Portland, OR -- (ReleaseWire) -- 12/13/2017 --IPCopper, Inc. is please to announce the benchmark test results for processing 10,000 firewall rules and IDS signatures on their latest platform, the IPCopper USC8032 Network Monitor. The USC8032 Network Monitor is the latest in IPCopper's lineup of high-speed, high-performance network appliances, combining real-time network monitoring, firewalling, packet capture and keyword signatures with superior performance and a large capacity.
In the first test, IPCopper tested the USC8032's ability to identify packets and attach them to virtual buckets for quick analysis and visualization while receiving and capturing packets at multi-gigabit speeds. IPCopper's team generated and sent 4,000,000,000 packets with variable IP addresses through the USC8032. The USC8032 in turn captured both headers and payloads, recorded and forwarded each packet in full, while at the same time analyzing each packet using a rule set with 10,000 IP address rules (one IP address per rule). Every rule independently collected matches and segregated the packets into separate virtual buckets, also generating graphs in real time for each of the 10,000 buckets/rules. Each bucket/rule could be configured with forty different options; in this test all bucket rules were set to capture in full and forward the matching packets. The datastream was configured so that each packet matched at least one IP address rule, in addition to being collected in one common bucket. Every packet was timestamped to within one ten millionth of a second with continuous GPS time tracking at a subsecond level. The USC8032 achieved all of this with zero packet loss at a continuous rate of 8.65 Gbps and at over 6.5 million packets per second. Additionally, the operator had immediate access to the specific packet data matching an individual rule and could view an interactive graph of the data.
The second test utilized a rule set with 10,000 individual keyword signature rules, each composed of 16 random characters, plus frame size, MAC and IP rules. In this test the packet generator composed the datastream so that each packet matched at least one of the 10,000 signatures as well as a frame-size rule and an IP address rule. As a result, each packet ended up in an individual signature's bucket, a frame size bucket and an IP address bucket, allowing the operator immediate access to packets that only matched a specific signature. While running the packets through the keyword signature rules, the USC8032 searched the entire packet from beginning to end, including the complete payload. The USC8032 delivered a performance of 3.6 Gbps with no packet loss.
During testing the test team actively used the web-based user interface to track performance and utilization and to observe the progress of the billions of packets coursing through the machine. Throughout both tests the web interface remained very responsive, handling the team's requests within 100 milliseconds and remaining stable even at core engine utilization of 97-99%. Through the web-based interface the test team was able to monitor the rules and signatures, observing as individual rules accumulated matches and gathered data in real time, as it came through on the wire.
As these test results illustrate, the USC8032 provides operators an unprecedented ability to detect, intercept, filter, record and analyze over 10,000 scenarios in real time on networks with speeds up to 10Gbps, giving them the ability to make informed decisions by visualizing the network traffic, looking at the raw packets and conducting analysis of suspicious or anomalous activity. This monitoring and analysis is further enhanced by the USC8032's ability to filter packets and trigger email alerts in real-time based on over forty parameters, including frame size, MAC and IP address ranges and time of day, and to automatically and dynamically modify the behavior of the system, while still continuously processing traffic at speeds up to 10Gbps. In addition, the USC8032 can operate in clusters to multiply processing capacity for even busier networks. In the case of the second test above, the throughput could be increased to full 10Gbps by splitting the workload between three interconnected USC8032s. Users may also create multiple rule sets and apply them to previously captured data for independent analysis, research and simulation.
For more information on IPCopper's USC8032 Network Monitor, please visit www.ipcopper.com.