Contact Info

Headquarters:

706 Brewster Avenue Montreal, Qc, H4C 2K1
contact@noviflow.com
+1(438)807-4360

USA Office:

440 N Wolfe Road Sunnyvale,CA 94085
contact@noviflow.com
+1(408)217-6219
Follow Us

Tel: +1(438)8074360

Support

Security Load Balancer

Accelerating and scaling

cybersecurity applications and appliances

OVERVIEW

The old paradigm for Cybersecurity is a dedicated system, or a cluster of security systems, placed at key points in the network. These systems provide both the analytic functionality to detect threats and the mitigation actions to address threats. All traffic that needs to be secured must flow through these security point. This solution is expensive and is difficult to scale for today’s throughput requirements.

Another limitation arises from Cybersecurity solutions being implemented on Intel x86 processors running software-based packet processing. This is an excellent environment for the security analytics engines, but the X86 architecture is a  very inefficient platform for handling packet-processing tasks. Consequently, software based mitigation filtering provides limited throughput, does not scale economically, and is often limited by hard upper limits for solution throughput.

How NoviFlow Does Things Differently

NoviFlow switches implement the next generation SDN networking technology – a flexible forwarding plane optimized for processing match-action rules within a fully programmable pipeline. This enables the off-loading of packet-processing intensive tasks from X86 based VMs and appliances to the switches running NoviFlow’s NoviWare NOS, which can execute these tasks far faster and more cost-effectively because of their use of optimized networking processors – such as the 6.4 Tbps Barefoot Tofino. Also, NoviFlow switches, with programmable capabilities, enable mitigation actions to be implemented in one or more tables in the packet processing pipeline.

NoviMapper enables NoviWare™ compatible switches (such as NoviFlow’s NoviSwitches and select white-box switches) to deliver load balancing, packet filtering, telemetry directly in the network fabric in a simple, scalable, compact form factor, and at a fraction of the price of conventional networking solutions.

Moving the mitigation action to the programmable pipeline in NoviFlow switches increases the speeds of packet data handling and the execution of the mitigation rules by as much as 2 to 3 orders of magnitude over  x86 processors, effectively changing the economics of implementing network packet data processing.

Another advantage of the NoviMapper Security Load Balancer solution is that the analytics engines finds threats and the programmable network fabric implements the mitigation actions instantly, for the fastest possible protection from breaches, denial of service attacks, and loss or destruction of data and network assets.

NoviMapper’s new networking paradigm has huge implications in the Cybersecurity context. NoviMapper enables security mitigation actions to be injected right into the network fabric, turning NoviSwitches into Security Load Balancers.

  • Orders of magnitude better performance -> up to 6.4 Tbps in a single Intel/Barefoot Tofino-based switch and port speeds up to 100 Gbps
  • Increased capacity per filtering point and ability to filter on up to millions of rules
  • Non-destructive load balancing and failover. Ideal for stateful Cybersecurity Servers, DPI Engines, and Web Content Filtering Clusters
  • Multiple NoviSwitches can be installed throughout the network for load-balancing/mitigation/enforcement at network ingress/egress points and for High-Availability
  • Separates analytics and detection from mitigation/enforcement, allowing each to scale independently
  • Protocol white lists offloads protocol types that do not need analysis for even better efficiency and lower traffic latency
  • Only commercial solution for Barefoot Tofino programmable match-action pipelines already deployed around the world!
  • Accelerates performance and reduces costs of existing Cyber Security solutions and VNFs
    • Packet steering, dynamic security, scaling, and real-time innovation into the Terabps range
    • Transparent scaling and right-sizing of cybersecurity tools
    • Eliminates the cost of external load balancers
    • Filters out known bad traffic before it enters the network
    • Faster TTM and easy integration via REST APIs
  • Significantly reduces network complexity, latency, and costs
    • Unlimited linear scalability
    • Protects investments in network hardware because the entire stack from the switch silicon to the application is programmable
    • Leverages white-box hardware and Open Standards such as OpenFlow, gRPCand P4-Runtime for maximum economies of scale

Use Case 1: Dynamically Scalable Cybersecurity Services

Use Case 2: Bump-in-the-wire Service Chaining

Want to know more?

Top