Once a company has assessed its core capabilities it can either flush its assets away or, can find itself in a situation where it cannot compete on attributes, as it doesn't have the necessary resources. Because of this, networks are formed to utilize the advantageous attributes, and the importance here is dependent upon a mutually beneficial relationship that significantly adds to the value of a firm's market offering. With this, there comes a critical responsibility to thoroughly analyze the respective competitors, as there are both significant opportunities and risks associated with network partnerships.
Another purpose for a business network is to expand ones knowledge base without extending ones hours for learning and accomplishing new tasks. By utilizing the experiences and knowledge of others within your business network you are able to work more efficiently in the areas of your own expertise. For example, having people with computer related skills, phone skills, psychology background, health background, financial background, legal background, and business can help bring information from each area to the table that each person can share and use to the benefit of their own business.
Sharing information and being involved in a group can help your business reach levels you couldn't alone.
There are many online networking services that can benefit most businesses, one popular site is Connect Buzz. Yet, there have been an increase in such networking sites that was kicked off by the very popular Linkedin brand and now very clever business networking sites have come into play that not just take into consideration online business networking, which as noted by critics of business networking sites, does not work very well, and combined it with a complicated algorithm that places members of a business network into offline (in real life) networking meetings. One of the pioneers in such a hybrid business networking model is Business Networking Me.
Finisar :Traffic Generation
Finisar offers protocol test and traffic generation offerings for every phase of development process.
We want to find and address protocol issues as early as possible in our development process. For physical-layer testing, they offer a Bit Error Rate Tester, the Xgig BERT module and software. For layer 2 and layer 3 testing, the protocol test phases, they offer multiple products. For SAS and SATA, Finisar offers the PacketMaker tester. For Fibre Channel and parallel SCSI, Finisar provides the Eagle tester.
As our development needs progress, we need to test and verify protocol compliance. For that Finisar have SANmark Qualification offerings, an adjunct to the Eagle tester, to help us to demonstrate the quality and interoperability of our Fibre Channel products.
Finisar Xgig Jammer product enables controlled and repeatable modification of actual network traffic to allow error injection, so that we can become sure that our products respond correctly to protocol problems.
For load testing, Finisar offer both SAN Commander (for the Eagle platform), letting us to thoroughly test products under maximum point-to-point loads.
And finally, when it's time for demanding high channel-count load testing, SAN Commander operates from multiple ports for coordinated high-port count traffic generation. We will know with confidence how our products perform under the most extreme line-rate conditions.
UNIX Network Security Architecture
UNIX Network Security Architecture
Introduction
The goal is to present my concept of a UNIX network security architecture based on the Internet connectivity model and Firewall approach to implementing security. This defines several layers of a firewall, which depict the layers of vulnerability. This also provides some subjective comments on some of the most widely known tools and methods available to protect UNIX networks today, plus a brief discussion of the threat and the risk.
The list of tools and methods that I present in this were chosen loosely on the basis of the following:
(a) My attempt to find at least one, maybe several examples of a tool or method designed to address a part of the architectural model (some duplication or overlap is accepted);
(b) my preference to discuss tools that are well-known and/or part of the public domain ; and
(c) I hoped to find tools that had a recent paper written by the tools' author, for the reader to use as detailed reference beyond the scope of this document.
Nothing in this paper should be construed as a product endorsement. I apologize in advance to the authors of these tools and methods; since I am only presenting a brief overview, I cannot do justice to a comprehensive description of them.
Risk, Threat, and Vulnerability
This section presents a general overview of the risk and the threat to the security of your network. These are general statements that apply to almost every network. A complete analysis of your network's risk, threat, and vulnerability should be done in order to assess in detail the requirements of your own network.
Risk
The risk is the possibility that an intruder may be successful in attempting to access your local-area network via your wide-area network connectivity. There are many possible effects of such an occurence. In general, the possibility exists for someone to:
READ ACCESS. Read or copy information from
your network.
WRITE ACCESS. Write to or destroy data on
your network (including planting trojan
horses, viruses, and back-doors).
DENIAL OF SERVICE. Deny normal use of your
network resources by consuming all of your
bandwidth, CPU, or memory.
Threat
The threat is anyone with the motivation to attempt to gain unauthorized access to your network or anyone with authorized access to your network. Therefore it is possible that the threat can be anyone. Your vulnerability to the threat depends on several factors such as:
MOTIVATION. How useful access to or
destruction of your network might be to
someone.
