320 likes | 706 Views
PPT 模板下载: www.1ppt.com/moban/ . IA Solutions. Dragon SW Development. Dragon Technology Distribution (HK) Limited . Index. 1. About Dragon(HK). 2. About SW Team. 3. Solutions and Support. 4. SE Firewall. About Dragon. Dragon Technology Distribution (HK) Limited .
E N D
PPT模板下载:www.1ppt.com/moban/ IA Solutions Dragon SW Development Dragon Technology Distribution (HK) Limited
Index 1 About Dragon(HK) 2 About SW Team 3 Solutions and Support 4 SE Firewall
About Dragon Dragon Technology Distribution (HK) Limited • A pioneer in high technology industry and high speed communication and a leader in Telecom and Information Technolog • Close relationships with major component and system suppliers including Intel, Cortina, Semtech, PTI, Pericom, Emcore, Dialog, Rohm, Netronme, Vweb, and son on. • Offers a wide portfolio of semiconductor and system level solutions for customers.Dragon Technology Distribution Co., Ltd was established in 1993. • In 2007, the company name was changed to Dragon Technology Distribution (HK) Limited. Dragon's headquarter is located in Hong Kong with offices established in over 10 cities in China including Shenzhen, Shanghai and Beijing. • At the moment, Dragon has more than 100 senior engineers offering second to none pre-sales and post-sales support to our OEM and ODM customers in China.
About Dragon Dragon and Intel • Featured Products • Micro Processor • Chipset • Ethernet Controller • Ethernet Adapter • Mother Board • Solid State Drive • Bridge • Media Processor • Demodulator and Tuner • Chassis Product.
About Dragon Dragon and Emerson • Emerson (NYSE: EMR) is a diversified global manufacturing and technology company. We offer a wide range of products and services in the industrial, commercial, and consumer markets through our Process Management, Industrial Automation, Network Power, Climate Technologies, and Commercial & Residential Solutions businesses. China is among the fastest-developing regions for Emerson's businesses. • Featured Products • AC Power, Outdoor Base Station Platform, DC Power • Server Power Management System • Power Switching & Controls, Surge Protection, Precision Cooling • Monitoring System • Data Center Infrastructure Management, Server Cabinet System, Harmonic Treatment System • Solar Power Generation System, Wind Power Generation System • Electric Vehicle Charging Station System • Medium-voltage Inverter
Index 1 About Dragon(HK) 2 About SW Team 3 Solutions and Support 4 SE Firewall
About SW Team Software Development Department and Service • Dragon SW is a diverse offshore software development department that deliver technology solutions through software development and services. • Dragon SW Team is a forward-looking software development company offering tailor-made software development implementing the latest Intel-chipset platforms and technologies such as Intel DPDK, Wind River INP. Our core skills: • C, C++ development • Linux programming • Since its inception in the year 2013, Dragon SW Service has already built up our associations with Intel, Emerson, Wind River and others helps us to develop competitive solutions for organizations aiming at getting higher profits.We works closely with our clients for understanding each and every aspect of projects. • We support your project to the end.
About SW Team Products and Partners We are willing to share our software platform to help our customers to aiming at getting higher profits and customer satisfaction. In additional, we combine partners together to provide competitive system solutions.
Index 1 About Dragon(HK) 2 About SW Team 3 Solutions and Support 4 SE Firewall
About SW Team Solutions 1: Intel DPDK • Technique support: • DPDK Training • DPDK Development Supporting • DPDK Application Development • DPDK Discription: • With Intel® processors, it's possible to transition from using discrete architectures per major workload (application, control, packet, and signal processing) to a single architecture that consolidates the workloads into a more scalable and simplified solution. As a result, developers may be able to eliminate special-purpose hardware such as NPUs, co-processors, ASICs, and FPGAs. • DPDK can improve packet processing performance by up to ten times. • As a result, it’s possible to achieve over 80 Mpps throughput on a single Intel® Xeon® processor and double that with a dual-processor configuration. • DPDK is also playing a critical role in software-defined networking (SDN) and network functions virtualization (NFV).
About SW Team Solutions 1: Intel DPDK • Intel DPDK maybe useful also in applications as below • Telecommunication/Network Devices (against traffic flows). • DPI/QOS/Data Base/Data Center Gateway/load balancer • Enterprise/Business Server. Firewall Business Server ATCA
About SW Team Solutions 2: Intelligent Embedded Firewall Example SE Firewall system, combined with Intel DPDK SDK, intelligent firewall technology, and Emerson hardware Technology , is a integrated system solution. We also are able to develop customer APP.
About SW Team Solutions 3: Wind River INP • Technique support: • Wind River INP Training • Wind River INP Application Development Technique Support • Wind River INP Application Development • Wind River INP: • Wind River® Intelligent Network Platform is an integrated and optimized software system consisting of the critical run-time components and life cycle development tools needed to build next-generation intelligent network elements. The platform enables equipment providers to build high performance, high value products that accelerate, analyze, and secure network traffic and applications.
