RealTime IT News

New Juniper Networks Processor Takes On DOS Attacks

Juniper Networks Inc. Tuesday introduced its next-generation Internet processor that will be put to work thwarting denial of service attacks.

Juniper's (JNPR) application-specific integrated circuit (ASIC) Internet Processor II is designed to break through performance limitations of current software based approaches for load balancing, packet filtering and traffic shaping. Internet service providers can scale their operations and service offerings regardless of circuit speed or density.

MCI WorldCom Inc. plans to deploy the new processor in March on a run between Chicago, New York and Washington, D.C. Its UUNET subsidiary is considering deploying Juniper's ASICs in its entire router network while Metromedia Fiber Network Inc. subsidiary, AboveNet Communications Inc., plans to deploy Juniper Networks' new ASIC capabilities within its global IP network to strengthen security against denial of service attacks.

Vint Cerf, MCI WorldCom (WCOM) senior vice president for Internet architecture and technology, said the Juniper processor is more flexible than past IP solutions.

"While other routers have offered IP packet filtering, shaping and policing in software in the past, the Internet Processor II offers even more flexibility at little or no cost in terms of performance," Cerf said. "The ability to perform these functions at OC-192 wire speeds is unprecedented in the industry."

Managing some of the world's leading Internet networks is a time-intensive process. The Juniper ASIC allows network management to see into network trends and traffic patterns. Because ASIC runs filtering processes without diminishing router performance, Internet service providers can add filtering and while maintaining peak network performance.

Mark Krause, UUNET director of network security, said that previously it had to pay a performance penalty when UUNET turned on filtering software.

"By implementing sophisticated packet filtering capabilities in hardware form, we are able to place filtering at the same priority level as forwarding packets, without compromising performance for our customers," Krause said.

Paul Vixie, Metromedia Fiber Network (MFNX) senior vice president for Internet services, said the firm is in pursuit of security capabilities that could help to block and track DOS attacks to protect customers from potential service disruptions.

"We have been building up security in our network against denial of service attacks and unauthorized access to application servers, but lacked an effective solution that let us apply complex filters and still maintain wire-speed performance," Vixie said. "The Internet Processor II is a valuable new addition to our arsenal of preventive measures against DOS attacks."

Pradeep Sindhu, Juniper Networks chief technical officer, said the processor breaks through past network performance barriers.

"The real uniqueness of the Internet Processor II lies in its ability to perform wire-rate filtering at high speeds, from OC-48 and up to OC-192," Sindhu said. "By adding our new M160 Internet backbone routers using the Internet Processor II to the core of their network, MFN can look forward to blocking DOS attacks more effectively without compromising performance."

Juniper's new release enables IP packet filtering, sampling, counting, and load balancing capabilities over high-speed networks. By deploying packet filtering anywhere at any circuit speed in their network