI
turnkey solution
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
2
Why Deep Packet inspection (DPI) Is Needed?
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
3
Statement of the Problem:
DOS Attacks
► Denial of Service
• Attacker generates unusually large
volume of requests, overwhelming
your server
•
Legitimate users are denied access
•
Can last from a few minutes to
several days
Attacker
broadcast
echo request
source address is
spoofed to be
target’s address
► DOS Topology
• Exploit a bug in TCP/IP
implementation
•
Exploit a shortcoming in the
TCP/IP protocol itself
► DOS Implementations
• Brute-force
• Ping of Death
• Smurf
• SYN Flood
• Teardrop
• ….. And several others
amplifier
network
Target
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
many echo replies are
received by the target,
since most machines
on the amplifier network
respond to the broadcast
Smurf Attack
TM
Statement of the Problem: Code Injection Attacks
► Code
•
•
Code injection is the exploitation of a
bug in a given application running on a
host or server node resulting in getting
the host computer to execute
unauthorized or invalid code
Code injection aim of the attack to alter
the course of execution and again
access and ultimately control the target
node
► Code
•
•
•
•
Injection Attack
Injection Implementation
Shell code injection
SQL injection
HTML script injection
Include file injection
► Buffer
•
Overruns C / C++
void fuction(char *p)
{ char buff[16];
•••
strcp(buff,p); ••• }
► Integer
•
Overflow C/C++
void func(char *b1, size_t c1, char *b2,
size_t c2)
{ const size_t MAX = 48;
if (c1 + c2 > MAX) return;
char *pBuff = new char[MAX];
memcp(pBuff,b1,c1);
memcp(pBuff+c1,b2,c2); }
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
5
Security Gateway Network Deployment Modes
Finance User Group
•Allow access to finance servers
•Deny access to marketing servers
•Deny access to web server
•Allow access to confidential data
CENTRAL SECURITY
MANAGEMENT CENTER
ENTERPRISE NETWORK
Central
Firewall Policy
Management
Server
MARKETING SUBNET
Web Confidential
Server
Data
Marketing Users
Access
Control Lists
INTERNET
Firewall
VortiQa Software Firewall
Firewall
Malicious
Hackers
VortiQa Software Firewall
DoS Attacks
Other Internal Users
HOME OFFICE
Email App
EDI
Server Server Server
Finance Users
FINANCE SUBNET
CENTRAL SERVICES
VortiQa Software
Firewall
Trojan Attack
TELECOMMUTER
Marketing User 1 - Policies
•Allow access to sales server
•Allow remote access
•Allow access to web server
•Deny access to finance server
•Deny access to confidential data
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
Security Zones Concept and Firewall Methodology
►Firewall
Types:
Proxy
• Static packet filters
• Stateful inspection
•
Internet
{WAN}
External Zone
P2020RDB
+
VortiQa
The Self Zone
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
LAN
Corp Zone
TM
Firewall Types
►Proxy
Server Firewall
•
Work at transport or application Layer
•
No direct connection between internal server and external user
•
Validate information based on access rules at service or
application-specific level to provide best protection for applications
•
Less flexible, slow and need more resources
Proxy
Server
Firewall
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Internal
Server
TM
Firewall Types (cont.)
► Static
Packet Filtering Firewall
Operate at networking layer
• Simple, but have limited protection
and utility
•
5 Application
4 Transport Control
Protocol ( TCP )
3 Internet Protocol ( IP )
2 Data Link
► Static
Packet Filtering Firewall
The state of the connection is
monitored all the time
• Filtering at network layer;
screening up to application layer
• Can dynamically change rules
•
5 Application
Disallowed
Allowed
Traffic filtering is based
on the IP address,
Packet type, Port
number of the remote
computer . Etc.
4 Transport Control
Protocol ( TCP )
Disallowed
2 Data Link
A typical firewall
should filter at all the
three levels of the
TCP/IP Stack
1 Physical
1 Physical
Permitted Outgoing Traffic
Allowed
3 Internet Protocol ( IP )
Permitted Outgoing Traffic
Incoming Traffic
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
9
Firewall Packet Inspection Domain
IP selectors (source, destination addresses)
Transport protocol type and port selectors
Transport protocol state tracking
Firewall Packet Processing
IP
TCP/UDP
Payload
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
What Should Be Inspected During a Given DPI?
