Achieving High Performance and Efficiency with Firewalls and Networking Workloads on Arm Neoverse

Next Gen Firewalls (NGFW) are more than just firewalls. They are advanced security solutions that inspect every packet that passes through them, looking for signs of malware, viruses, ransomware, phishing, and other threats. They also decrypt encrypted traffic, such as HTTPS, to ensure that no malicious content is hidden inside. And they use AI-powered algorithms to detect unknown or zero-day attacks that may not match any known signatures. 

All these functions are very demanding on the CPU, memory, and network resources. If not properly deployed or configured, NGFWs can become bottlenecks, slowing down the network and affecting the user experience. They can also consume a lot of power and resources to run, thereby risking a chance to drive up the operational costs of deploying them. 

To overcome these challenges, NGFWs need to be scalable, efficient, and cost-effective. They need to be able to handle the increasing traffic volume and variety, while maintaining high performance and security levels. They also need to be flexible and adaptable, allowing for easy deployment, configuration, and management. 

Performance Optimizing NGFWs on Arm Neoverse 

Arm Neoverse family of Infrastructure CPUs are designed to deliver world-class performance, efficiency, and compute density for a wide range of cloud-native workloads. To demonstrate the performance optimization of NGFW on Arm Neoverse, we partnered with TechMahindra, a leading provider of digital transformation and consulting services, to scale and optimize an NGFW application on Arm Neoverse-N1-based processor, Ampere® Altra®. This is the industry’s first 80-core server processor, delivering exceptional performance, scalability, and power efficiency for cloud and edge computing. 

The NGFW was built using off-the-shelf open-source components like DPDK, VPP, Snort and Vectorscan which have been optimized for Arm over last few years. We configured the NGFW application to run across 48 cores, leaving 32 cores for other applications while delivering 200 Gbps throughput. We used the industry accepted TRex test framework to simulate real-time application data and measure the throughput and latency of the NGFW application. We also applied various optimizations and best practices to achieve optimal results. If you are interested in learning more about NGFW on Arm Neoverse, we invite you to read our whitepaper (link below), where we provided more details about the architecture, setup, configuration, optimization, and results. All the code and scripts we used for the setup are publicly available on Gitlab repositories. We also plan to push our code upstream, making it accessible to everyone. 

Performance Results of NGFW on Arm Neoverse

The results show that NGFW on Arm Neoverse is a scalable, efficient, and cost-effective solution for network security. By deploying NGFW on Arm Neoverse, you can: 

• Achieve high throughput and performance, while maintaining high security levels 
• Utilize fewer cores and less power, while processing more traffic and saving costs 
• Leverage the flexibility and adaptability of open-source software and Arm architecture 
• Run other applications on the same processor, maximizing the resource utilization and value 

This project lays a foundation that unlocks further optimization.  It is the beginning of an exercise to scale and optimize modern networking applications across Arm Neoverse based cores.

Download Whitepaper