Overview:
The FortiCore E-Series of Software-Defined Networking (SDN) security appliances provide the ability to scale network-based security solutions to meet the performance demands of emerging cloud and data center architectures. Using programmable flow forwarding, the FortiCore can redirect and distribute traffic of interest to associated sets of network security devices, at link speeds up to 100G.
Securing Software Defined Networking (SDN) Architectures
Within SDN architectures, the seperation of the control and data planes adds security challenges to protect SDN controllers and applications from data plane-based attacks. Additionally, as SDN architectures are multipath environments, connecting and scaling stateful network security devices, requires the ability to programmatically direct and distribute traffic through them. The FortiCore as an SDN security appliance connects to SDN architectures, supporting both very large numbers of programmable flows and effective line-rate performance required to secure SDN architectures.
Highlights
- The FortiCore E-Series models: 3600E (10 GE), 3700E (40 GE), and 3800E (100 GE)
- Supports over 200K programmed flows in a single-table pipeline (REGEX)
- Supports over 2M programmed flows in a multi-table pipeline (Simple Match)
- Up to 1 Tbps aggregate lowlatency throughput, needed to transect a 100 GE link and distribute traffic to a set of network security appliances
- Supports OpenFlow 1.3, with wide support with available SDN controllers
- Full control/data plane separation, with an internal 40 Gbps path in support of a robust new flow rate
- Cardinal Flow Processing (CFP) architecture, support large flow table sizes without sacrificing performance
Features & Benefits |
Scalable Network-Based Security Solutions |
With all FortiCore models supporting 32x 10G interfaces, scalable stacks of security appliances can be programmatically attached to the network. |
Effective Line-Rate Performance |
Combining FortiCore’s hardware-accelerated switching with its Cardinal Flow Processing (CFP) technology, no sacrifices are made in supporting large programmable flow tables with line-rate performance up to 800 Gbps. |
OpenFlow 1.3 Compatible |
Provides ease of integration in hetergenous SDN environments, with support for a wide array of SDN controllers, including OpenDaylight and ONOS. |
Features
OpenFlow 1.3 Compatible
- Support by all OpenFlow 1.3 compliant SDN controllers
- Flexible multi-table pipeline support, up to 256 tables
- Can support >200K flows in a single-table pipeline, at a flow modication rate >10,000 flow-mods/sec
Cardinal Flow Processing
- Assignment of ports to cardinal direction (N,E,S,W), with dedicated flow processing hardware per direction
- Optimized for high-speed link transection, with support for 10G/40G/100G interfaces, depending on model