Network Protocols, Security Stacks, Content Scanning (PCRE / RegEX)
Paxym founders and development team have decades of experience working for Tier-1 Network Equipment Vendors like Cisco Systems, Juniper Networks as well as a long list of Start-ups and Mid-sized companies. With extensive skills in Data communications space, we have been serving our customers network protocol software and Network Security stacks development needs.
Our Customers utilized our services for:
- Development of Protocol handler software,
- Protocol offload via Control/Data-Plane Acceleration on Multicore CPUs,
- Performance Tuning of existing network stacks,
All these resulted in multi-gigabit speed solutions for our customers in voice, wired-data and wireless domains. We have developed and worked on implementations of Standards-based Protocols as well as Customer Proprietary Protocols.
Another category of our customers is the Test Equipment and Traffic Generator Vendors. We have provided them
- High throughput traffic generators, (IPv4, IPv6, IPSec, RTP),
- High density sessions / tunnels /flows source and termination (IPSec, Voice, GIF, RTCP etc.)
- Malware, Exploit generation (IDS/IPS exploit pcaps, Virus Signature players)
3rd Party Stacks
We have detailed understanding and deep expertise working with Protocol Stack implementations from 3rd party Stacks Companies and Stacks provided by SemiConductor companies themselves. We have been consulted for performance improvement, Custom Configuration and Maintenance Support for these Stacks from external vendors.
Some of the protocols that we have worked in the past, with a focus on Multicore offload implementations:
GIF, GRE v2, L2TP, PPTP,
TCP Offload, RTCP offload, UDT offload
IPSec, IKE v1/v2, IPv6, SSL, IPSec VPN, SSL-VPN, SRTP,
SIP, 3G Protocols etc.,
NAT, ACL, IDS/IPS, ClamAV, DPI, URL-Filter, Web-Content Filter
Network Security Stacks
Paxym's team has done extensive work in Network Security domain.
Some of the significant development and porting efforts were in the following:
- IDS/IPS. (SNORT)
- Anti-Virus. (CLAMAV, Gateway-AV)
- SSL VPNs.
- IPSec VPNs.
- Deep Packet Inspection. (DPI)
- Traffic Shapers.
- P2P Filters.
These implementations were architected for a variety of Multicore MIPS and x86 CPU architectures. The High Performance Data path of these implementations works in conjunction with Control-Plane (Linux/FreeBSD) on the primary cores of the same CPUs, or on a PCI-Host system. Many of the projects focused on OCTEON-III, OCTEON-TX and Intel x86 Rangely CPUs. These were used in either Desktop, Single-board Appliance form factor, as well as in offload configurations in ATCA blades, AMC cards and PCI slave cards.
Network Content Scanning (RegEX: Searching amidst Network Streams)
Paxym has significant Network Content Scanning expertise for a variety of Network Processors including Intel x86 and MIPS64 Multicore CPUs. Our team has worked on various RegEX algorithms and techniques for content scanning, classification, string-matching, regular expression processing etc. In addition, we also enable HW peripherals like CAM (TCAM/QTCAM), or DFH / HFA for PCRE and RegEX rule matches, We have completed substantial work using DFA graph, HFA, and Intel Hyperscan based pattern matching, usually as Haredware Offload Acceleration Engines, or as Software algorithms on other CPUs.
These HW and SW practices were used to implement, modify, enhance Customer business projects like IoT Gateway, IPS / IDS (SNORT, Suricata), AntiVirus (Clam-AV), Anti-Spam, URL Blocking / Filtering, Data Leak Prevention (DLP), Deep Packet Inspection (DPI), P2P Filtering etc.
The Content Processing work was packaged into convenient libraries that offloaded the heavy processing to on-chip DTE (DFA Thread Engines) or onto available Data-Plane cores.
Paxym uses profiling tools, and a number of Code and CPU techniques to wrest out the best performance that the Multicore CPUs can deliver.