Ultra-broadband Security Gateway

Intel released a joint white paper today covering multi-access edge security written together with Network Builder partners Advantech, Casa Systems and Wind River. Entitled “Virtual Security Gateways at Network Edge Are Key to Protecting Ultra Broadband Mobile Networks”, the paper describes how combined technologies from the four partners create a virtualized security gateway with real-time processing even for small packets associated with IP voice applications.

Securing ultra-broadband mobile networks with security gateways at the network edge is an imperative for all MNOs who have adopted all-IP 4G/LTE networks. With the performance, throughput, and scalability provided by the Casa Systems gateway powered by Intel, Advantech, and Wind River, this is now a cost effective and viable option for MNOs or for equipment manufacturers who want to integrate this functionality into their networking systems.

 

The solution is built around the Security Gateway (SeGW) component of Casa Systems’ Axyom™ Ultra-Broadband Software Framework, a virtualized multi-access solution that combines a carrier-grade NFV infrastructure with a suite of access and core functions such as the SeGW or the evolved packet data gateway (ePDG). Axyom™ is designed to deliver access functions for 3G/4G and trusted/untrusted Wi-Fi access.

The software executes on Wind River Titanium Edge, a small-scale version of Titanium Cloud fully integrated virtualization software platform with carrier-grade reliability. The foundation of Titanium Edge is open source software including a hardened Linux operating system, integrated OpenStack for cloud computing functionality with Wind River additions that improve performance, reliability, and manageability in a carrier network.

 

Advantech FWA-5020 Appliance demonstrates why hardware still matters!

Advantech’s FWA-5020 dual Intel® Xeon® Processor E5-2600 v4 platform supports CPUs with up to 22 cores, one dual QuickAssist adapter per CPU, modular I/O with GbE, 10GbE or 40GbE port options for total deployment
flexibility and IPMI 2.0 compliant remote management

The powerful Intel® Xeon® Processor E5-2600 v4 takes performance and efficiency to new heights providing dual socket platforms with the ultimate engine for networking workloads leveraging Intel® QuickAssist and DPDK to accelerate security processing and boost packet processing performance.

The Casa Security Gateway built using the Intel Xeon processor-powered Advantech FWA-5020 with Wind River NFVI has been tested in lab and real-world applications and has delivered the following performance.

  • 1 million concurrent IPsec tunnels or 2 million IPSEC Security Associations
  • 5,000 tunnels per second
  • Dead peer detection (DPD) time of 120 seconds for 1M peers for fast detection and status of nearby gateways
  • 100 Gbps IPSec throughput for 128 byte packets and 110 Gbps for 256 byte packets
  • 2,000 tunnels per watt

 

This SeGW provides the high-performance edge solution required for MNO networks that need to provision millions of IPSec tunnels for millions of mobile devices. The performance of the gateway is ideal for the transient nature of mobile networks where devices attach and detach from the network frequently. The architecture of the Casa gateway features independent control plane and data plane functions so that MNOs can adapt each separately in response to different bandwidth, signaling, and session requirements.

 

How to architect for >100 Gbps crypto thruput on iA in 1U

The  Advantech FWA-5020 is a 1U rackmount server optimized for networking applications that features either one or two Intel Xeon processors E5-2600 v4 (the two-processor model was specified for the gateway). The servers can be configured with 12-to-22 core CPUs thanks to an advanced thermal system design that supports processor wattage of up to 145W. The system architecture of the FWA-5020 puts an emphasis on compute performance, data plane throughput, and encryption throughput. Some of the optimizations include larger on-chip cache memories and Intel® QuickPath Interconnect, running at up to 9.6 GT/s for reduced cross-socket memory I/O latencies and increased throughput.

Memory support for each socket includes four DDR4 channels with speeds up to 2400 MHz for up to 512 GB of error correcting code (ECC) memory. To provide failover capability, the server features advanced reliability, availability, and serviceability (RAS) modes such as mirroring and sparing to increase platform reliability. The enhanced system architecture with two PCIe* Gen 3 x8 slots per CPU for density-optimized network mezzanine cards (NMC) and one PCIe Gen 3 x16 slot per CPU for the Advantech PCIE-3021 card, with dual Intel Communications Chipsets 8955 featuring Intel QuickAssist Technology, provides Casa with an efficient platform for packet and crypto throughput in a reduced 1RU footprint.

The balanced PCI Express design on each of the processor sockets, supporting network IO and security offload at the same time and with equal throughput, lays the foundation for high application performance. For management, the server has two built in 1000Base-T ports, two USB ports, and a console port with advanced LAN bypass and two 10 GbE SFP+ ports. These built-in options can be augmented by the four front-loaded NMC slots that provide the ability to add additional modules. Typical IT servers for enterprise and data center applications have lower throughput needs and as such are not architected with such high levels of performance in mind. A typical SeGW configuration offers up to 16 front accessible 10 GbE ports with quad DH8955 crypto acceleration.

Download the White Paper from the Advantech website here

or from the Casa Systems website here.

Paul Stevens – Telecom Sector Marketing Director

Leave a Reply

Your email address will not be published. Required fields are marked *

five × four =