GRISM GRISM GRISM
GRISM

Pervasive Inspection

Security Function Offloading

Perimeter Defense

Key Functions
Netflow
Netflow
Extract the network metadata from packet streams.
Service Bypass
Service Bypass
Make the low-risk traffic skip security inspection.
Deduplication
Deduplication
Remove L3-above duplicated packets.
Load Balance
Load Balance
In-line or OOB session-based traffic load balance with HA configuration.
Aggregate
Aggregate
Collect traffic from several sources or interfaces.
Filter
Filter
L2 to L7 session-based or packet-based filtering.
Massive Blockin
Massive Blocking
Detect and block sessions by a massive list of IPs/Domains.
X-tunnel
X-tunnel
Tunnel for traffic span to support cross-site or VM2VM monitoring.

Features

Architecture diagram

Hardware Spec

Any-to-Any Delivery

Each interface can be INPUT or OUTPUT

1-to-many, many-to-1, many-to-many

To any selected interface after filtering

Advanced Distribution

Filter Processor - Composed of a set of rules with AND / OR operation - Session-based filtering and packet-based filtering - L2-L4 header filtering rule: MAC address, Ethertype, VLAN ID, IP range, TCP/UDP port…

DPI-enabled Filter Processor - L4-L7 Pattern-based filtering - Pattern format: HEX, ASCII strings and Regular Expression

Tunnel-awareness filter - Apply all filtering rules on in-tunnel packets where GRE / VxLAN / QinQ / MPLS - Tunnel ID (ERSPAN/X-tunnel) filtering

Processor Chain - User-defined graphs of Filter Processors

Out-of-band Load balance

Same Dst IP / Src IP / Dst Port / Src Port sticky to same egress ports

Same 5-tuple hash sticky to same egress ports

Delivery HA: Re-distribute to link-up egress ports

Balance port groups: Max 8 egress ports

Packet Engineering

Tag removal: MPLS / VLAN / QinQ…

Unpacking Tunnel
(Tag removal and re-encapsulation):
GRE / GTP / ERSPAN / NvGRE / VxLAN

User-defined VLAN tagging for input packets or output packets

Packet Deduplication

Monitoring Network Virtualization

GRISM to GRISM tunnel

Encapsulation: GRE, VxLAN, ERSPAN, X-tunnel

Network Traffic Intelligence Extraction

Generate Netflow V5 / V9

Generate HTTP log

Generate DNS log

Sensitive Data Protection

Packet slicing - Preserve N bytes - Remove TCP / UDP payload

Data mask - Replace sensitive data segment in TCP / UDP payload - Data segment can be defined in regular expression

In-Line Aggregation and Re-Distribution

N network links X M monitoring links (N X M)

In-line session-based load balance with HA strategy

Intelligent content-based bypass - IP address List - User-defined pattern in regular expression

PCAP File Prcoessing

Stream snapshot in PCAP format

Filter PCAP files with timestamp persistance

Remote recording agent over L2-L4 switch

Telecom Correlation Processing

Mobile 3G / LTE data netwok - Filter GTP-C / GTP-U by IMSI/IMEI - Subscriber-based load balance

Fixed ISP network - Filter user-plane packets by RADIUS ID - subscriber-based load balance

Virtual Machine Traffic

VM traffic redirection by GRISM-V (as a VM instance)

Supporting environment - KVM - VMware ESXi / vSphere

System Control and Operation

Web GUI agent for authenticated users

Advanced Control - XML script over HTTP

Management protocol: Telnet, HTTP, SNMP V2

Front-line Security

Massive Blocking - IP / Domain / URL - Max 2,000,000 entries

3rd party threat intelligence import

Grism architecture
GRISM-G8
GRISM-G8
GRISM-T16
GRISM-T16
GRISM-T2G8
GRISM-T2G8
GRISM G8
GRISM T2G8
GRISM T16
GRISM T32
Network Interface
1G RJ45*8
10G SFP+*2 1G RJ45*8
10G / 1G SFP+*16
10G / 1G SFP+*32
Management Interface
1G RJ45*8
10G SFP+*2 1G RJ45*8
1G SFP*1
1G SFP*1
Data Processing
1.Ethernet 2.PCAP file
1.Ethernet 2.PCAP file
Ethernet
Ethernet
Storage
SATA2*1
SATA2*2
2GB (virtual disk)
2GB (virtual disk)
Forwarding or Replication
8Gbps
28Gbps
160Gbps
320Gbps
NetFlow Processing
3Gbps
10Gbps
30Gbps
60Gbps
Mechanical
Appliance
Appliance
Appliance
ATCA 3U two blade
Power
AC 110V-220V input
AC 110V-220V input
1.Dual DC -48V input
2.Dual AC 110V-220V input (with external PDU)
Dual AC
110-220V input