SAN JOSE, CALIF. (02/18/2000) - Startup RapidStream Inc. is making a box that combines the features of traditional firewalls, policy managers and encryption gear in a single device that promises to deliver higher throughput than the individual devices.
When it is released in June, the startup's gear will let large enterprise customers consolidate multiple security functions on a single device, making security management easier. It will also prevent securityrelated packet processing from becoming a bottleneck.
The unnamed RapidStream equipment will operate at a top speed of 400M-bps when it is released in June, but its performance will improve to a gigabit per second over the course of the next year, CEO Vince Liu says.
That outstrips the speed of competitors by hundreds of megabits per second. For instance, Secure Computing's Sidewinder firewall tops out at 19.8M-bps, according to a Network World firewall performance test.
NetSpeed makes a multifunction appliance such as RapidStream with a top speed of 400M-bps, but will announce gigabit speeds this spring.
RapidStream equipment is meant for the largest enterprises that already have perimeter security in place, but find they have higher bandwidth traffic than the security devices can handle, says Eric Hemmendinger, an analyst with Aberdeen Group, a network consultancy in Boston. The problem the large users face is that firewall and encryption software typically runs on generalpurpose computers that handle data at less than 50M-bps. "These are becoming choke points," he says.
RapidStream's devices sit next to a router or switch, and traffic flows through them via two Ethernet ports. The box is built around RapidCore, a custom processor that enforces network policies with minimal use of the box's CPU and internal bus. When traffic comes into the RapidStream device, RapidCore reads packets down to the application layer and decides what policies it should enforce on each packet.
For the first packet in a packet flow, this request for policy data is handled by the CPU and stored in memory in the RapidCore processor. When subsequent packets come in with identical headers, the RapidCore processor already knows what policies to enforce without sapping the CPU, Liu says.
Based on this policy data, RapidCore can enforce firewall policies, quality of service, load balancing, encryption and network address translation without bothering the CPU again.
Adding hardware accelerators to standard computers can off-load the actual encryption of data, but that requires multiple trips back and forth to the CPU before a packet leaves the box, Liu says. The CPU gets overloaded as well as the system bus when handling high volumes of traffic, he adds.
Liu is the veteran of two previous start-ups, Bridge Communications and Centrum Communications, which were both absorbed by 3Com. Liu also served stints as 3Com's vice president of operations and vice president of engineering.
RapidStream plans to announce product names and other details this spring and ship the products in June. The company is currently making up its beta-test list.