What is the Asterfusion ET2500 Device?

The Asterfusion ET2500 is an advanced, open gateway meticulously engineered to address the multifaceted networking needs of contemporary enterprises. Imagine a singular, transformative device that, with the installation of the appropriate open-source software, seamlessly integrates the roles of an egress gateway, router, firewall, IDS/IPS, load balancer, and network traffic analyzer (NTA) in to ONE compact device. This “magical box” is the epitome of network convergence and efficiency.

Why We Need it?

In the modern digital landscape, enterprises grapple with burgeoning network traffic driven by cloud computing, big data, video conferencing, live broadcasting, artificial intelligence (AI), and Internet of Things (IoT) technologies. Traditionally, managing this traffic has necessitated a range of dedicated devices, each serving distinct functions:

• Dedicated Routers: Handle network traffic routing, NAT, traffic control, QoS, and more.
• Dedicated Firewalls: Govern traffic ingress and egress using stringent security protocols.
• Dedicated VPN Gateways: Authenticate remote users and secure communications via encryption.
• Dedicated IDS/IPS: Conduct deep network traffic analysis and thwart network attacks.
• Dedicated Load Balancers: Equitably distribute network traffic across multiple servers.
• Dedicated Network Traffic Analyzers (NTA): Provide real-time monitoring and analysis of network traffic.
• Dedicated Network Behavior Analyzers (NBA): Utilize AI and big data for advanced threat detection through behavioral analysis.

These devices, reliant on proprietary hardware and software, render enterprise networks intricate, costly, and challenging to maintain.

The Asterfusion ET2500 is here to change that. By utilizing a cutting-edge compute and switching fusion chip Marvell OCTEON 10 CN102XX and embracing an open architecture that disaggregated hardware from software, the ET2500 empowers enterprises to consolidate all these essential functions into a single, multifunctional smart device.

Asterfusion ET2500: The All-In-One Networking Powerhouse based on Marvell OCTEON 10 CN102

The Asterfusion ET2500 is set to revolutionize enterprise networking. This intelligent, open gateway is designed to amalgamate the functionalities of a router, firewall, VPN, load balancer, and network analyzer into one robust device. By leveraging a sophisticated compute and switching fusion chip within an open architecture framework, it effectively disaggregates software from hardware, simplifying network infrastructures and reducing operational complexities.

ET2500 Device Highlights

Marvell OCTEON 10 CN102XX Chip:

• 8-core ARM 64-bit Neoverse N2 processor
• 60Gbps programmable Ethernet interface
• Embedded encryption and decryption engine
• A computing and switching Fusion Processor

Hardware features:

• Integrated 1Tb switch with 4 x 10GE, 4 x 2.5GE and 8 x 1GE ports
• 16GB pluggable DDR5 SO-DIMM, up to 128G
• True inline crypto engine
• 2 pluggable modules with M.2 form, extending support 5G/LTE, WiFi6E/7, BlueTooth5.3, GNSS, TPM,etc
• 60Gbps intelligent data processing for routing, firewall, IPSec and SSL/TLS
• <60 Watt with FULL configuration and workload (w/o PoE)
• Optional AI hardware accelerator with 26TOPS INT8 inference performance
• Optional PTP module with 20ns accuracy and BC support
• Optional M.2 SSD up to 4TB
• Optional POE++ports with 150W power budget

Advanced Capabilities:

• Optimized DPDK toolkit
• Optional AI hardware accelerator up to 26TOPS for intelligent network traffic analysis and processing from the network layer to the application layer

Software ecosystem:

• Compatible with various Linux distributions including Ubuntu, Debian, OpenWRT, and CentOS
• Supports a wide range of open software ecosystems such as VPP, UFW, OpenVPN, Snort, HAProxy, Nginx, and ntopng
• Allows enterprises to run multiple applications on the same device tailored to their specific needs

Application Scenarios

The Asterfusion ET2500 leverages an open hardware-software disaggregated architecture, marrying a robust suite of open-source software for the control plane with a hardware-optimized data plane. This unique combination addresses a multitude of application scenarios, adaptable to a combined usage. Below are some typical scenarios where the ET2500 excels:

Router: Ubuntu + VPP

• Hardware-optimized vector packet technology and DPDK accelerate data plane forwarding, delivering up to 60Gbps forwarding performance.
• Multi-WAN load balancing across Ethernet and 5G/LTE links.
• Comprehensive QoS policies for precise management of traffic from different users and applications.

