AT&T, Palo Alto Networks and Broadcom on Friday announced a framework for a virtual firewall, known as a Disaggregated Scalable Firewall (DSFW). According to AT&T, the DFSW architecture is designed to secure and protect global network traffic in the 5G era. The DSFW lets network operators deploy firewalls as software-based platforms rather than hardware appliances.
The framework is an expansion to the Distributed Disaggregated Chassis (DDC) white box architecture that AT&T submitted to the Open Compute Project last September. The expansion delivers a dynamically programmable fabric with embedded security at the edge of the network, AT&T said. Specifically, the framework embeds AI and machine learning in the network fabric to prevent attacks.
“Security has always been at the forefront of AT&T’s network initiatives,” said Michael Satterlee, VP of network infrastructure and services for AT&T. “Traditionally, we have had to rely on centralized security platforms or co-located appliances which are either not directly in the path of the network or are not cost effective to meet the scaling requirements of a carrier. This new design embeds security on the fabric of our network edge that allows control, visibility and advanced threat protection.”
AT&T said the framework — which uses an open hardware and software design to support flexible deployment models — also represents its white box approach to network design and deployment.
In addition to AT&T’s contributions on the network side, Palo Alto Networks’ edge security technology and Broadcom’s Jericho 2 silicon chip were integral to the DSFW’s design. Broadcom also provided expertise for the Jericho 2 functionality, along with a new wrinkle on the chip to retain Layer 4 session information, which allows for the hardware offload. The companies said they hope to get feedback from other OCP members following this DSFW’s release.