Force10 scales IPS to 10G Ethernet

Force10 Networks is expected to launch this week its first security product that lets customers inspect traffic and enforce intrusion-detection and intrusion-prevention system rules to traffic flows moving as fast as 10Gbps, the vendor says.

A P-Series appliance, which employs what Force10 calls a dynamic parallel inspection technique, could be deployed as a single security gateway device in front of a large data center, or in a carrier or Internet portal network, where large volumes of traffic must be screened for malicious packets and attack signatures.

The P-Series is a hardened Linux-based appliance that comes in two models: the P1, a dual-port Gigabit Ethernet version; and the P10, a box with two 10G Ethernet ports. The P-Series uses the open source Snort IDS/IPS signature inspection technology, Force10 says. It implements Snort with a combination of 10G Ethernet and programmable silicon that enable it to enforce as many as 1,000 Snort rules on traffic volumes up to 10Gbps, without impeding flows or dropping packets. Force10 says its technology, which it acquired from security start-up MetaNetworks last November, introduces 1 microsec of latency in traffic.

The Snort factor

Dynamic parallel processing uses reprogrammable chips that simultaneously apply as many as 1,000 Snort rules to incoming packets. Packet inspection and rules are processed in parallel, as opposed to serially, which allows for low latency, Force10 says. If threat signatures are detected, the device can drop the packets, redirect the flows, or handle the incident in a number of other ways allowed in Snort.

“We’re not doing anything new with Snort,” says Steve Garrison, vice president of marketing for Force10. “What we’re doing is Snort with high speed and low latency, so you can put Snort in your data center or core.”

Force10 says the appliance could be deployed between two core 10G Ethernet switches inside a data center, or on the ingress/egress point of a data center. The edge of a high-capacity WAN – such as an Intern2 research facility or carrier network, also could use the device to inspect all incoming and outgoing traffic.

The 10G P10 appliance costs $95,000 and the 1Gbps box costs $38,000. These products compete with IDS/IPS gear from Radware, Cisco, 3Com’s TippingPoint product line, TopLayer, ISS and eEye.

The launch of Force10’s security box also comes amid rumors that the vendor is on the verge of filing for an initial public offering. Force10 would not comment on any IPO plans, but observers say the company last year started putting language “regarding forward-looking statements” at the beginning of its press and analyst product presentation materials – language usually used by publicly traded companies.

Force10, which was founded in 1999, has since received more than $300 million in funding, and claims to have more than 225 customers and 350 employees.