Corsa Networks has announced Red Armor NSE7000 Network Security Enforcement, a new line of hardware devices to filter DDoS attacks. Red Armor combines an internal switch fabric and an FPGA for high-speed packet analysis.
Corsa claims it can process up to 150 million L3/L4 frames per second at for 100Gig line-rate throughput. The company positions the Red Armor line for telcos, service providers, CDNs, and very large enterprises.
A Red Armor device is placed inline in front of an organization’s gateway router and acts a bump in the wire during normal traffic conditions. It will analyze traffic only when a DDoS attack is detected.
However, Red Armor doesn’t have DDoS detection capabilities. It relies on third-party products to indicate an attack and program Red Armor to respond. Response rules can be sent to Red Armor via BGP FlowSpec, a REST API, or OpenFlow.
During the attack, the Red Armor device analyzes packets against the rule set. Good packets are passed along to the router. Attack packets can be dropped, rate-limited, or set for DSCP remark.
At present, Red Armor integrates with DDoS detection software from Flowmon. “It’s two entries in a GUI on the Flowmon software to tell the tool we exist at the end of a BGP FlowSpec line,” said Bruce Gregory, CEO of Corsa, in an interview. “Then rules are pushed out-of-band into our management interface and we absorb them and act accordingly.”
The company says it’s working to incorporate detection capabilities from Kentik and Arbor Networks, but they aren’t officially supported yet.
The company can also export performance monitoring statistics via REST that customers can incorporate into their network operations tools.
The Red Armor line includes the 7200, which is the base platform. The 7500 line lets customers stack boxes to deal with multiple 100Gig links. The list price is $119,000. The products are available now.