SCCyberworld

Thursday, June 7, 2012

On IPv6 World Launch Day, Fortinet Announces 500+ Gbps Protection

Massive-Scale, Real-World Testing of Actual Application Traffic Shows that Fortinet Raises the Performance Bar Again

MALAYSIA, June 7, 2012 – Fortinet—a world leader in high-performance network security –announced that as the world celebrates IPv6 Launch Day, the Fortinet FortiGate-5140B chassis, powered by FortiGate-5101C blades, has achieved 536 Gbps of blended application and security attack traffic during an IPv6 test driven by the BreakingPointFireStorm CTS. Telecommunication carriers, service providers, and other performance-focused enterprises that have deployed an IPv6 infrastructure can rely on Fortinet to help protect their network while helping maintain the performance they require.

“IPv6 Launch Day represents a major milestone in the transition from IPv4 to IPv6 as many of the world’s largest networks and content providers permanently enable IPv6 in their networks,” said Patrick Bedwell, vice president of product marketing for Fortinet. “This means that the content and services that businesses and consumers rely on every day will now be delivered via IPv6. IPv6 presents significant performance and security challenges, and this test establishes that Fortinet can help protect those networks and content with the world’s fastest IPv6 firewall.”

Ability to Inspect IPv4 and IPv6 Traffic is Key
One of the challenges networks face as they migrate to IPv6 is the inability of their existing network security tools to detect threats within IPv6 traffic. This is due to legacy firewalls not implementing a ‘dual stack’ approach, in which a firewall has dual IPv4 and IPv6 protocol stacks running at the same time, to allow it to inspect the contents and enforce policies regardless of the version of the protocol used. Instead, the limited IPv6 support these legacy tools offer means they simply forward IPv6 traffic to its destination, allowing threats hidden within IPv6 content to pass undetected.

FortiGate devices utilize a dual stack approach and provide the same network security technologies in IPv4 as IPv6, thus eliminating any potential gaps in protection caused by IPv6 traffic.

Fortinet’s IPv6 technology has been certified compliant by the US DoD JITC since 2008, and has earned “IPv6 Ready Phase-2” compliance.

Testing Methodology
Testing was performed by Fortinet using five BreakingPointFireStorm CTMs in May 2012. Each BreakingPointFireStorm CTM test system is capable of generating 120 Gbps of stateful application traffic. The FortiGate-5140B chassis under test consisted of 14 FortiGate-5001B high-performance blades, with each blade capable of 40 Gbps firewall throughput and up to 11 million concurrent sessions per blade.

Benchmark Results
The FortiGate-5140B was put through a number of industry-standard tests for performance using IPv6 traffic. Highlights include:
• Stateless UDP traffic: the type of traffic typically seen in financial trading and streaming environments, showed 536 Gbps for large (1518 byte) packets, 532 Gbps for small (64 byte) packets.
• Stateful TCP traffic: seen in today’s typical enterprise environments, showed 503Gbps for HTTP and 514Gbps with real-world application traffic. Application traffic included Facebook, Zynga Farmville, Pandora radio, AOL Instant Messenger, Microsoft Outlook and others. The FortiGate-5140B was also able to process more than 1.4 million connections per second.

Unparalleled Performance via Hardware Acceleration
The FortiGate-5101C blade achieves its breakthrough performance through the use of custom FortiASIC™ processors that are built on a technology platform first engineered at Fortinet more than 10 years ago. FortiASIC processors provide the hardware-based performance acceleration needed to deliver the highest IPv6 throughput of any firewall on the market. Competing firewall manufacturers, on the other hand, process IPv6 traffic in software only and not hardware, which significantly reduces network performance. These competing solutions cannot meet the security demands of today’s high-performance, high-volume networks.

What is IPv6?
IPv6 was developed by the Internet Engineering Task to deal with this long-anticipated IPv4 address exhaustion. Like IPv4, IPv6 is an internet-layer protocol for packet-switched internetworking and provides end-to-end datagram transmission across multiple IP networks. While IPv4 allows 32 bits for an IP address and therefore has 232 (4 294 967 296) possible addresses, IPv6 uses 128-bit addresses, for an address space of 2128 (approximately 3.4×1038) addresses. This expansion allows for many more devices and users on the Internet as well as extra flexibility in allocating addresses and efficiency for routing traffic. It also eliminates the primary need for network address translation which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

No comments: