AT&T, Palo Alto Networks and Broadcom Collaborate to Develop a Disaggregated Scalable Firewall (DSFW)

DSFW’s Software-Centric Security Approach Needed as 5G Data Demand Takes Off 

AT&T*, Palo Alto Networks and Broadcom have collaborated to develop the Disaggregated Scalable Firewall (DSFW) framework. This is an expansion to the Distributed Disaggregated Chassis (DDC) recently contributed to the Open Compute Project (OCP). DSFW will enable network operators to deploy firewalls as software-based platforms rather than hardware appliances.

The DSFW expansion will deliver the first dynamically programmable fabric with embedded security functions and services at the edge of the network. DSFW will also open the door to future Scalable Disaggregated Application Services. AT&T and Palo Alto Networks look forward to input from other OCP members.

The three organizations involved in the creation of DSFW each brought unique capabilities.

Palo Alto Networks’ technology supports security capabilities directly on the network edge. This allows for protection of the network with continuous security, automation and analytics. Palo Alto Networks enable DSFW to scale dynamically as network traffic increases even during peak demand.

The release of Broadcom’s Jericho 2 chip was fundamental in the OCP contribution of the DDC and is an essential part of the DSFW solution. Broadcom provided expertise for the J2 functionality, coupled with a new development on the chip to retain Layer 4 session information, which allows for the hardware offload, improving the scalability of the solution. The session-aware application will determine what can be processed directly on the fabric silicon instead of having to go to the DSFW for further inspection.

AT&T, which has been disaggregating its network components for several years, worked with Palo Alto Networks and Broadcom to define the requirements, including scalability and functionality, for network security services in a carrier environment. The DSFW’s open hardware and software design support flexible deployment models that align with AT&T’s overall network strategy. This initiative focuses on using AI and machine learning to prevent attacks using actionable events, which is embedded in the network fabric and does not require separate hardware.

“Security has always been at the forefront of AT&T’s network initiatives,” said Michael Satterlee, vice president, Network Infrastructure and Services, AT&T. “Traditionally, we have had to rely on centralized security platforms or co-located appliances which are either not directly in the path of the network or are not cost effective to meet the scaling requirements of a carrier. We now carry more than 335 petabytes of data traffic on our global network on an average day, with 5G poised to push that number even higher. Securing that cargo using traditional methods just won’t work. This new design embeds security on the fabric of our network edge that allows control, visibility and advanced threat protection.”

“By teaming up with AT&T, we are further advancing the industry’s OCP initiative in the area of cybersecurity and helping our customers not only support today’s market needs but also be ready for future demand,” said Alex Zinin, vice president of Worldwide Service Provider Business, Palo Alto Networks. “Our collaboration brings together leading technology that will enhance AT&T’s network initiatives by embedding Palo Alto Networks’ best-of-breed security capabilities directly in the infrastructure.”

“We commend AT&T and Palo Alto Networks on the release of the DSFW framework,” said Oozie Parizer, senior director of product marketing, Core Switching Group, Broadcom. “This approach enables pervasive security at terabit scale economically. Through our close technical collaboration, we have leveraged the extensive capabilities in Jericho2 and look forward to delivering additional solutions in the very near future, to secure and scale the network infrastructure.”