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
11
Deep Packet Inspection (DPI) Domain
Inspect IP Header
Inspect Transport Header
Inspect Protocol Header
Inspect Protocol Content (Payload)
IPS Packet Processing
IP
http header
TCP
IP
TCP
IP
TCP
IP
IP
TCP
TCP
TCP Buffering / re-sequencing
http payload
http payload
http payload
http payload
http payload
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
12
DPI Operators?
►Malicious
•
content tracking
Search packets for known malicious patterns
►Protocol
state tracking
Validate application protocol parameters against known weaknesses and
vulnerabilities
• Allow only valid state transitions
•
►Traffic
•
rates tracking
Enforce network utilization policies:
Concurrent session counts
ƒ Session setup rate
ƒ Packet, bit or byte rate
ƒ
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
13
Patterns, Regular Expression and “Regex” Formalism
►Formal
language theory calls “patterns” regular expression
or “Regex”
►Regex
1.
has many equivalent presentations
Perl Compatible Regular Expressions (PCRE)
Performance issues
2.
Deterministic Finite Automaton (DFA)
State explosion issues
3.
Nondeterministic Finite Automaton (NFA)
Finite number of patterns can be supported.
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
14
DPI Implementation Options:
►Brute
force DPI: Apply all rules
on all traffic type
•
Simple system architecture
•
Too many false positive
•
Low system performance
►Classified
DPI: Divide rules
into classes and apply only
to relevant traffic
Complex system architecture
• Lower false positive
• Higher performance
•
• http traffic
http rules • TCP traffic
http
rules
FTP
Rules
UDP
Rules
• FTP traffic
FTP Rules • TCP traffic
• UDP traffic
UDP Rules • IP Traffic
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
15
DPI Deployment Scenarios:
Intrusion Detection System (IDS)
vs. Intrusion Prevention System (IPS)
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
16
DPI Deployment Topology: IPS vs. IDS Deployment
External
Network
DPI as an IDS
“Tap mode”
DPI as Inline IPS
IDS Manager
IPS Manager
Traffic is sniffed only
Traffic inspected inline
Internal Networks
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Inline L3
mode
•Packets are intercepted at the IP
Layer.
Inline L2
mode
•Packet are intercepted at the
bridge layer.
TM
SOHO / Residential Gateway Deployment
FRIENDS ONLINE
SCHOOL WORK
URL Keyword Filtering
INTERNET
DoS Attacks
FRIENDS ONLINE
Malicious
Hackers
OFFICE VPN CONNECTION
Confidential Data
SCHOOL WORK
BANKING
SHOPPING
NEWS AND ENTERTAINMENT
TRAVEL AND LEISURE
IPsec VPN
BANKING
SHOPPING
NEWS AND ENTERTAINMENT
TRAVEL AND LEISURE
Firewall
x
HOMEOFFICE
LAPTOP WITH WIRELESS LAN
CONNECTION 802.11A/G/N
Email EDI
Server Server
Unauthorized
Users
Wireless
Security
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
Enterprise Network Equipment Deployment
ENTERPRISE NETWORK
Logging Console
Admin Console
Web Confidential
Server
Data
Trojan Attack
MARKETING SUBNET
Marketing Users
INTERNET
Corporate LAN
Insider Attacks
MALICIOUS HACKERS
Other Internal Users
DoS Attacks
Application
Attacks
OS Finger
Printing Attacks
DMZ
Email App
EDI
Server Server Server
Un-patched
Application
security hole
Finance Users
FINANCE SUBNET
CENTRAL SERVICES
Anti-NIDS
Attacks
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
DPI with VortiQa Software
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
20
DPI with VortiQa Software for Enterprise Network: Inline IPS
► Detects
•
•
•
Signature based detection
Protocol anomaly detection
Traffic anomaly detection
► Flexible
•
•
and prevents intrusions
to adopt various acceleration methods
Built-in software pattern-matching engines
(software DFA engine, PCRE)
Fully integrated with PME 1.0 and PME 2.0
► P2P
traffic detection, and traffic rate
enforcement
•
•
Enforce concurrent session count settings
Enforce sessions rate settings
► Lower
•
•
•
•
false positives
Context based signature verification
Application engines (HTTP, SMTP, FTP, TCP,UDP,IP)
Superior rule formats with application specific keywords
Rules classified to granular levels by application category
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
21
VortiQa Software for Enterprise Network:
IPS Signature Classification
► IPS
•
•
rules are classified into various buckets to minimize search space.
