| Device Profile: Bivio 7000 deep packet inspection appliance |
(Mar. 8, 2007)
 Bivio Networks has added a high-end model to its line of Linux-based network appliances for deep packet inspection. The 7000 runs the company's Linux-based BiviOS on an interesting AMP (asymmetrical multiprocessing) architecture claimed capable of wirespeed network application processing at 10 gigabits-per-second.
As with earlier Bivio network appliance platforms, the 7000 is intended for use as a network appliance platform on which engineers can implement custom applications. Company CEO Elan Amir explains, "Target markets include security application vendors, network equipment manufacturers, financial institutions, and managed network service providers planning to deliver policy-centric managed security, storage, voice, and mobility services to consumers, large financial, and enterprise customers."
Amir adds that Bivio has a "strong presence" providing platforms to federal agencies deploying GOTS and COTS systems for network monitoring, analysis, surveillance, content filtering, and leak prevention. In other words, you may be soaking in it now.
Like Bivio's original Bivio 500 Linux-based networking appliance, the 7000 has an asymmetrical multiprocessing (AMP) architecture with separate processor sub-systems for network/data processing, application processing, and management/control processing. Amir claims this approach offers the performance of an ASIC (application-specific integrated circuit), along with the lower cost and greater flexibility of "server-based" approaches. "The 7000 is the first 10Gbps network appliance priced below $10,000," he said.
What's under the hood?
The 7000's application processing sub-system comprises between one and six of Freescale's dual-core 1.5GHz MPC8641D PowerPC processors. Each processor supports up to 4GB of DDR2 RAM, and runs its own unique instance of Linux.
Amir said that when fully configured, the 7000's application processing subsystem offers 45,000 MIPS -- enough to run "any IP network service" at wire speeds up to 10Gbps -- including IDS/IDP, firewalling, VPN, network surveillance, lawful interception, and application traffic management. "Developers can use any of the standard Linux components (such as iptables) as part of their deep packet processing applications," he notes.
Additionally, PCI Express hardware acceleration cards are available for a variety of well-defined computational tasks, including IPSec VPNs, SSL acceleration, and RegEx content processing.
The 7000's data plane processor subsystem is based on a single RMI XLR 732 clocked at 1GHz, along with up to 8GB of DDR2 RAM. The RMI chip has eight MIPS64 cores, each of which supports up to four threads -- enabling 32 "virtual cores," according to RMI.
Finally, the 7000's management subsystem is based on a single Freescale MPC8641D, also clocked at 1.5GHz, with up to 4GB of DDR2. This subsystem offers a pair of Gigabit Ethernet interfaces, a console on a serial port, and a single USB port.
The 7000's storage subsystem is based on an internal, "dual-redundant," hot swappable SATA or SAS hard disk array sized between 73GB and 750GB.
The networking interface subsystem appears to offer a choice among several PCI Express card "modules," including:- 2-port 10 Gigabit Ethernet (10GBASE-SR) with hardware bypass
- 12-port Gigabit Ethernet (1000BASE-T) with hardware bypass
- 6-port Fiber Gigabit Ethernet (1000BASE-SX) with hardware bypass
Other I/O includes typical PC interfaces, such as FireWire, parallel port, digital I/O, and so on.
Software side
The 7000 comes with a Linux 2.6- and Fedora Core-based BiviOS environment said to support a wide variety of off-the-shelf Linux applications. Additionally, the environment appears to include libraries and tools aimed at simplifying custom application development and porting. Amir said, "[We have] improvements to support both the multi-CPU architecture as well as the tight integration with the network processor, [in order to] minimize the effort required to run any Linux packet handling application on the platform."
In particular, Amir touts a BiviOS featured called "Configurable Inspection Groups." He explains, "The emergence of multi-gigabit deep-packet processing requires networking devices to employ multiple or clustered computational resources capable of application-level packet processing. These devices must distribute incoming traffic to the available computational resources, which could be separate CPUs, separate cores in a multi-core CPU, or even different cores of a highly integrated system-on-a-chip. However, each of these different resources could run different configurations, policies, or even host applications. The system therefore needs an intelligent and programmable mechanism to ensure that all packets are processed by the appropriate application, policy set and computational resource for a given flow."
"Configurable Inspection Groups (CIGs) bind specific interfaces on a networking device to different packet classification policies and distribute incoming traffic according to their assigned policy class," continues Amir. "Traffic can be load-balanced to CPUs, blocked at the ingress, cut-through to the egress or receive other types of special treatment according to their network protocols, source or destination addresses, VPN association, or class of service, among other characteristics."
Bivio's "Configurable Inpection Groups"
(Click to enlarge)
Amir adds, "Similar to virtualization of servers in data centers, CIG offers dramatic efficiency gains by allowing multiple applications to co-exist while assuring each has the resources necessary for a given task. Whenever these networking applications change, the device can be reprogrammed appropriately. When traffic starts to exceed the available resources, the system can be scaled incrementally just-in-time to bring more processing power into the resource pool."
Why Linux?
Asked why Bivio chose Linux, Amir replied, "It has evolved to the point where we do not have to make any compromises in our implementation. Linux has proven to be a mature and robust environment. Our customers prefer using Linux as the host OS for their appliance solutions based on the Bivio platform due to its widespread adoption in the industry."
Commercial Linux support for Freescale's dual-core MPC8641D processor is available from Wind River and MontaVista; however, Bivio did the port in-house, Amir said.
Amir predicts, "Linux is here to stay, and will experience continued market share expansion."
Bivio's current customers include SourceFire and NFR (now Checkpoint) IPS solutions, Amir said.
Availability
The Bivio 7000 appears to be available now, priced below $10,000.
Related Stories:
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed