Analysis of the prospects of the three major firewall architectures

The statistical analysis of CCID Consulting shows that the firewall market has maintained rapid growth since 2004. In the second quarter only, the firewall market accounted for more than 40% of the entire network security market. The statistical analysis of CCID Consulting shows that the firewall market has maintained rapid growth since 2004. In the second quarter only, the firewall market accounted for more than 40% of the entire network security market.

Among existing x86, NP, and ASIC firewall products, who will become the mainstream in the market? What are the different technical characteristics of the three major firewall products?

The era of industrial computers is getting farther away

At present, in the domestic information security market, firewalls are mostly based on Intel x86 series architecture products, also known as industrial computer firewalls, which have the advantages of low development and design threshold, mature technology and other advantages.

However, the shortcomings are also obvious. Since the hardware of the x86 architecture is not designed for network data transmission, its forwarding performance for data packets is relatively weak. And because domestic security vendors do not master the core technology of the x86 architecture, there are hidden vulnerabilities in the BIOS, which may affect the security and reliability of the firewall. Moreover, the industrial chain of industrial computers is very complicated, and the influence that domestic manufacturers can exert in it is very limited, which is not conducive to the long-term development of the domestic information security industry.

Which technology will lead the firewall market in the future is a problem that has always puzzled the industry. With the growth of network bandwidth and the large-scale promotion and application of gigabit networks in China, the market's demand for security equipment based on high-bandwidth networks has also grown rapidly. In the future network environment, the traditional industrial computer firewall based on x86 architecture can no longer meet the requirements of high throughput and low latency of broadband networks, and network processor (Network Processor) and application specific integrated circuit (ASIC) technologies are considered It is the main direction of the future Gigabit firewall.

Three major technical advantages emerge

First look at the firewall based on ASIC technology. Adopting ASIC technology can design special data packets for firewall applications, which is a recognized technical solution for backbone applications in the gigabit environment. However, the development cost of ASIC technology is high, the development cycle is long and difficult, and ASIC technology has experienced more than 10 years of development abroad. The technology is mature and stable, but it is very difficult for domestic manufacturers to adopt ASIC technology.

NP (Network Processor) is a programmable processor specially designed for processing data packets. It has complete programmability, simple programming mode, maximum system flexibility, high processing power, high function integration, and open programming. Interface and third-party support capabilities.

These characteristics make the firewall based on the NP architecture greatly improved in performance compared with the traditional firewall, and at the same time has excellent flexibility and scalability.

NP technology can support programming. Once new technology or demand appears, senior designers can easily achieve it through microcode programming.

For special user needs, NP-based NetEye firewall products can be customized and developed, that is, products that meet the needs of different users can be developed through module deletion. In the case of ASIC implementation, since the ASIC is not programmable, new functions cannot be added at all.

In terms of the development time of new functions, according to the industry experience figures, the development cycle of function based on microcode is generally 6 months or even shorter, and the implementation time with ASIC usually takes 2 to 3 years.

NP, how to applaud and applaud?

In 2003, domestic manufacturers began to introduce firewalls based on the NP architecture. The concept of NP suddenly became popular. But soon it was discovered that the NP platform is not smooth. Restricted by technical maturity factors and cost factors, domestic NP firewall products have been limited to individual models, or simply stay in the experimental stage, and did not enter the mainstream market on a large scale. For a time, NP fell into the embarrassing situation of applauding but not applauding.

In terms of product characteristics, the mass production cost of products under the NP architecture is higher than that of the x86 architecture, and the computing power of NP is lower than that of ASIC. This is a problem that the NP architecture firewall must face, but the NP firewall has a higher degree of integration and a distributed storage system that can handle high-bandwidth wire-speed processing.

Gigabit firewall: ASIC slightly better

Taking a gigabit firewall as an example, ASIC technology can be used to design a special packet processing pipeline for firewall applications and optimize the use of resources such as memory. . However, the development cost of ASIC technology is high, the development cycle is long and difficult, and it is difficult for general firewall manufacturers to have the corresponding technical and financial strength.

The network processor (NP) is a programmable processor specially designed for processing data packets. It is characterized by the inclusion of multiple data processing engines. These engines can perform data processing concurrently, and process packets from 2 to 4 layers. Data has obvious advantages over general-purpose processors, and can directly complete the general tasks of network data processing. Most of the hardware architecture adopts high-speed interface technology and bus specifications, has higher I / O capabilities, and greatly improves packet processing capabilities.

From a performance perspective, the gigabit firewall based on Intel x86 architecture cannot be unified between network security and network performance due to CPU processing power and PCI bus speed.

From a functional point of view, the firewall developed on the x86 architecture based on a general-purpose processor is powerful and extensible; although the ASIC-based firewall is very powerful in performance, it is functional, flexible, and scalable. The aspect is much worse.

Due to the difficulty of developing ASIC-based firewalls, long cycles, and poor product flexibility, it is not suitable for the development of domestic manufacturers with weak technology and capital accumulation. Therefore, with the maturity and development of NP technology, the development of NP-based network security products has become the first choice of domestic manufacturers.

It ’s just that this is going up and down, not who is destroying who

Compared with the firewall based on the general-purpose CPU architecture, the firewall based on the network processor architecture can be greatly improved in performance. The NP-based firewall can integrate the functions of the x86 architecture firewall and the performance of the ASIC firewall. The network processor can make up for the lack of performance of the general-purpose CPU architecture, and at the same time does not require the large amount of capital and technical accumulation required to develop a firewall based on ASIC technology. A popular choice for firewalls. Therefore, in the high-end Gigabit market, NP-based firewalls will be an important trend.

However, this trend is a trade-off relationship. It is not who wipes out the relationship. The three firewalls will coexist in the market for a long time. In the future, in the low-end Gigabit market, x86-based firewalls will become the mainstream; in the high-end Gigabit market, NP-based firewalls will occupy a larger market share.

APM Programmable Ac Power Supply is a switching mode single-channel output AC source with wide range of adjustable frequency, developed for aerospace or military`s 400Hz and 800Hz test applications, such as lab use, compliance test, and quality assurance.APM Adjustable Ac Power Supply is ideal for commercial, power electronics, avionics, military and regulation test applications from bench-top testing to mass production.

The AC source is capable of delivering up to 5 times of peak current compared to its maximum rated current that makes it ideal for inrush current test.

Some features as below:


  • 5.6"large touch color screen
  • AC+DC mixed or independent output mode
  • Capable of setting output slope/phase angle  
  • Built-in IEC standard test function
  • Built-in multiple protections
  • Built-in power meter
  • Support impedance function
  • Support for LIST/PULSE/STEP mode & Transient mode
  • Standard RS232/RS485/USB/LAN, Optional GPIB/multiphase card.
  • Support master and slave parallel mode to realize power extension
  • Support harmonics/inter-harmonics simulation and measuring function
  • Support for USB data import/export and scree nap from front panel
  • PWM technologies, with up to 86% efficiency   
  • CE, CSA, UL, ROHS Certified


2000W AC Power Supply

2000W Ac Power Supply,Ac Output Power Supply,Ac Adapter Power Supply,2000W Switching Power Supply

APM Technologies (Dongguan) Co., Ltd , https://www.apmpowersupply.com