As part of the industry's ongoing effort to split network elements into smaller pieces, AT&T, Palo Alto Networks and Broadcom have hooked up to develop the disaggregated scalable firewall (DSFW) framework.
The DSFW work marked an expansion to the distributed disaggregated chassis (DDC) that was contributed by AT&T into the Open Compute Project (OCP) in September. AT&T has been one of the primary industry drivers to push the design and implementation of lower cost white box routers and switches.
Adding DSFW to the mix will enable a dynamically programmable fabric with embedded security functions and services at the edge of a network. DSFW will also provide a means for future scalable disaggregated applications services. AT&T and Palo Alto Networks said they look forward OCP's members' input on DSFW.
AT&T worked with Palo Alto Networks and Broadcom to define the requirements of DSFW, including scalability and functionality, for network security services in a carrier environment. The DSFW’s open hardware and software design support flexible deployment models. It also focuses on using AI and machine learning to prevent attacks using actionable events, which is embedded in the network fabric and does not require separate hardware.
"In the past five to seven years, disaggregation has impacted different parts of the networking ecosystem," said Roy Chua, founder and principal at AvidThink. "It start with Layer 2 and Layer 3 switching in the data center, moving to Layer 3 routing and is now climbing up the stack into Layer 4-7 territory. The hybrid approach of coupling high-speed merchant silicon with higher-level compute is a good mix of brains and muscle, with the heavy lifting offloaded to the network fabric. I expect to see more of these type of approaches and further tweaks on the merchant silicon to make it more useful to upper layer protocols."
AT&T's DDC design, which was built on Broadcom's powerful Jericho2 family of merchant chips, aims to define a standard set of configurable building blocks on less costly service-class routers ranging from a single-line card systems, known as "pizza boxes," to large, disaggregated chassis clusters.
AT&T said it plans to apply the Jericho2 DDC design to the provider network edge and core routers that make up its global IP common backbone, which is the core network that carries all of AT&T's IP traffic.
Broadcom's Jericho2 chips are also a key element of the DSFW platform. Broadcom provided expertise for the Jericho2 functionality, along with a new wrinkle on the chip to retain Layer 4 session information, which allows for the hardware offload, improving the scalability of the solution. The session-aware application determines what can be processed directly on the fabric silicon instead of having to go to the DSFW for further inspection.
Palo Alto Networks is providing network security at the edge, which allows for protection of the network with continuous security, automation and analytics. Palo Alto also helps DSFW to dynamically scale up as network traffic increases during peak time periods.
“Security has always been at the forefront of AT&T’s network initiatives,” said AT&T's Michael Satterlee, vice president, network Infrastructure and services, in a statement. “Traditionally, we have had to rely on centralized security platforms or co-located appliances which are either not directly in the path of the network or are not cost effective to meet the scaling requirements of a carrier.
"We now carry more than 335 petabytes of data traffic on our global network on an average day, with 5G poised to push that number even higher. Securing that cargo using traditional methods just won’t work. This new design embeds security on the fabric of our network edge that allows control, visibility and advanced threat protection.”
The OCP Global Summit conference was cancelled this week due to concerns over the coronavirus. OCP is instead hosting an interactive Virtual Global Summit the week of May 11.