TRUST. How well you can trust your authorized
users and/or how well trained are your users
to understand what is acceptable use of the
network and what is not acceptable use,
including the consequences of unacceptable
use.
Vulnerability
Vulnerability essentially is a definition of how well protected your network is from someone outside of your network that attempts to gain access to it; and how well protected your network is from someone within your network intentionally or accidently giving away access or otherwise damaging the network.
Motivation and Trust (see Threat) are two parts of this concern that you will need to assess in your own internal audit of security requirements and policy, later I will describe some references that are available to help you start this process.
UNIX Network Security Architecture
For each of the layers in the UNIX Network Security Architecture (UNIX/NSA) model below, there is a subsection that follows that gives a brief description of that layer and some of the most widely used tools and methods for implementing security controls. I am using the ISO/OSI style of model since most people in the UNIX community are familiar with it. This architecture is specifically based on UNIX Internet connectivity, but it is probably general enough to apply to overall security of any network methodology. One could argue that this model applies to network connectivity in general, with or without the specific focus of UNIX network security.
Layer Name Functional Description
LAYER 7 ;POLICY; POLICY DEFINITION AND DIRECTIVES
LAYER 6 ;PERSONNEL ;PEOPLE WHO USE EQUIPMENT AND DATA
LAYER 5 ;LAN ;COMPUTER EQUIPMENT AND DATA ASSETS
LAYER 4; INTERNAL-DEMARK ;CONCENTRATOR - INTERNAL CONNECT
LAYER 3 ;GATEWAY ;FUNCTIONS FOR OSI 7, 6, 5, 4
LAYER 2 PACKET-FILTER; FUNCTIONS FOR OSI 3, 2, 1
LAYER 1 EXTERNAL-DEMARK ;PUBLIC ACCESS - EXTERNAL CONNECT
The specific aim of this model is to illustrate the relationship between the various high and low level functions that collectively comprise a complete security program for wide-area network connectivity. They are layered in this way to depict
(a) the FIREWALL method of implementing access controls, and
(b) the overall transitive effect of the various layers upon the adjacent layers, lower layers, and the collective model.
The following is a general description of the layers and the nature of the relationship between them. Note that there may be some overlap between the definitions of the various levels, this is most likely between the different layers of the FIREWALL itself (layers 2 and 3).
The highest layer [ 7 - POLICY ] is the umbrella that the entirety of your security program is defined in. It is this function that defines the policies of the organization, including the high level definition of acceptable risk down to the low level directive of what and how to implement equipment and procedures at the lower layers. Without a complete, effective, and implemented policy, your security program cannot be complete.
The next layer [ 6 - PERSONNEL ] defines yet another veil within the bigger umbrella covered by layer 7. The people that install, operate, maintain, use, and can have or do otherwise have access to your network (one way or another) are all part of this layer. This can include people that are not in your organization, that you may not have any administrative control over. Your policy regarding personnel should reflect what your expectations are from your overall security program. Once everything is defined, it is imperitive that personnel are trained and are otherwise informed of your policy, including what is and is not considered acceptable use of the system.
The local-area network layer [ 5 - LAN ] defines the equipment and data assets that your security program is there to protect. It also includes some of the monitor and control procedures used to implement part of your security policy. This is the layer at which your security program starts to become automated electronically, within the LAN assets themselves.
The internal demarkation layer [ 4 - INTERNAL DEMARK ] defines the equipment and the point at which you physically connect the LAN to the FIREWALL that provides the buffer zone between your local- area network (LAN) and your wide-area network (WAN) connectivity. This can take many forms such as a network concentrator that homes both a network interface for the FIREWALL and a network interface for the LAN segment. In this case, the concentrator is the internal demarkation point. The minimum requirement for this layer is that you have a single point of disconnect if the need should arise for you to spontaneosly separate your LAN from your WAN for any reason.
The embedded UNIX gateway layer [ 3 - GATEWAY ] defines the entire platform that homes the network interface coming from your internal demark at layer 4 and the network interface going to your packet filtering router (or other connection equipment) at layer 3. The point of the embedded UNIX gateway is to provide FIREWALL services (as transparent to the user or application as possible) for all WAN services. What this really is must be defined in your policy (refer to layer 1) and illustrates how the upper layers overshadow or are transitive to the layers below. It is intended that the UNIX gateway (or server) at this layer will be dedicated to this role and not otherwise used to provide general network resources (other than the FIREWALL services such as proxy FTP, etc.). It is also used to implement monitor and control functions that provide FIREWALL support for the functions that are defined by the four upper ISO/OSI layers (1-Application, 2-Presentation, 3- Session, 4-Transport). Depending on how this and the device in layer 2 is implemented, some of this might be merely pass-thru to the next level. The configuration of layers 3 and 2 should collectively provide sufficient coverage of all 7 of the functions defined by the ISO/OSI model. This does not mean that your FIREWALL has to be capable of supporting everything possible that fits the OSI model. What this does mean is that your FIREWALL should be capable of supporting all of the functions of the OSI model that you have implemented on your LAN/WAN connectivity.
