The document summarizes test results for the Huawei Eudemon8000E-X16 next-generation firewall. Testing showed that with real-world Internet Mix (IMIX) traffic simulating a 5,000 employee enterprise, the firewall achieved 200Gbps throughput across 20 ports, supported over 6.5 million new connections per second, and handled nearly 80 million concurrent connections. The results demonstrate the firewall's ability to deliver performance needed to address exponentially growing network and security demands.
2. About Huawei
Huawei Technologies Co., Ltd
Huawei is a leading information and communications technology
(ICT) solutions provider. Founded in 1987, Huawei has grown from
a small company with $5,680 in revenue, to a global powerhouse.
Huawei products and solutions have been deployed in over 140
countries, serving more than one third of the world’s population.
In 2011, Huawei achieved sales revenue of $28 billion, a year-onyear increase of 24.2%. In 2011 the company created the Huawei
Enterprise Division to supply data center infrastructure including
servers, storage, networking and security. In 2012, the company
announced that worldwide R&D headquarters for its Enterprise
division is based in Santa Clara, California.
Worldwide R&D headquarters for Huawei Enterprise in Santa Clara, California grew to over
600 people in 2011.
Addressing the Need for Next Generation Firewall Performance
The sophistication of new threats combined with the explosive growth of mobile terminals has created the
need for a new generation of security gateways which can handle huge numbers of users and massive DDoS
attacks, without degrading network performance. Therefore a key capability for addressing next generation
security is scaling firewall performance to millions of new sessions per second, tens of millions of concurrent
sessions, and hundreds of Gbps of throughput.
The number of terminals,
and sources of malware,
accessing the internet will
grow exponentially to 50
billion by 2020.
Goals
Scale performance to millions of new sessions per second, tens of millions of concurrent sessions, and hundreds of Gbps of throughput.
Document # TEST2012001 v8, March, 2012
Page 2 of 6
3. Eudemon8000E-X
Eudemon8000E-X High End Security Gateways
Organizations transitioning to cloud environments must provide mass access control, border security and dynamic virtualization security, all of which can dramatically increase business risks and drive up IT costs. The
Huawei Eudemon8000E-X series of high-end security gateways is designed to meet these challenges with seven-layer defense technology, by ensuring a high detection ratio with low false negatives and positives, and by
providing comprehensive IPv6 attack defense capability and transition solutions.
The product tested in this report is the Eudemon8000E-X16.
Specification
Eudemon8000E-X3
Eudemon8000E-X8
Eudemon8000E-X16
20Gbps*2
20Gbps*5
20Gbps*10
8M*2
8M*5
8M*10
500K*2
500K*5
500K*10
Throughput
Concurrent Sessions
New Sessions Per Second
FW: ASPF/anti-DDoS/NAT/PAT/virtual FW/GTP
VPN: IPSec/GRE/L2TP/IKEv2
Features
Routing: RIP/OSPF/BGP/static routing/I GMP/source address routing
IPS: traffic reassembly/signature-based IPS/protocol anomaly detection/automatic
upgrade
Interfaces
Ethernet: 2 x 10G, 24 x GE O/E, 1 x 10G+12 x GE O/E …
POS: 1 x 10G, 2 x 10G
Architecture
Multi-core for concurrent processing of multiple services
such as NAT, ASPF, Anti-DDoS, and VPN.
Document # TEST2012001 v8, March, 2012
Page 3 of 6
4. Test Methodology
IMIX Throughput Testing
The objective of the testing covered in this report was to
validate the firewall throughput of the Huawei Eudemon8000E-X16. To achieve this goal, the IXIA test equipment and Eudemon8000E-X16 were configured for Layer 3
IMIX throughput testing with firewall enabled. IMIX traffic
was configured to simulate typical traffic for a 5,000 employee enterprise, including legitimate, illegitimate, and
control traffic . Port 1 of the IXIA chassis was connected to
the input port of the Eudemon8000E-X16, and Port 2 of the
IXIA chassis was connected to the Output port of the Eudemon8000E-X16. UDP traffic was launched from Port 1 of
the IXIA chassis through the Eudemon8000E-X16, to Port 2 of
the IXIA chassis to test the forwarding throughput. The duration of each test run was 60 seconds.
IMIX for each 10Gbps Port
IMIX Model—5,000 Employee Enterprise, 5Gbps
egress bandwidth, 410 byte packets, 40k cps, 50%
legitimate traffic, 20% illegitimate traffic (traffic denied, DDoS), 30% controlled traffic (control, file filtering, etc.)
Test Topology
IXIA Chassis
IXIA Chassis
(Port 1)
Eudemon8000E-X16 Security Gateway
IMIX
(Port 2)
An Internet Mix (IMIX) of packets enables performance to resemble
what can be seen with typical Internet traffic.
Document # TEST2012001 v8, March, 2012
Page 4 of 6
5. Real World Performance
200Gbps IMIX Throughput
With IMIX traffic configured to simulate
typical traffic for a 5,000 employee enterprise—including legitimate, illegitimate,
and control traffic—each of the 20 ports
on the Eudemon8000E-X16 performed at
full 10Gbps line rate.
6.5M New Connections per Second
The Eudemon8000E-X16 demonstrated
the ability to support the volume of traffic
found in large enterprises, or even carriers,
by sustaining well over 6M connections
per second.
80 Million Concurrent Connections
Demonstrating its ability to deliver high
network availability during a large DDoS
attack, the Eudemon8000E-X16 was able
to support almost 80M concurrent connections.
Results
Using real world IMIX traffic, the Eudemon8000E-X delivers next generation firewall performance of 200Gbps throughput, 6.5M New Connections per second and 80M Concurrent Connections
Document # TEST2012001 v8, March, 2012
Page 5 of 6
6. Resources
Related Links
To learn more about the companies, technologies and products mentioned in this report, visit the following
web pages:
Huawei Technologies
Eudemon8000E-X
IXIA
Security Testing using IXIA
IT Brand Pulse
About the Author
Frank Berry is founder and senior analyst for IT Brand Pulse: an IXIA Lab Partner and
trusted source of data and analysis about IT infrastructure, including servers, storage
and networking. As former vice president of product marketing and corporate marketing for QLogic, and vice president of worldwide marketing for the automated tape
library division of Quantum, Mr. Berry has over 30 years experience in the development and marketing of IT infrastructure. If you have any questions or comments
about this report, contact frank.berry@itbrandpulse.com.
Document # TEST2012001 v8, March, 2012
Page 6 of 6