Firewall: Ubuntu + iptables + BPFILTER

• Flexible and efficient iptables configuration suitable for a wide range of scenarios.
• GUFW provides a simple and user-friendly GUI.
• BPFILTER leverages eBPF for advanced packet filtering and processing.

VPN Gateway: Ubuntu + OpenVPN/WireGuard

• Hardware-accelerated OpenVPN with encryption/decryption engine supports up to 60Gbps throughput.
• WireGuard benefits from an 8-core CPU for accelerated performance.
• Installation of the latest VPN software on demand to adapt to changing network environments.

IDS/IPS: Ubuntu + Snort

• Leading open-source IDS/IPS with continuously updated rule sets from its active open community.
• Hardware DPDK enhances packet processing performance and reduces latency.
• Hardware regular expression engine significantly boosts IDS/IPS performance.

Load Balancer: Ubuntu + HAProxy + Nginx

• Hardware DPDK improves processing speed and throughput.
• Hardware regular expression engine accelerates load balancing based on URL and content.
• Hardware SSL engine speeds up HTTPS connections.

Network Traffic Analyzer (NTA): Ubuntu + ntopng

• Real-time traffic monitoring, protocol recognition, application analysis, historical data logging, and visual reporting capabilities.
• Intuitive GUI for visualizing and analyzing network traffic and performance metrics.
• Hardware SSL engine accelerates HTTPS traffic analysis.

Rich Open Software Ecosystem

The ET2500’s versatility is made possible by its support for a wide array of open-source operating systems. Designed to accommodate any software compatible with ARM64 + Linux, the ET2500 offers customers a rich and flexible selection tailored to their specific needs. Whether it’s routing, security, or any other network function, the ET2500 has you covered：

Operating System Supported

• Supports Ubuntu, Debian, OpenWRT and other Linux distributions, such as CentOS, OpenSUSE, Arch Linux, AlmaLinux, Rocky Linux, Linux Mint and Elementary OS.
• Install and upgrade the OS using a USB disk with Arm Trusted Firmware and UEFI
• Embedded eBPF (extended Berkeley Packet Filter) in Linux kernel via XDP

Open Source Software Supported

• Optimized DPDK (Data Plane Development Kit) tied to HW Acceleration
• Open-source routers, including VPP (Vector Packet Processing), OpenWRT, DD-WRT, VyOS, etc.
• Open-source firewalls, including iptables, UFW, pfSense, OPNsense, IPFire, nftables, Firewalld, Shorewall, Untangle, etc.
• Open-source VPNs, including OpenVPN, WireGuard, IPSec, L2TP, Shadowsocks, Trojan, VMess, etc.
• Open-source IDS/IPS, including Snort, Suricata, Zeek, etc.
• Open-source load balances, including HAProxy, Nginx, Traefik, etc.
• Open-source Network Traffic Analyzers, including ntopng, Elasticsearch + Kibana + Beats, Argus, Softflowd, etc.
• GCC, GDB, BinUtils, Buildroot and other tool chains
• C/C++/Python/Go/Rust/Java/Lua and other programming languages
• PyTorch/Tensorflow/TF Lite/Keras/ONNX

Additionally, users have the flexibility to install new software or develop their own software using the built-in toolchain as needed to address additional use cases.

Pluggable Modules with M.2 Form Factor: Customization at Your Fingertips

The ET2500 is designed with four flexible, pluggable modules in the M.2 form factor, allowing enterprises to tailor the device to their unique requirements. These modules can support a variety of functionalities including:

• 5G/LTE: Insert a 5G SIM card to enable 5G uplink routing.
• WiFi6E/7: Add a Wi-Fi module to facilitate AP wireless functions.
• Bluetooth 5.3: Enhance connectivity options.
• GNSS: Integrate advanced geolocation services.
• TPM (Trusted Platform Module): Ensure enhanced security.
• SSD: Expand storage capacity.
• AI hardware accelerator : Implement advanced functionalities like face recognition and temperature detection.

This modularity ensures that the ET2500 can evolve alongside your enterprise’s needs.

High-Performance and Power Efficiency: Ideal for Both SMBs and Large Enterprises

The ET2500’s compact design makes it an excellent all-in-one solution for small businesses, providing comprehensive functionalities from routing to traffic analysis and even the capacity to run enterprise applications as a small server. For larger enterprises, multiple ET2500 units can be clustered and distributed to achieve on-demand, elastic cloud-like scheduling through horizontal load-sharing or vertical task specialization.

Remarkably, this high-performance device is also energy-efficient, consuming less than 60 watts even at full configuration and workload. This makes the ET2500 not just a powerful, but also a sustainable choice for enterprises of all sizes.

Simplify Network, Focus on What Matters,Reducing CAPEX&OPEX

The ET2500 significantly simplifies enterprise campus networks, reducing capital expenditures, operational costs, and maintenance efforts. Its open and intelligent design ensures adaptability to future network demands, whether handling increasing traffic or integrating new technologies. By alleviating the burden of complex network management, the ET2500 allows organizations to focus on innovation and core business development. It empowers enterprises to innovate and grow without being bogged down by the complexities of network management.

In summary, the Asterfusion ET2500 is not just a gateway; it is the future of enterprise networking, offering unparalleled integration, efficiency, and ease of maintenance. It is the intelligent choice for modern enterprises seeking to streamline their network operations and stay ahead in an ever-evolving digital world.

Q&A About ARM neoverse N2 based Asterfusion ET2500:

Q: Is this a bare metal gateway? That is, there is no software running on it?

A: Yes.Its appeal is that you can install the open source software you need! but this is not a bare metal gateway in the traditional sense. While it is an open intelligent gateway, it comes preloaded with an underlying operating system. Customers can choose from Ubuntu 24.04, Debian 12, or openWRT. The appeal lies in its flexibility, allowing users to install the open-source software they need. Additionally, development kits like DPDK and VPP are available on our GitHub repository for further customization.

Q: After reading the description, I noticed that this machine has a lot of optional modules. Could you explain more?

A: Absolutely! This machine is designed with four pluggable M.2 form factors, allowing users to customize it according to their specific needs. Here are the available modules:

• 5G/LTE Module: Insert a 5G SIM card to enable 5G uplink routing.
• WiFi6E/7 Module: Add a Wi-Fi module to facilitate AP wireless functions.
• SSD Module: Expand storage capacity up to 4TB.
• AI Acceleration Module: Implement deep learning and AI inference functions.

In addition to these M.2 form factors, we offer optional POE and PTP functions:

• POE Function: Our 8*1G RJ45 supports POE+ and 4*2.5G RJ45 supports POE++. All 10 ports support POE functionality, providing flexibility for power over Ethernet needs.
• PTP Function: An optional PTP module with 20ns accuracy and BC support is available for precise time synchronization.

Customers can mix and match these modules to tailor the gateway to their specific requirements.

Q: I saw an optional AI acceleration module in the product introduction,Could you introduce more about it?

A: Yes, you are correct! One of the standout features of our product is the AI acceleration module. Specifically, we offer the Hailo-8 M.2 AI Acceleration Module. This module significantly enhances the ET2500’s capabilities by enabling efficient and comprehensive deep learning applications. It is particularly adept at handling low-latency and efficient AI inference tasks, making it an excellent choice for advanced AI-driven projects.

For more about Asterfusion Enterprise Network Solution:

Enterprise SONiC Distribution based Layer2/3 Enterprise Switches

For more :contact bd@cloudswit.ch