Test Report: Eudemon 8000


Published on

Results of testing of the Huawei Eudomon 8000 Firewall.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Test Report: Eudemon 8000

  1. 1. Test Report Breaking the 200Gb Barrier Real world firewall throughput testing including legitimate, illegitimate, and control traffic Featuring Eudemon8000E-X Security Gateway Network & Security Test Equipment Document # TEST2012001 v8, March, 2012 Copyright 2012© IT Brand Pulse. All rights reserved.
  2. 2. About Huawei Huawei Technologies Co., Ltd Huawei is a leading information and communications technology (ICT) solutions provider. Founded in 1987, Huawei has grown from a small company with $5,680 in revenue, to a global powerhouse. Huawei products and solutions have been deployed in over 140 countries, serving more than one third of the world’s population. In 2011, Huawei achieved sales revenue of $28 billion, a year-onyear increase of 24.2%. In 2011 the company created the Huawei Enterprise Division to supply data center infrastructure including servers, storage, networking and security. In 2012, the company announced that worldwide R&D headquarters for its Enterprise division is based in Santa Clara, California. Worldwide R&D headquarters for Huawei Enterprise in Santa Clara, California grew to over 600 people in 2011. Addressing the Need for Next Generation Firewall Performance The sophistication of new threats combined with the explosive growth of mobile terminals has created the need for a new generation of security gateways which can handle huge numbers of users and massive DDoS attacks, without degrading network performance. Therefore a key capability for addressing next generation security is scaling firewall performance to millions of new sessions per second, tens of millions of concurrent sessions, and hundreds of Gbps of throughput. The number of terminals, and sources of malware, accessing the internet will grow exponentially to 50 billion by 2020. Goals Scale performance to millions of new sessions per second, tens of millions of concurrent sessions, and hundreds of Gbps of throughput. Document # TEST2012001 v8, March, 2012 Page 2 of 6
  3. 3. Eudemon8000E-X Eudemon8000E-X High End Security Gateways Organizations transitioning to cloud environments must provide mass access control, border security and dynamic virtualization security, all of which can dramatically increase business risks and drive up IT costs. The Huawei Eudemon8000E-X series of high-end security gateways is designed to meet these challenges with seven-layer defense technology, by ensuring a high detection ratio with low false negatives and positives, and by providing comprehensive IPv6 attack defense capability and transition solutions. The product tested in this report is the Eudemon8000E-X16. Specification Eudemon8000E-X3 Eudemon8000E-X8 Eudemon8000E-X16 20Gbps*2 20Gbps*5 20Gbps*10 8M*2 8M*5 8M*10 500K*2 500K*5 500K*10 Throughput Concurrent Sessions New Sessions Per Second FW: ASPF/anti-DDoS/NAT/PAT/virtual FW/GTP VPN: IPSec/GRE/L2TP/IKEv2 Features Routing: RIP/OSPF/BGP/static routing/I GMP/source address routing IPS: traffic reassembly/signature-based IPS/protocol anomaly detection/automatic upgrade Interfaces Ethernet: 2 x 10G, 24 x GE O/E, 1 x 10G+12 x GE O/E … POS: 1 x 10G, 2 x 10G Architecture Multi-core for concurrent processing of multiple services such as NAT, ASPF, Anti-DDoS, and VPN. Document # TEST2012001 v8, March, 2012 Page 3 of 6
  4. 4. Test Methodology IMIX Throughput Testing The objective of the testing covered in this report was to validate the firewall throughput of the Huawei Eudemon8000E-X16. To achieve this goal, the IXIA test equipment and Eudemon8000E-X16 were configured for Layer 3 IMIX throughput testing with firewall enabled. IMIX traffic was configured to simulate typical traffic for a 5,000 employee enterprise, including legitimate, illegitimate, and control traffic . Port 1 of the IXIA chassis was connected to the input port of the Eudemon8000E-X16, and Port 2 of the IXIA chassis was connected to the Output port of the Eudemon8000E-X16. UDP traffic was launched from Port 1 of the IXIA chassis through the Eudemon8000E-X16, to Port 2 of the IXIA chassis to test the forwarding throughput. The duration of each test run was 60 seconds. IMIX for each 10Gbps Port IMIX Model—5,000 Employee Enterprise, 5Gbps egress bandwidth, 410 byte packets, 40k cps, 50% legitimate traffic, 20% illegitimate traffic (traffic denied, DDoS), 30% controlled traffic (control, file filtering, etc.) Test Topology IXIA Chassis IXIA Chassis (Port 1) Eudemon8000E-X16 Security Gateway IMIX (Port 2) An Internet Mix (IMIX) of packets enables performance to resemble what can be seen with typical Internet traffic. Document # TEST2012001 v8, March, 2012 Page 4 of 6
  5. 5. Real World Performance 200Gbps IMIX Throughput With IMIX traffic configured to simulate typical traffic for a 5,000 employee enterprise—including legitimate, illegitimate, and control traffic—each of the 20 ports on the Eudemon8000E-X16 performed at full 10Gbps line rate. 6.5M New Connections per Second The Eudemon8000E-X16 demonstrated the ability to support the volume of traffic found in large enterprises, or even carriers, by sustaining well over 6M connections per second. 80 Million Concurrent Connections Demonstrating its ability to deliver high network availability during a large DDoS attack, the Eudemon8000E-X16 was able to support almost 80M concurrent connections. Results Using real world IMIX traffic, the Eudemon8000E-X delivers next generation firewall performance of 200Gbps throughput, 6.5M New Connections per second and 80M Concurrent Connections Document # TEST2012001 v8, March, 2012 Page 5 of 6
  6. 6. Resources Related Links To learn more about the companies, technologies and products mentioned in this report, visit the following web pages: Huawei Technologies Eudemon8000E-X IXIA Security Testing using IXIA IT Brand Pulse About the Author Frank Berry is founder and senior analyst for IT Brand Pulse: an IXIA Lab Partner and trusted source of data and analysis about IT infrastructure, including servers, storage and networking. As former vice president of product marketing and corporate marketing for QLogic, and vice president of worldwide marketing for the automated tape library division of Quantum, Mr. Berry has over 30 years experience in the development and marketing of IT infrastructure. If you have any questions or comments about this report, contact frank.berry@itbrandpulse.com. Document # TEST2012001 v8, March, 2012 Page 6 of 6