Rules are classified based on Application type.
Rules are further divided into Content-Search Rules, Non-Content Rules.
(Rules with header fields, flags, integers, etc)
IPS rules
HTTP rules
Content
search rules
SMTP rules
DNS rules
TCP rules
UDP rules
IP rules
Non-Content
Search rules
Selector 1
Selector 2
……..
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Software for Enterprise Network:
Protocol Anomaly Detection
►Built-in traffic normalization – full defrag, reassembly and legal
behavior enforcement
IP fragmentation overlap, options etc.
• TCP segmentation overlap, options usage etc.
• All checksum/length consistency
•
►Application
•
•
•
•
•
protocol behavior – deep application protocol parsing
Illegal field values and combinations, e.g. DNS request
Illegal commands usage, e.g. HTTP and SMTP
Unusually long or short field lengths
Unusual number of occurrence of particular fields/commands
Unexpected state transition sequences – suggesting service
configuration vulnerability or attack attempts
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
23
Sample of Protocol Anomaly Rules
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
18099
14999
6099
2999
349
18098
6098
2998
348
18097
6097
2997
447
347
18096
6096
2996
446
346
445
SNMP : wrong data type
POP(3) Request Command Buffer Overflow Vulnerability
FTPd buffer overflow vulnerability
Smtp Data has more than maximum configured number of Boundarys.
HTTP v0.9 Syntax Request detection
SNMP: wrong length
FTP Bounce Attack
Smtp Mime Header exceeding configured maximum limit
IDS evasion detection - NULL Character at the end of URI
SNMP: wrong Version value
Invalid PORT command in FTP command line
Smtp Header Length exceeding configured maximum limit.
HTTP multiple content length field vulnerability
HTTP malformed Request detection
SNMP: wrong PDU value
Invalid FTP Command
SMTP command with command length exceeding 512 bytes detected.
IIS %u Unicode wide character encoding vulnerability
Detection of large number of request header lines
Double Percent Hex encoding vulnerability
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
24
VortiQa Software for Enterprise Network:
Traffic Anomaly Detection
► Administrators
can define normal
traffic behavior
•
•
•
•
Connection rates
Concurrent connection counts
Packet rates
Byte rates
► Anything
exceeds normal
behavior, is an anomaly
•
•
Limit traffic to configured rate
Block traffic for specified time period
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Software for Enterprise Network:
Log Viewer and Reporting Facilities
►Logs
and reports
•
List all real-time events
for easy monitoring and
administration
•
Examine and analyze
event and conduct
network forensic
activities
•
Generate periodic
reports
•
Generate alerts
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
26
VortiQa Softeware IPS Signatures – Syntax and Semantics
LOCAL=rule:3011; pktdir:inbound; logth:1;
timeth:5;issuemask:MMMMM;SELECTOR= SIP:202.16.10.1;
DIP:172.16.3.5;IPPROTO:UDP; SP:666; DP:2140;DIR:INIT; DETECT= content: fcmd.exe;ACTION=TYPE:info;
Rule: 3011
Intoto rule Id, which has to be unique
pktdir: inbound
Packet Direction.
logth:1
Log threshold value.
timeth : 5
Time threshold value.
issuemask:MMMMM
calculation
message..
Issue mask is used for the forensic record based threshold
for generating the log
SIP: 202.16.10.1
Source IP Address from which the packet is originating
DIP: 172.16.3.5
Destination IP Address
IPPROTO: UDP
Layer 4 protocol
SP: 666
Source port
DP: 2140
Destination port
DIR:INIT
Initiator
Content:f-cmd.exe
Contents to be detected in the packet
TYPE:info
Generate log message
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Software Integrated Signature Editor
►GUI
based
signature editor
•
Enable user to author
and upload locally
created signatures
on the fly
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
28
VortiQa Signature Server Infrastructures
► VortiQa
signature servers offer periodic and manual signature download support
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
29
Freescale Solution-Centric Approach
Offers DPI Turnkey Solution
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
30
Continues Our Embedded Leadership Tradition
A new era of networking requires a new way of thinking.
