Test Report

Breaking the 200Gb Barrier Real world firewall throughput testing including

legitimate, illegitimate, and control traffic

Featuring

Eudemon8000E-X Security Gateway

Network & Security Test Equipment

Copyright 2012© IT Brand Pulse. All rights reserved. Document # TEST2012001 v8, March, 2012

About Huawei

Huawei Technologies Co., Ltd Huawei is a leading information and communications technology (ICT) solutions provider. Founded in 1987, Huawei has grown from a small company with $5,680 in revenue, to a global powerhouse. Huawei products and solutions have been deployed in over 140 countries, serving more than one third of the world’s population. In 2011, Huawei achieved sales revenue of $28 billion, a year-on-year increase of 24.2%. In 2011 the company created the Huawei Enterprise Division to supply data center infrastructure including servers, storage, networking and security. In 2012, the company announced that worldwide R&D headquarters for its Enterprise division is based in Santa Clara, California.

Addressing the Need for Next Generation Firewall Performance

The sophistication of new threats combined with the explosive growth of mobile terminals has created the need for a new generation of security gateways which can handle huge numbers of users and massive DDoS attacks, without degrading network performance. Therefore a key capability for addressing next generation security is scaling firewall performance to millions of new sessions per second, tens of millions of concurrent sessions, and hundreds of Gbps of throughput.

Page 2 of 6 Document # TEST2012001 v8, March, 2012

Scale performance to millions of new sessions per second, tens of mil-

lions of concurrent sessions, and hundreds of Gbps of throughput. Goals

Worldwide R&D headquarters for Huawei En-

terprise in Santa Clara, California grew to over

600 people in 2011.

The number of terminals,

and sources of malware,

accessing the internet will

grow exponentially to 50

billion by 2020.

Eudemon8000E-X

Eudemon8000E-X High End Security Gateways Organizations transitioning to cloud environments must provide mass access control, border security and dy-namic virtualization security, all of which can dramatically increase business risks and drive up IT costs. The Huawei Eudemon8000E-X series of high-end security gateways is designed to meet these challenges with sev-en-layer defense technology, by ensuring a high detection ratio with low false negatives and positives, and by providing comprehensive IPv6 attack defense capability and transition solutions. The product tested in this report is the Eudemon8000E-X16.

Page 3 of 6 Document # TEST2012001 v8, March, 2012

Multi-core for concurrent processing of multiple services

such as NAT, ASPF, Anti-DDoS, and VPN. Architecture

Specification Eudemon8000E-X3 Eudemon8000E-X8 Eudemon8000E-X16

Throughput 20Gbps*2 20Gbps*5 20Gbps*10

Concurrent Sessions 8M*2 8M*5 8M*10

New Sessions Per Second 500K*2 500K*5 500K*10

Features

FW: ASPF/anti-DDoS/NAT/PAT/virtual FW/GTP

VPN: IPSec/GRE/L2TP/IKEv2

Routing: RIP/OSPF/BGP/static routing/I GMP/source address routing

IPS: traffic reassembly/signature-based IPS/protocol anomaly detection/automatic

upgrade

Interfaces Ethernet: 2 x 10G, 24 x GE O/E, 1 x 10G+12 x GE O/E …

POS: 1 x 10G, 2 x 10G

Test Methodology

An Internet Mix (IMIX) of packets enables performance to resemble

what can be seen with typical Internet traffic. IMIX

IMIX Throughput Testing

The objective of the testing covered in this report was to

validate the firewall throughput of the Huawei Eu-

demon8000E-X16. To achieve this goal, the IXIA test equip-

ment and Eudemon8000E-X16 were configured for Layer 3

IMIX throughput testing with firewall enabled. IMIX traffic

was configured to simulate typical traffic for a 5,000 em-

ployee enterprise, including legitimate, illegitimate, and

control traffic . Port 1 of the IXIA chassis was connected to

the input port of the Eudemon8000E-X16, and Port 2 of the

IXIA chassis was connected to the Output port of the Eu-

demon8000E-X16. UDP traffic was launched from Port 1 of

the IXIA chassis through the Eudemon8000E-X16, to Port 2 of

the IXIA chassis to test the forwarding throughput. The dura-

tion of each test run was 60 seconds.

Page 4 of 6 Document # TEST2012001 v8, March, 2012

IXIA Chassis

(Port 1)

IXIA Chassis

(Port 2) Eudemon8000E-X16 Security Gateway

Test Topology

IMIX Model—5,000 Employee Enterprise, 5Gbps egress bandwidth, 410 byte packets, 40k cps, 50% legitimate traffic, 20% illegitimate traffic (traffic de-nied, DDoS), 30% controlled traffic (control, file filter-ing, etc.)

IMIX for each 10Gbps Port

Real World Performance

200Gbps IMIX Throughput With IMIX traffic configured to simulate typical traffic for a 5,000 employee enter-prise—including legitimate, illegitimate, and control traffic—each of the 20 ports on the Eudemon8000E-X16 performed at full 10Gbps line rate.

6.5M New Connections per Second The Eudemon8000E-X16 demonstrated the ability to support the volume of traffic found in large enterprises, or even carriers, by sustaining well over 6M connections per second.

80 Million Concurrent Connections Demonstrating its ability to deliver high network availability during a large DDoS attack, the Eudemon8000E-X16 was able to support almost 80M concurrent connec-tions.

Using real world IMIX traffic, the Eudemon8000E-X delivers next gen-

eration firewall performance of 200Gbps throughput, 6.5M New Con-

nections per second and 80M Concurrent Connections

Results

Page 5 of 6 Document # TEST2012001 v8, March, 2012

Resources

Related Links To learn more about the companies, technologies and products mentioned in this report, visit the following web pages: Huawei Technologies Eudemon8000E-X IXIA Security Testing using IXIA IT Brand Pulse

About the Author

Frank Berry is founder and senior analyst for IT Brand Pulse: an IXIA Lab Partner and trusted source of data and analysis about IT infrastructure, including servers, storage and networking. As former vice president of product marketing and corporate mar-keting for QLogic, and vice president of worldwide marketing for the automated tape library division of Quantum, Mr. Berry has over 30 years experience in the develop-ment and marketing of IT infrastructure. If you have any questions or comments about this report, contact frank.berry@itbrandpulse.com.

Page 6 of 6 Document # TEST2012001 v8, March, 2012