AT&T, Palo Alto Networks and Broadcom have collaborated to develop the Disaggregated Scalable Firewall (DSFW) framework, a framework for a virtual firewall.

This is an expansion to the Distributed Disaggregated Chassis (DDC) recently contributed to the Open Compute Project (OCP). DSFW will enable network operators to deploy firewalls as software-based platforms rather than hardware appliances.

The DSFW expansion will deliver the first dynamically programmable fabric with embedded security functions and services at the edge of the network. DSFW will also open the door to future Scalable Disaggregated Application Services. AT&T and Palo Alto Networks look forward to input from other OCP members.

Palo Alto Networks’ technology supports security capabilities directly on the network edge. This allows for protection of the network with continuous security, automation and analytics. Palo Alto Networks enable DSFW to scale dynamically as network traffic increases even during peak demand.

The release of Broadcom’s Jericho 2 chip was fundamental in the OCP contribution of the DDC and is an essential part of the DSFW solution. Broadcom provided expertise for the J2 functionality, coupled with a new development on the chip to retain Layer 4 session information, which allows for the hardware offload, improving the scalability of the solution. The session-aware application will determine what can be processed directly on the fabric silicon instead of having to go to the DSFW for further inspection.

AT&T, which has been disaggregating its network components for several years, worked with Palo Alto Networks and Broadcom to define the requirements, including scalability and functionality, for network security services in a carrier environment. The DSFW’s open hardware and software design support flexible deployment models that align with AT&T’s overall network strategy. This initiative focuses on using AI and machine learning to prevent attacks using actionable events, which is embedded in the network fabric and does not require separate hardware.

“Security has always been at the forefront of AT&T’s network initiatives,” said Michael Satterlee, vice president, Network Infrastructure and Services, AT&T. “Traditionally, we have had to rely on centralized security platforms or co-located appliances which are either not directly in the path of the network or are not cost effective to meet the scaling requirements of a carrier. We now carry more than 335 petabytes of data traffic on our global network on an average day, with 5G poised to push that number even higher. Securing that cargo using traditional methods just won’t work. This new design embeds security on the fabric of our network edge that allows control, visibility and advanced threat protection.”