Comparison between NP and ASIC of firewall hardware architecture

In x86, NP, ASIC and other three firewall hardware technology architecture, which will become the mainstream of firewall product technology development? How should users choose? With these questions, the reporter interviewed the days of the company firewall product manager Chia.

He said that the firewall product after years of development, through the software firewall to the hardware firewall changes. At present, domestic users generally accept the market is widely sold hardware firewall, however, with the phenomenon of firewall products homogenization increasingly obvious, manufacturers and users have shifted their attention to the technical framework system, especially in the past two years, the increasingly fierce hardware architecture, the user to choose a firewall product to bring a lot of confusion.

Firewall hardware architecture faces change

Chia that the hardware architecture of the firewall is facing a change. The contention of hardware architecture is heating up with the development of gigabit network in China in recent years. In most network environments, the traditional firewall based on X86 architecture can not meet the requirement of high throughput and low delay of gigabit firewall. Therefore, two new technologies, namely network Processor (NETWORKPROCESSOR) and specialized integrated circuit (ASIC) technology, have become the main choice for many domestic manufacturers to implement gigabit firewalls.

It can be said that the firewall hardware architecture is facing a change, there will be a variety of structural coexistence and interaction, but any one technology will not become mainstream and replace another. Finally, the technology that can survive in the change only is the technique that serves the user's actual demand.

Network processor and ASIC scheme, which is more suitable for the application of Gigabit firewall, is a hot topic in the current controversy. The user can compare the performance, flexibility, function completeness, cost, development difficulty, technology maturity and so on. The performance of the firewall based on the network processor is based on the nature of the software solution, which relies heavily on the performance of software design, and ASIC because the algorithm is solidified in the hardware, so the performance of a more obvious advantage.

About the potential of a multifunctional ASIC architecture

At present, the domestic sales based on the ASIC technology firewall, has reached 4 Gigabit network port speed packet forwarding rate. and generally based on the network processor firewall in the packet case, can not fully achieve the 2 network of Gigabit line speed forwarding.

On the other hand, the software color of the network processor makes it more flexible and has a great advantage in the upgrade maintenance. The lack of programmability of pure hardware ASIC firewalls makes it less flexible to keep up with the rapid development of firewall functions.

Modern ASIC technology can better match the software of ASIC by increasing its programmability, so as to satisfy the requirement of flexibility and running performance. From the realization of functional aspects, ASIC technology can be more easily integrated IDs, VPN and other functions, but also the product has achieved content filtering and anti-virus functions. The network processor is limited by its computational power, these functions can only rely on the coprocessor to achieve.

From the cost of future products, a network of processors in the price of about 300 or 400 dollars, if the need for coprocessor, but also the cost of coprocessor. In the early stage of ASIC, if the FPGA (Field programmable gate Arrays, Field Programmable gate array) is used, the price is roughly equal. However, if the volume production of the chip, the ASIC price can be reduced by one level, so in the long run ASIC technology more potential.