Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Check Point Software (CHKP) -- Ignore unavailable to you. Want to Upgrade?

To: Elmer Flugum who wrote (2304)	5/3/1998 7:40:00 PM
From: blankmind	Respond to of 7150

Network Switches -- Checkpoint solution claims 40-Gbit/second filtered switching -- Berkeley embeds firewall software on ASIC By Loring Wirbel May 04, 1998, TechWeb News Milpitas, Calif. - Berkeley Networks Inc. has embedded the FireWall-1 software from CheckPoint Software Inc. on the ASICs in its exponeNT switches. Berkeley claims firewall acceleration speeds of up to 40 Gbits/second of filtered switching. The company will offer line cards for its switches with embedded software support. At the start of the year, Berkeley introduced a switch that runs directly on Windows NT, and uses application-layer state analysis for performing high-layer switching. CheckPoint has long touted the "stateful inspection" of packets as the key to its firewall filtering, and Cuneyt Ozveren, Berkeley's vice president of engineering, said this state-based analysis was key to the vast acceleration of firewall filtering made possible by embedding FireWall-1 in ASICs. Stateless applications such as HTTP and Simple Mail Transfer Protocol set up static TCP and UDP ports for transferring messages. But many newer applications using Remote Procedure Calls, H.323, Common Object Request Broker Architecture or File Transfer Protocol set up one Layer 4 port as a control channel, then dynamically assign TCP or UDP ports based on availability. "This is why many companies who say they are in Layer 4 switching cannot offer performance gains in stateful applications," said Donal Byrne, Berkeley's vice president of marketing. "You need to have the control channel extend all the way up to the application to map ports appropriately, which is why we wanted to run our switch under a standard operating system to begin with." At the time the exponeNT switches were introduced, Berkeley was promoting them for advanced directory services such as those using Lightweight Directory Access Protocol. But a semiconductor manufacturer who was an existing user of FireWall-1 suggested using the switch to speed packet filtering. After some software experiments that showed TCP/IP filtering speed gains of 200 to 1,000 times, Berkeley opened discussions with CheckPoint and prepared a firmware version that could be downloaded into its ASICs. In addition to the firmware, an agent portion of the software runs on the Windows NT switch controller within the Berkeley switch. Application flows can be processed at 70 million packets per second. "This can open up new markets for CheckPoint, too, in allowing their firewall to run on OC-3 [155-Mbit] or even OC-12 [622-Mbit] pipes," Byrne said. "We don't know of any other server or switch architecture that could accelerate FireWall-1 to this extent." The firewall accelerator can be added to either the e4 or e8 switch from Berkeley. Berkeley will be demonstrating prototype line cards at the spring NetWorld+Interop show in Las Vegas, and will begin shipping customer cards in July. The initial Firewall Accelerator Agent, which includes protection for one line card in an e8 switch or protection for one e4 unit, as well as attachment of a CheckPoint engine, is $9,995. Multiple FireWall-1 software engines can be combined, and additional software engines are priced at $4,995. Each additional e8 line card or e4 line unit costs $4,995. Call (408) 719-3000 www.berkeleynet.com EETInfo No. 607 Copyright (c) 1998 CMP Media Inc.