QorIQ P4080
Our Heritage:
► 3rd
•
QorIQ P2020
•
•
Introduced
in 2008
QorIQ P1020
•
•
PowerQUICC
(1995)
PowerQUICC II
(1998)
PowerQUICC III
(2002)
Gen-1: CPM MPC8260
Gen-2: QUICC Engine MPC8360
Gen-3: DPAA QorIQ P4080
► Accelerating
•
PowerQUICC III
Dual-core
(2004)
Generation Data Path
•
eTSEC
SEC 4.0
PME 2.0
PCIe, Serial RapidIO, XAUI
► Power
PowerQUICC II Pro
(2004)
•
•
•
Connectivity
Architecture ISA
e500 PowerQUICC III
e500 QorIQ P1, P2 platforms
e500mc QorIQ P3, P4 platforms
PowerQUICC Processors
Communications Processors
No. 1 supplier of communications processors
No. 1 in embedded for communications
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
31
Deep Packet Inspection Performance Dependency Matrix
Firewall VPN Gateway
IPS and Anti Virus gateways
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
Freescale Recommended DPI Processors
In general, any Freescale processor could run DPI type application.
However, the following processor families are expected to perform well.
► P1
•
•
•
and P2 P2020, P1020, P1011
L2 Cache
High CPU clock
Single / dual cores
► MPC8572
•
•
•
•
PME 1.1
L2 Cache
High CPU clock
Dual cores
► P4080
•
•
•
•
•
PME 1.1
DPAA architecture
L2 Cache
High CPU clock
Eight cores
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
33
Freescale Pattern Matching Engine Key Features
► MPC8572
•
PME 1.x
The MPC8572 PowerQUICC III
processor has an inbuilt patternmatching engine (PME) that
implements a NFA data examination
engine with the following capabilities:
► P4080
•
PME 2.x
The P4080 QorIQ processor has a built
in pattern-matching engine that
implements a NFA data examination
engine with the following capabilities:
ƒ
Up to 16000 Regex patterns can be configured
and the patterns can be divided into 256 non
overlapping sets
32000 Regex patterns can be configured and
the patterns can be divided into 256 non
overlapping sets
ƒ
Each set can have up to 16 subsets resulting in
256*16 groups
Each set can have upto 16 subsets resulting im
256*16 groups
ƒ
Pattern Matching across packet boundaries
ƒ
Pattern matching across packet boundaries
ƒ
ƒ
A max of 128M sessions are supported (with
session context size of 32 bytes)
Stateful rule engine to enable application
protocol tracking and stateful pattern matching
ƒ
Pattern lengths between 1 and 128 bytes
ƒ
ƒ
ƒ
Stateful rule engine to enable application
protocol tracking and stateful pattern matching
ƒ
Pattern lengths between 1 and 128 bytes
ƒ
A max of 8192 stateful rules are supported
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
34
Freescale Application Software Product Line
VortiQa Software
►
Freescale VortiQa software products are designed to
accelerate product development and increase the pace
of innovation
►
Market segment focus
•
•
•
►
VortiQa product lines of production-ready software
applications:
•
•
•
•
►
IP services
Security appliances
SMB and multi-service business gateways (MSBGs)
VortiQa software for service provider equipment
VortiQa software for enterprise network equipment
VortiQa software for small business gateways
VortiQa software for SOHO/residential gateways
A comprehensive solution-centric approach for
networking applications in targeted vertical segments:
•
•
•
Silicon – QorIQ and PowerQUICC communications processors
Software – VortiQa software products
Expanded ecosystem - hardware, OS, ISVs and system integrators
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
35
Freescale UTM Appliance Performance
Highly Competitive Performance
UTM Appliance
UTM-2020, 1.2 GHz, 2 cores
VortiQa software for enterprise equipment
UTM-4080, 1.5 GHz, 8 cores
VortiQa software service provider equipment
UTM-8572, 1.5 GHz, 2 cores
VortiQa software for enterprise equipment
Firewall
IPsec VPN
IPsec VPN
AES32-SHA1 3DES-SHA1
IPS
SW DFA
4 Gbps
1.3 Gbps
1.3 Gbps
494 Mbps
20 Gbps*
10 Gbps*
10 Gbps*
N/A
4 Gbps
1.4 Gbps
1.3 Gbps
661 Mbps
• Performance numbers are measured or estimated for big packet size traffic
• Firewall performance is saturated at line rate
• P4080-based UTM performance estimates based on cycle-accurate model
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Software for Enterprise Equipment
Firewall Performance
UTM-2020
Test Objective:
Show VortiQa Linux SMP / firewall
P2020 performance capabilities
IXIA
Required data:
1. Live data: UDP traffic, for 64, IMIX,
and 512 bytes packets.