The packet filtering layer [ 2 - FILTER ] defines the platform that homes the network interface coming from your gateway in layer 3 and the network interface or other device such as synchronous or asynchronous serial communication between your FIREWALL and the WAN connectivity at layer 1. This layer should provide both your physical connectivity to layer 1 and the capability to filter inbound and outbound network datagrams (packets) based upon some sort of criteria (what this criteria needs to be is defined in your policy). This is typically done today by a commercial off-the- shelf intelligent router that has these capabilities, but there are other ways to implement this. Obviously there is OSI link-level activity going on at several layers in this model, not exclusively this layer. But, the point is that functionally, your security policy is implemented at this level to protect the overall link- level access to your LAN (or stated more generally; to separate your LAN from your WAN connectivity).
The external demarkation layer [ LAYER 1 ] defines the point at which you connect to a device, telephone circuit, or other media that you do not have direct control over within your organization. Your policy should address this for many reasons such as the nature and quality of the line or service itself and vulnerability to unauthorized access. At this point (or as part of layer 2) you may even deploy yet another device to perform point to point data link encryption. This is not likely to improve the quality of the line, but certainly can reduce your vulnerability to unauthorized access. You also need to be concerned about the dissemination of things at this level that are often considered miscellaneous, such as phone numbers or circuit IDs.
Introduction
The goal is to present my concept of a UNIX network security architecture based on the Internet connectivity model and Firewall approach to implementing security. This defines several layers of a firewall, which depict the layers of vulnerability. This also provides some subjective comments on some of the most widely known tools and methods available to protect UNIX networks today, plus a brief discussion of the threat and the risk.
The list of tools and methods that I present in this were chosen loosely on the basis of the following:
(a) My attempt to find at least one, maybe several examples of a tool or method designed to address a part of the architectural model (some duplication or overlap is accepted);
(b) my preference to discuss tools that are well-known and/or part of the public domain ; and
(c) I hoped to find tools that had a recent paper written by the tools' author, for the reader to use as detailed reference beyond the scope of this document.
Nothing in this paper should be construed as a product endorsement. I apologize in advance to the authors of these tools and methods; since I am only presenting a brief overview, I cannot do justice to a comprehensive description of them.
Risk, Threat, and Vulnerability
This section presents a general overview of the risk and the threat to the security of your network. These are general statements that apply to almost every network. A complete analysis of your network's risk, threat, and vulnerability should be done in order to assess in detail the requirements of your own network.
Risk
The risk is the possibility that an intruder may be successful in attempting to access your local-area network via your wide-area network connectivity. There are many possible effects of such an occurence. In general, the possibility exists for someone to:
READ ACCESS. Read or copy information from
your network.
WRITE ACCESS. Write to or destroy data on
your network (including planting trojan
horses, viruses, and back-doors).
DENIAL OF SERVICE. Deny normal use of your
network resources by consuming all of your
bandwidth, CPU, or memory.
Threat
The threat is anyone with the motivation to attempt to gain unauthorized access to your network or anyone with authorized access to your network. Therefore it is possible that the threat can be anyone. Your vulnerability to the threat depends on several factors such as:
MOTIVATION. How useful access to or
destruction of your network might be to
someone.
TRUST. How well you can trust your authorized
users and/or how well trained are your users
to understand what is acceptable use of the
network and what is not acceptable use,
including the consequences of unacceptable
use.
Vulnerability
Vulnerability essentially is a definition of how well protected your network is from someone outside of your network that attempts to gain access to it; and how well protected your network is from someone within your network intentionally or accidently giving away access or otherwise damaging the network.
Motivation and Trust (see Threat) are two parts of this concern that you will need to assess in your own internal audit of security requirements and policy, later I will describe some references that are available to help you start this process.
