Semiconductor Equipment

Hyperscale DDoS defense capabilities validated by 400GE test platform

20 December 2023
To validate the performance and capabilities of its next generation firewall before deployment in a live customer network, cybersecurity solution provider turned to Keysight’s APS-M8400. Source: Keysight Technologies

Those who follow cybersecurity trends know that cyberattacks are on the rise for carrier networks, data center operators and service providers. Distributed denial-of-service (DDoS) attacks aimed at disrupting websites and internet services, for instance, increased by a whopping 40% during the second quarter of 2023. The largest DDoS attack to date, based on a novel HTTP/2 “Rapid Reset” technique, peaked at 398 million requests per second (RPS) before being mitigated by Google.

As an answer to the growing challenge, cybersecurity solution provider Fortinet developed its FortiGate 4800F next generation firewall (NGFW) to protect critical network infrastructure and services from hyperscale DDoS attacks and other cybersecurity threats — while continuing to process multi-terabit volumes of legitimate customer traffic driven by the growing adoption of 400GE. But before deploying the firewall in a live customer network, Fortinet needed an application and security test solution powerful enough to validate its carrier-grade performance and security capabilities. For that, it turned to Keysight Technologies and the APS-M8400.

According to Keysight, the APS-M8400 is the industry's first and highest density 8-port 400GE Quad Small Form Factor Pluggable Double Density (QSFP-DD) network security test platform. It was able to validate the the cybersecurity capabilities of the FortiGate 4800F NGFW using:

  • Carrier-grade traffic generation — The APS-M8400 platform generated 3 Tbps of legitimate and malicious traffic in a single test, validating the hyperscale firewall protection offered by the FortiGate 4800F. The Fortinet device successfully defended against an 800 Gbps layer 2-3 DDoS attack while continuing to deliver 2.2 Tbps of legitimate layer 4-7 traffic, without taxing CPU, memory usage or system responsiveness.
  • Port density and flexibility — Fortinet used all of the APS-M8400's 8x400GE QSFD-DD interfaces to send traffic across all available 400GE test ports on the FortiGate 4800F. Because each of the APS-M8400's 8x400GE QSFD-DD interfaces can fan out to 200/100/50/40/25/10GE, Fortinet had the flexibility to test multiple port configurations.
  • Hyperscale throughput and scalability — The APS-M8400's extensible aggregation of compute node resources and field-programmable gate array (FPGA) resources allowed Fortinet to scale up the test bed to generate the 3 Tbps of traffic needed to effectively test the FortiGate 4800F. With its “pay-as-you-grow” model, the Keysight device enables users to scale in multi-chassis mode to generate more than 12 Tbps of layer 4-7 traffic, 3.2 Tbps of layer 2-3 traffic, 9.6 Tbps of Transport Layer Security (TLS) traffic, 20 billion concurrent connections and 220 million connections per second of legitimate and malicious test traffic in a single test.
  • Ease of management — Keysight says the APS-M8400's intuitive, “single pane of glass” management allowed Fortinet to easily configure the multiple compute node and FPGA resources required to run a hyperscale, multi-terabit test. This reduced their overall test time and system maintenance, freeing up users to focus on other critical efforts.


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the GlobalSpec
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement