Deep Packet Inspection (DPI) is playing an increasingly important role in

networking today, becoming more and more of a service enabler for

quality of experience (QoE), data center and network security, Virtual

CPE services, network and subscriber analytics, and more. With

advancements in Network Function Virtualization (NFV) and Software

Defined Networking (SDN), new use cases for Virtualized Deep Packet

Inspection (vDPI), or DPI solutions deployed at a virtual network

function (VNF), have emerged.

Overview

vFirewallFramework

Subscriber Analytics

DPIUSE CASES

YTIR

UC

ES

BUSINESS S

TR

AT

EG

IES

Billing & Application

Network Monitoring

Small Cells/WiFi Offload

Service Chaining

Packet Steering

Content CachingQoE

ApplicationSecurity

Firewall

IDS/IPS

ALTEN Calsoft Labs vFirewall Framework

ALTEN Calsoft Labs' vFirewall Framework is a reusable high performance

DPDK optimized security solution developed to run on Intel x86 based

platforms that can be used by Network Equipment Manufacturers

(NEMs) to develop customized Virtual CPE (vCPE), Firewall or IDS/IPS

solutions for network operators.

Software and Hardware architecture of our vFirewall Framework delivers up to 25x performance over traditional Linux appliances based on

x86 processors. It forms an integral part of our vCPE solution with the addition of Firewall, IDS/IPS and application-aware QoS services. The

framework offers an optimized and balanced combination of Access Control Lists (ACLs), Stateful Firewall, Intrusion Detection/Prevention

and application visibility & control.

ALTEN Calsoft Labs' vFirewall Framework is able to deliver industry leading performance by using innovative techniques such as Receive side

scaling, hyper threading, SIMD instructions, and by keeping the signature database small enough to fit in to the processor cache thereby

avoiding memory calls during runtime packet processing.

Supported Platforms

Deployable on COTS x86 platforms

Support for different virtualization environments (KVM, Xen, etc.)

IO Virtualization: VirtIO, SR-IOV

†

†

†

Deployment Options

Bare metal deployment

Standalone instance as a Virtual Machine (VM)

Cloud deployment e.g. GCP, AWS,

OpenStack clouds

†

†

†

Performance & Scalability

High performance detection engine

4.8Gbps of packet inspection per CPU core with 18K+ rules loaded

Scales linearly with the number of CPU cores

†

†

Intel DPDK based optimized packet handling for high

performance fast path processing

IPv6 support

Tunnel decoding

TCP session tracking & stream reassembly

File identification, extraction and logging

Stateful HTTP parsing and IP reputation

†

†

†

†

†

†

Detection of 1000+ protocols & applications such as Facebook,

Twitter, WhatsApp, Warcraft, Skype, YouTube, etc. using industry

leading DPI libraries.performance

Malware/botnet/DoS/DDoS protection

Signature/Rule management with Emerging Threats

User friendly GUI with comprehensive analytics

Inherent multi-threaded architecture to deliver high

†

†

†

†

†

vFirewall Framework - Features

© ALTEN Calsoft Labs. All rights Reserved.

ALTEN Calsoft Labs is a next gen digital transformation, enterprise IT and product engineering services provider. The

company enables clients innovate, integrate, and transform their business by leveraging disruptive technologies like

mobility, big data, analytics, cloud, IoT and software-defined networking (SDN/NFV). ALTEN Calsoft Labs provides concept to

market offerings for industry verticals like education, healthcare, networking & telecom, hi- tech, ISV and retail.

Headquartered in Bangalore, India, the company has offices in US, Europe and Singapore. ALTEN Calsoft Labs is a part of

ALTEN group, a leader in technology consulting and engineering services.

ABOUT ALTEN CALSOFT LABS

business@altencalsoftlabs.com

www.altencalsoftlabs.com

vDPI Framework - Deployment Scenarios

OPENSTACK CONTROLLER

Compute Network Stroage

vVPN vFW vRouter

Switch

VM1 VM2 VM3

SERVICE PROVIDENETWORK

Hosted Server

vFirewall - Service chain

Hypervisor

Host OS

Server

vRoutervFirewall

vFirewall - Enterprise

ENTERPRISE CLOUD

VM

DPDK

Data Plane

SyncModule

VNFC in vCPE

Hypervisor

Host OS

Server

Container Engine

Host OS

Server

NFVI

Control Plane

vFirewall - VNFC

IPsecVPN

QOS

Routing vFirewall

NAT ACL

OSPF RIP IKE

DHCP UPnP

MANOMANOIntegration

Load Balancer(L2-L7 Switch)

INTERNET

Small Cell/HeNB WiFI AP Roaming User Branch Office

ALTEN Calsoft Labs Services

Alten Calsoft Labs offers product engineering services to NEMs to help them reduce time-to-market to develop high performance

security solutions for residential and enterprise deployments. Our services include:

†

†

VNF Development, Customization & Integration

VNF Benchmarking & Performance optimization

†

†

ETSI compliant MANO solution development

VNF Porting across hardware, hypervisor and OS environments

vFirewall components (ACL, IDS/IPS or AVC)

can be deployed in a service chain along with

other VNFs such as VPN, NAT, Router, etc. to

bring greater flexibility and efficiency to NFV

deployments.

vFirewall can used to build application-aware

enterprise firewalls with IDS/IPS capability in

OpenStack orchestrated private clouds, or

public clouds such as AWS, Google Cloud, etc.

vFirewall can be integrated as a standalone

VNFC to develop solutions for Subscriber

analytics, Content caching, Application

security and QoS.

vFirewall as VNF ComponentEnterprise FirewallNFV Service Chain