UNIX Network Security Architecture
For each of the layers in the UNIX Network Security Architecture (UNIX/NSA) model below, there is a subsection that follows that gives a brief description of that layer and some of the most widely used tools and methods for implementing security controls. I am using the ISO/OSI style of model since most people in the UNIX community are familiar with it. This architecture is specifically based on UNIX Internet connectivity, but it is probably general enough to apply to overall security of any network methodology. One could argue that this model applies to network connectivity in general, with or without the specific focus of UNIX network security.
Layer Name Functional Description
LAYER 7 ;POLICY; POLICY DEFINITION AND DIRECTIVES
LAYER 6 ;PERSONNEL ;PEOPLE WHO USE EQUIPMENT AND DATA
LAYER 5 ;LAN ;COMPUTER EQUIPMENT AND DATA ASSETS
LAYER 4; INTERNAL-DEMARK ;CONCENTRATOR - INTERNAL CONNECT
LAYER 3 ;GATEWAY ;FUNCTIONS FOR OSI 7, 6, 5, 4
LAYER 2 PACKET-FILTER; FUNCTIONS FOR OSI 3, 2, 1
LAYER 1 EXTERNAL-DEMARK ;PUBLIC ACCESS - EXTERNAL CONNECT
The specific aim of this model is to illustrate the relationship between the various high and low level functions that collectively comprise a complete security program for wide-area network connectivity. They are layered in this way to depict
(a) the FIREWALL method of implementing access controls, and
(b) the overall transitive effect of the various layers upon the adjacent layers, lower layers, and the collective model.
The following is a general description of the layers and the nature of the relationship between them. Note that there may be some overlap between the definitions of the various levels, this is most likely between the different layers of the FIREWALL itself (layers 2 and 3).
The highest layer [ 7 - POLICY ] is the umbrella that the entirety of your security program is defined in. It is this function that defines the policies of the organization, including the high level definition of acceptable risk down to the low level directive of what and how to implement equipment and procedures at the lower layers. Without a complete, effective, and implemented policy, your security program cannot be complete.
The next layer [ 6 - PERSONNEL ] defines yet another veil within the bigger umbrella covered by layer 7. The people that install, operate, maintain, use, and can have or do otherwise have access to your network (one way or another) are all part of this layer. This can include people that are not in your organization, that you may not have any administrative control over. Your policy regarding personnel should reflect what your expectations are from your overall security program. Once everything is defined, it is imperitive that personnel are trained and are otherwise informed of your policy, including what is and is not considered acceptable use of the system.
The local-area network layer [ 5 - LAN ] defines the equipment and data assets that your security program is there to protect. It also includes some of the monitor and control procedures used to implement part of your security policy. This is the layer at which your security program starts to become automated electronically, within the LAN assets themselves.
The internal demarkation layer [ 4 - INTERNAL DEMARK ] defines the equipment and the point at which you physically connect the LAN to the FIREWALL that provides the buffer zone between your local- area network (LAN) and your wide-area network (WAN) connectivity. This can take many forms such as a network concentrator that homes both a network interface for the FIREWALL and a network interface for the LAN segment. In this case, the concentrator is the internal demarkation point. The minimum requirement for this layer is that you have a single point of disconnect if the need should arise for you to spontaneosly separate your LAN from your WAN for any reason.
The embedded UNIX gateway layer [ 3 - GATEWAY ] defines the entire platform that homes the network interface coming from your internal demark at layer 4 and the network interface going to your packet filtering router (or other connection equipment) at layer 3. The point of the embedded UNIX gateway is to provide FIREWALL services (as transparent to the user or application as possible) for all WAN services. What this really is must be defined in your policy (refer to layer 1) and illustrates how the upper layers overshadow or are transitive to the layers below. It is intended that the UNIX gateway (or server) at this layer will be dedicated to this role and not otherwise used to provide general network resources (other than the FIREWALL services such as proxy FTP, etc.). It is also used to implement monitor and control functions that provide FIREWALL support for the functions that are defined by the four upper ISO/OSI layers (1-Application, 2-Presentation, 3- Session, 4-Transport). Depending on how this and the device in layer 2 is implemented, some of this might be merely pass-thru to the next level. The configuration of layers 3 and 2 should collectively provide sufficient coverage of all 7 of the functions defined by the ISO/OSI model. This does not mean that your FIREWALL has to be capable of supporting everything possible that fits the OSI model. What this does mean is that your FIREWALL should be capable of supporting all of the functions of the OSI model that you have implemented on your LAN/WAN connectivity.
