The most common NFV product that I had come across is in security domain viz., firewalls.
To get an idea on how good they are, I checked the Juniper, PaloAlto & Fortinet Virtual Firewall products.
Juniper’s Branch SRX products (dedicated hardware)
The Virtualized Firewall product is referred to as FireFly Perimeter.
Looking at the Firewall performance (IMIX), the FireFly’s performance of 1.2Gbps is double that of SRX240 (600Mbps) & ~75% of SRX550’s performance. This indicates that it can easily replace both the products.
From Palo Alto’s website, the comparison of their products is as follows:
This indicates that VM-300 & PA-2050 are on par. They had recently launched VM-1000HV product which can support 10,000 policies.
The Fortinet’s datasheet indicates that their appliance can process upto 4Gbps. The little “*” on 4Gbps has a note saying “Tested on Dell M910 (Intel Xeon Processor E7-4830 CPU 2.13 GHz, 2 physical 10 GBe interfaces) and optimized traffic flow. Testing was conducted on VMware ESXi 4.1 and Citrix XenServer 5.6sp2 virtualization platforms”.
Another interesting news that I had recently read on performance is from 6wind:
“At Open Networking Summit (ONS) in Santa Clara this week, 6WIND will show a live demo of an accelerated virtual switch delivering 195 Gbps throughput. The demo includes Mellanox ConnectX®-3 Pro cards with dual 40G NICs plugged on an HP ProLiant server running Red Hat Enterprise Linux and tested with an IXIA 40G traffic generator. 6WINDGate includes a Mellanox poll mode driver (PMD) for direct access to the networking hardware without the involvement of the Linux OS.”
To summarize, the throughput numbers are impressive. In the next blog, let us take a look at what advances in processor technology & what implementation techniques enabled achieving throughput in Gbps.