10Gbps packet classification and forwarding board
   enables world’s fastest firewall
  
   ---Technical Overview---

Eight DAPDNA-2 processors enable 10Gbps throughput firewall that has not been possible with existing processors.

Each DAPDNA-2 is equipped with 376 Processing Elements (PE).The firewall board was designed with eight interconnected processors, forming an array of about 3000 PEs. Each of these eight processors is directly connected through the Direct I/O, with 32-bit data transfer at 166MHz, providing a 32 Gbps IO rate with a total of six I/O channels. Without an overhead in chip-to-chip communication, multiple DAPDNA-2 processors can be programmed with linear increase in resource. This superior processing and communication capability makes it possible to achieve 10Gbps packet processing and throughput.

The firewall needs to do more than just provide 10Gbps of throughput. It also must allow new policy definitions (detection algorithms) to be implemented in order to cope with types of malicious attacks, such as DDoS, that change its form frequently. An ASIC solution does not support significant updates of policy definitions at the algorithm level in a timely manner. An FPGA-based solution would allow reconfiguration to support new detection algorithms, which is impossible with an ASIC, but it would be extremely difficult to achieve 10Gbps performance out of FPGAs. FPGAs also do not provide reconfiguration without downtime. The DAPDNA-2 solution, in contrast, provides the required performance and the dynamic reconfiguration capability needed to support “hot” algorithm updates without network downtime.