About SW Team Solutions 3: Wind River INP • Features: • Consolidated Management and Data Plane Run-Time • Wind River Intelligent Network Platform is a comprehensive solution for the consolidation of management and data plane network applications. Ether to utilize it in its entirety as a fully integrated and optimized system, or each component of the platform is available as a standalone offer. • Packet Acceleration and Throughput • By optimizing software with specific hardware technologies, significant performance gains can be achieved in IP forwarding and in UDP and TCP termination, on the Intel® communications platform. • Deep Packet Inspection • a software-enabled deep packet inspection (DPI) solution that identifies traffic flows, communication protocols, and applications. It can also be used to inspect packets for patterns that may contain viruses and malware. Our DPI solution is accelerated using Wind River Application Acceleration Engine with DPDK extensions, and includes two critical engines: • Wind River Flow Analysis Engine • Wind River Content Inspection Engine
About SW Team Solutions 3: Wind River INP • Modules: • Wind River Application Acceleration Engine • A comprehensive, optimized network stack designed for the acceleration of layer 3 and 4 network protocols. Application Acceleration Engine works in conjunction with Linux in the data plane and has been fine-tuned for the Intel communications platform and processors. • Wind River Flow Analysis Engine • Wind River Flow Analysis Engine is a set of software libraries and tools that enable deep visibility into layers 4–7 traffic flows, including real-time packet classification. Flow Analysis Engine categorizes the traffic into different flows, and may also be used to identify the communication protocols and applications that transmit the packets onto the network. • Wind River Content Inspection Engine • Wind River Content Inspection Engine is a high-speed pattern matching solution that matches large groups of regular expressions against blocks or streams of data. Content Inspection Engine is ideal for network applications that need to scan large amounts of data at high data rates, such as intrusion prevention (IPS), antivirus (AV), unified threat management (UTM), and other DPI systems.
About SW Team Solutions 3: Wind River INP
About SW Team Solutions 3: Wind River INP
Index 1 About Dragon(HK) 2 About SW Team 3 Solutions and Support 4 SE Firewall
Internet SE Firewall Applications Local Network Internet SE Firewall • SE Firewall is a high speed packet-filtering and Flow Classify solution for Local-Network gateway front end. • SE Firewall Software is compatible with ALL IA CPUs, Service-Boards and ATCA with Intel Inside. • SE Firewall provide high-speed above 10G bps packets forwarding. • Access control, packets-filtering and flow classification. Local Servers
SE Firewall Applications • Core-Load Balance • QOS • Unit/Board Balance • Support most packets • Packet head pattern Packet Inspection QOS Balance Packets R/T Flow Classify • Support typical protocols • Multi-Core Optimize • Rule/Policy Management • Burst R/T • Multi-Core Optimize • Driver-Level/High Efficiency • Cache/Memory Optimize • NIC Driver Optimize • IA CPUs
SE Firewall About Intel DPDK Intel® DPDK is a set of libraries and drivers for fast packet processing on x86 platforms. It runs mostly in Linux userland. Intel® DPDK website: http://dpdk.org/ Dragon SE Firewall is a firewall software application optimized based on Intel® DPDK EAL libraries and Intel chipset.
SE Firewall Front and Back Ground Command/Console/Shell Ncurses UI Front Security Rules Mgmt QOS Mgmt Profile&HistoryMgmt Others Packet Classification Packet Forwarding Pattern Inspection Packet R/T Buffer Mgmt Core Mgmt Queue Mgmt Memory Mgmt Back Ground Intel DPDK EAL KNI NIC PMD Driver LAN Edge Protection SE Firewall, a typical security solution based on packets classification technology, provide bottom-level access control for your LAN, without loss to throughput speed.
SE Firewall Features • Data-Plane and Management-Plane • Management-Plane maintain the security policy and user interface. • Data plane, as back-ground process, maintain the life cycle of the packet in the firewall. • Run to Completion. Each core applies the packets procedure as blow. • Read from PMD • Apply security policies and protocol distribution policies. • Forward/purge to Linux kernel/purge to different App/VM/Drop.
SE Firewall Processor 0 Physical Core 0 • Native Linux • SE Firewall Management Niantic 10GbE Huge Memory Management NIC PMD Driver Physical Core 1 • DPDK • RX • TX PMD Packet I/O Flow Classification Niantic 10GbE Physical Core N • DPDK • RX • TX PMD Packet I/O Flow Classification Highly Optimized for IA SE Firewall is optimized for IA on Cache, huge-page of memory, multi-core system, shared-memory-buffer, NIC PMD Driver, and upper-data-structures. The throughput speed 10 times than native Linux.
SE Firewall Policy Table Linux ProtocolStack Ncurses UI Profile&Script Command KNI PMD QOS Tag Niantic 10GbE TX Pattern Match Niantic 10GbE RX Flow Classify Packet Parsing Drop Packet Life Cycle
SE Firewall IA Optimization • PMD • Receiving packets from NIC by polling. • Huge memory page • Lower TLB missing. • Zero copy • DMA/Shared Buffer • RTC(run to completion) and core affinity. • Multi-Core optimized. • Every thread distributed to specified core. • Unlock queue • Efficiency optimized for Packet Reading. • Cache-Line Optimization.
SE Firewall Rules Recording Command Rules Maintain Packet Classification Packet Parsing Rules Pattern Match Burst Receiving Burst Transmitting Software Modules Rules modules Packets classification module TR module
SE Firewall Modules • Rules Recording: • Record Rules from User Interface. Rule files management. • Rule Maintains: • Manage and maintain the rule list in the memory • Command: • Import rules from console and script. • Packet Parsing: • Unpack the packet head in L3/L4 level. • Pattern Match: • Check into the Rule list and Policy List. • Packet Classification: • Purge packets to different app and services according to the packets protocol, length, and head information. Provides QOS services. • Receive Packets /Transmit Packets: • Packets burst receiving/transmitting in user space.
SE Firewall Security • Supports Protocols • IPV4, IPV6, TCP, UDP, ICMP, IGMP, DHCP • SE Firewall data plane is a user space App • A typical packet procedure do not need to interactive with Linux Kernel. • Easy for packets distribution in users space. • Support blacklist and Whitelist configure • support virtual machine (KVM) • Support Forward Mode/App Mode/QOS Mode. • Support 1024 5-touple rules.
SE Firewall Humanized Design Ncurses and Command • A ncursesstype UI for easy use. • Supports command(console/script) management.
Dragon SW Development Thanks!