Introduction of three-generation firewall architecture Evolution

In order to meet the higher requirements of users, the firewall architecture has experienced the transition from low performance x86, PPC software firewall to high-performance hardware firewall, and gradually to not only meet the high performance, but also need to support more business capability direction development.

After several years of prosperity, the firewall has formed many types of architectures, and the devices of these architectures complement each other and continue to evolve and upgrade.

Firewall architecture "middle-aged cadres"

The development of the firewall from the first generation of PC software, to industrial computer, Pc-box, and then to the MIPS architecture. The second generation NP, ASIC architecture. Developed to the third generation of dedicated security processing chip Backplane switching architecture, as well as the "all in one" Integrated security architecture.

In order to support the broader and more high-performance business needs, each manufacturer to play their respective advantages, promote the entire technology and market development.

At present, firewall products of the three generations of architecture mainly:

The first generation of architecture: mainly to a single CPU as the whole system business and management of the core, CPU has x86, PowerPC, MIPS and many other types, the main manifestation of the product is PC, industrial control machine, Pc-box or risc-box, etc.

Second generation architecture: NP or ASIC as the main core of business processing, the general security services to accelerate the embedded CPU for the management of the core, the main product form for box, etc.;

Third generation Architecture: ISS (Integrated security system) integrated safety architecture, with high speed security processing chip as the main core of business processing, the use of high-performance CPU to play a variety of security services, high level applications, the main manifestation of the product is based on the high reliability of telecommunications class, Back-plate switching rack-type equipment, large capacity performance, the units and systems more flexible.

System change based on FDT index

The performance metrics of the firewall mainly include throughput, message forwarding rate, maximum concurrent connection number, new connection number per second and so on.

Throughput and packet forwarding rate is the main index of relational firewall application, which is generally measured by FDT (full Duplex throughput), which refers to the Full-duplex throughput of 64-byte packets, which includes both throughput index and message forwarding rate index.