OpenGate: Towards an open network services gateway

Authors:
Yaxuan Qi;Fei He;Xiang Wang;Xinming Chen;Yibo Xue;Jun Li
Affiliations:
Department of Automation, Tsinghua University, Beijing, China;Department of Automation, Tsinghua University, Beijing, China;School of Software Engineering, University of Science and Technology of China, Hefei, China;Department of Automation, Tsinghua University, Beijing, China;Department of Automation, Tsinghua University, Beijing, China and Tsinghua National Lab for Information Science and Technology, Beijing, China;Department of Automation, Tsinghua University, Beijing, China and Tsinghua National Lab for Information Science and Technology, Beijing, China
Venue:
Computer Communications
Year:
2011

Citing 10
Cited 0

Internet indirection infrastructure

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding Linux Network Internals

Understanding Linux Network Internals
Conservative vs. optimistic parallelization of stateful network intrusion detection

Proceedings of the 12th ACM SIGPLAN symposium on Principles and practice of parallel programming
Rethinking hardware support for network analysis and intrusion prevention

HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Ethane: taking control of the enterprise

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Supercharging planetlab: a high performance, multi-application, overlay network platform

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Towards high-performance flow-level packet processing on multi-core network processors

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
OpenFlow: enabling innovation in campus networks

ACM SIGCOMM Computer Communication Review
NOX: towards an operating system for networks

ACM SIGCOMM Computer Communication Review
A policy-aware switching layer for data centers

Proceedings of the ACM SIGCOMM 2008 conference on Data communication

Quantified Score

Hi-index	0.24

Visualization

Abstract

In this paper, we propose an extensible open network services gateway (OpenGate) for high-performance network processing at the edge of high-speed networks. The OpenGate system embraces recent advances of open network technologies: the performance is guaranteed by using open-standard ATCA platforms; and the extensibility is achieved by employing parallelized open source software. As an application example of OpenGate, a high-performance security gateway, OpenGate-SG, was developed using existing ATCA platforms and open source software. This system provides multiple security services, including stateful firewall, intrusion prevention and anti-virus. Experimental results show that, OpenGate-SG can achieve up to 200Gbps stateful firewall throughput with 8Gbps intrusion prevention and anti-virus, which is competitive to the performance of today's high-end security products. OpenGate-SG has also been tested as a security gateway for a university campus network with more than 1000 students.