IxExplorer Console
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Security Appliance
Firewall Performance
Secure Appliance P2020 1.0Ghz - VortiQa Firewall
100%
4000
90%
3500
80%
70%
2500
60%
2000
50%
40%
1500
30%
1000
CPU Utilization
Throughput (Mbps)
3000
20%
500
10%
0
0%
64
256
IMIX
390
512
1024
1518
Packet Size
Perf (Mpbs)
CPU Utilization
Performance measurement configuration footnotes:
Silicon: P2020
Per Core CPU frequency: 1.0 Ghz
L1-I/L1-D/L2/L3 Cache: TBD
Board: Security Appliance
DDR Frequency: 1.3 Ghz
RAM: 4 GB
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Board Clock: TBD Mhz
Sec 4 Frequency: TBD Mhz
Interfaces: 4 x 1 GbE;
TM
VortiQa Software for Enterprise Equipment
IPS Breaking Point Vulnerabilities Demo
UTM-2020
Test Objective:
Breaking
Point
Show VortiQa enterprise IPS
capabilities using Breaking Point tools
Required data:
1. http server side attacks coverage
2. Others …
Breaking Point/ VortiQa Console
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Security Appliance
IPS (with Firewall) Performance
Security Appliance P2020 1.0Ghz IPS Performance
600
T h r o u p u t (M b p s )
500
400
300
200
100
0
64
256
345
IMIX
390
512
1024
1518
Packet Size
Performance measurement configuration footnotes:
Silicon: P2020
Per Core CPU frequency: 1.0 Ghz
L1-I/L1-D/L2/L3 Cache: TBD
Board: Security Appliance
DDR Frequency: 800 Mhz
RAM: 4 GB
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Board Clock: TBD Mhz
Sec 3 Frequency: TBD Mhz
Interfaces: 4 x 1 GbE;
TM
VortiQa Software for Service Provider
P4080 10 Gbps Firewall Performance - DPAA
P4080 DS
P4080 XAUI 10G BaseT Interface
Dell XAUI 10G BaseT Interface
{Rear}
Aggregate 10 1G interfaces
Into
1 10G interface
VLAN 10
VLAN 9
VLAN 8
VLAN 7
VLAN 6
VLAN 5
VLAN 4
VLAN 3
VLAN 2
VLAN 1
Dell 10 1 G BaseT Interface
{Front }
IXIA 10 1 G BaseT Interface
IXIA
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
VortiQa Application Performance
Line Rates
P4080 VortiQa NAT+Firewall Application Performance
(Using 1 XAUI Interface)
12
Throughput (Gbps)
10
8
6
4
2
64 Byte
128 Byte
IMIX
390 Byte
1024 Byte
1518 Byte
Packet Size
1 Core
2 Core
4 Core
7 Core
Performance measurement configuration footnotes:
Silicon: P4080 Rev1
Per Core CPU frequency: 1.5 Ghz
L1-I/L1-D/L2/L3 Cache: 32K/32K/128K/2MB
Firewall: 1 K Sessions
Board: Rev B P4080 DS
DDR Frequency: 1.3 Ghz
RAM: 4 GB
IPSec: 8 Tunnels
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Board Clock: 700 Mhz
Sec 4 Frequency: 350 Mhz
Interfaces: 1 x 10 GbE;
TM
VortiQa Application Performance
Substantial Processor Headroom
P4080 VortiQa NAT+Firewal CPU Utilization at Optimal Performance
(Using 1 XAUI Interface)
120%
CPU Utilization
100%
80%
60%
40%
20%
0%
64 Byte
128 Byte
IMIX
390 Byte
1024 Byte
1518 Byte
Packet Size
1 Core
2 Core
4 Core
7 Core
Performance measurement configuration footnotes:
Silicon: P4080 Rev1
Per Core CPU frequency: 1.5 Ghz
L1-I/L1-D/L2/L3 Cache: 32K/32K/128K/2MB
Firewall: 1 K Sessions
Board: Rev B P4080 DS
DDR Frequency: 1.3 Ghz
RAM: 4 GB
IPSec: 8 Tunnels
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Board Clock: 700 Mhz
Sec 4 Frequency: 350 Mhz
Interfaces: 1 x 10 GbE;
TM
VortiQa Application Performance
20 Gbps
P4080 VortiQa Firewall Application Performance
(Projected with 2XAUI Interfaces)
25
Throughtput (Gbps)
20
15
10
5
0
64 Byte
128 Byte
IMIX
390 Byte
1024 Byte
1518 Byte
Packet Size
1 Core
2 Core
4 Core
7 Core
Performance measurement configuration footnotes:
Silicon: P4080 Rev1
Per Core CPU frequency: 1.5 Ghz
L1-I/L1-D/L2/L3 Cache: 32K/32K/128K/2MB
Firewall: 1 K Sessions
Board: Rev B P4080 DS
DDR Frequency: 1.3 Ghz
RAM: 4 GB
IPSec: 8 Tunnels
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
Board Clock: 700 Mhz
Sec 4 Frequency: 350 Mhz
Interfaces: 1 x 10 GbE;
TM
Security Appliance Segment Mapping
High-level Overview
Datacenter/Carrier
•
•
•
•
•
•
•
Mid-/High-end Enterprise
•
•
•
•
•
•
•
Small Enterprise/SME
•
•
•
•
•
•
•
FW Throughput: 1-2 Gbps
VPN tunnels: 2K
FW/IPS sessions: 100K
FW policies: 1k; sessions/s:5K
VPN: 500Mbps; Tunnels/sec: 10
Firewall/IPS: 500Mbps – 1Gbps
Anti Virus: 100 HTTP obj./sec
FW throughput: 2-5 Gbps
VPN tunnels: 10K
FW/IPS sessions: 250K
FW policies: 5k; sessions/s:15K
VPN: 1-2 Gbps; Tunnels/sec: 50
Firewall/IPS: 1-2 Gbps
Anti Virus: 500 HTTP obj./sec
Datacenter/Carrier
Infrastructure
FW throughput: 6 – 10 Gbps
VPN tunnels: 100K
FW/IPS sessions: 1 Million
FW policies: 10k; sessions/s:100K
VPN: 5-10Gbps; Tunnels/sec: 500
Firewall/IPS: 4-8 Gbps
Anti Virus: 2500 HTTP obj./sec
Multicore w/ Crypto and RegEx
High-end
Enterprise
Multicore w/Crypto and RegEx
Mid-end
Enterprise
SoC or Multicore w/Crypto
Small Business
Small Enterprise
Notes on Performance / Cost Estimates:
• Subject to hardware configuration; may vary substantially
• All performance numbers are target numbers as estimated to
be required for individual deployments and are estimated with
VortiQa software product; subject to interpretation and
detailed analysis
SoC w/Crypto
PowerQUICC MPC83xxE processor family
PowerQUICC MPC85xxE processor family
QorIQ P1 and P2 processor family
QorIQ P4, P5 processor family
OS and BSP – Linux®
OS and BSP – Linux and/or LWE
VortiQa software for enterprise equipment
VortiQa software for service provider equipment
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
45
UTM Security Appliance Solutions - Portfolio
UTM
Appliance
ODM
Freescale
Processor
Cores
Core
Frequency
Schedule
Features
UTM-2010
Portwell
QorIQ P2010E
1
1 GHz
August 2010
Small enterprise value systems;
highest performance with lower
power in its class
UTM-2020
Portwell
QorIQ P2020E
2
1 GHz/1.2
GHz
August 2010
Mid enterprise, low power
systems
UTM-4080
Advantech
and O2
Security
QorIQ P4080E
8
1.5 GHz
TBD
High-end enterprise or service
provider systems
UTM-8572
O2 Security
MPC8572E
PowerQUICC III
2
1.2 GHz
Now
Mid-enterprise IPS based
deployments
UTM-8540
O2 Security
MPC8540
PowerQUICC III
1
667 MHz/1
GHz
Now
Small to mid enterprise
• ODM sample boxes are available now
• Schematics and Gerber files are available for Freescale prototype of UTM-2020
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc.,
Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLink
and VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.
TM
TM

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project