The packet filtering layer [ 2 - FILTER ] defines the platform that homes the network interface coming from your gateway in layer 3 and the network interface or other device such as synchronous or asynchronous serial communication between your FIREWALL and the WAN connectivity at layer 1. This layer should provide both your physical connectivity to layer 1 and the capability to filter inbound and outbound network datagrams (packets) based upon some sort of criteria (what this criteria needs to be is defined in your policy). This is typically done today by a commercial off-the- shelf intelligent router that has these capabilities, but there are other ways to implement this. Obviously there is OSI link-level activity going on at several layers in this model, not exclusively this layer. But, the point is that functionally, your security policy is implemented at this level to protect the overall link- level access to your LAN (or stated more generally; to separate your LAN from your WAN connectivity).
The external demarkation layer [ LAYER 1 ] defines the point at which you connect to a device, telephone circuit, or other media that you do not have direct control over within your organization. Your policy should address this for many reasons such as the nature and quality of the line or service itself and vulnerability to unauthorized access. At this point (or as part of layer 2) you may even deploy yet another device to perform point to point data link encryption. This is not likely to improve the quality of the line, but certainly can reduce your vulnerability to unauthorized access. You also need to be concerned about the dissemination of things at this level that are often considered miscellaneous, such as phone numbers or circuit IDs.
DirectX an interface b/w PC hardware and Windows
At the most basic level, DirectX is an interface between the hardware in your PC and Windows itself, part of the Windows API or Application Programming Interface. When a game developer wants to play a sound file, it’s simply a case of using the correct library function. When the game runs, this calls the DirectX API, which in turn plays the sound file. The developer doesn’t need to know what type of sound card he’s dealing with, what it’s capable of, or how to talk to it. Microsoft has provided DirectX, and the sound card manufacturer has provided a DirectX-capable driver. He asks for the sound to be played, and it is – whichever machine it runs on.
From my point of view as gamer, DirectX also makes things incredibly easy – at least in theory. We install a new sound card in place of your old one, and it comes with a DirectX driver. Next time we play your favourite game we can still hear sounds and music, and we haven’t had to make any complex configuration changes.
Originally, DirectX began life as a simple toolkit:
early hardware was limited and only the most basic graphical functions were required. As hardware and software has evolved in complexity, so has DirectX. It’s now much more than a graphical toolkit, and the term has come to encompass a massive selection of routines which deal with all sorts of hardware communication. For example, the DirectInput routines can deal with all sorts of input devices, from simple two-button mice to complex flight joysticks. Other parts include DirectSound for audio devices and DirectPlay provides a toolkit for online or multiplayer gaming such as networking.
From my point of view as gamer, DirectX also makes things incredibly easy – at least in theory. We install a new sound card in place of your old one, and it comes with a DirectX driver. Next time we play your favourite game we can still hear sounds and music, and we haven’t had to make any complex configuration changes.
Originally, DirectX began life as a simple toolkit:
early hardware was limited and only the most basic graphical functions were required. As hardware and software has evolved in complexity, so has DirectX. It’s now much more than a graphical toolkit, and the term has come to encompass a massive selection of routines which deal with all sorts of hardware communication. For example, the DirectInput routines can deal with all sorts of input devices, from simple two-button mice to complex flight joysticks. Other parts include DirectSound for audio devices and DirectPlay provides a toolkit for online or multiplayer gaming such as networking.
HBR Technologies (HBR)
Communication is critical and keeping information and systems accessible can be overwhelming and difficult to manage. Faced with ever increasing risks and increased operational costs, organizations often deploy patch solutions with limited scalability that lead to complex, disparate systems that do not interface efficiently.
By leveraging expertise, solutions, and experience, HBR Technologies (HBR) employ advanced technologies to simplify infrastructure and make information more available and manageable. HBR can design and implement solutions today that will scale to meet future business goals. HBR incorporates best practices and an exceptional technical support team create solutions that make a positive impact on your operations.
HBR Technologies specializes in security, networking, and mobility. Thier experienced Network Engineers create, optimize, or support Wide Area Network, Local Area Network, Virtual Private Network, Wireless Network, Remote Access, and Internet Access. They work hand in hand with cabling specialists, telecom carriers, and manufacturers to provide the most complete network services possible.
By leveraging expertise, solutions, and experience, HBR Technologies (HBR) employ advanced technologies to simplify infrastructure and make information more available and manageable. HBR can design and implement solutions today that will scale to meet future business goals. HBR incorporates best practices and an exceptional technical support team create solutions that make a positive impact on your operations.
HBR Technologies specializes in security, networking, and mobility. Thier experienced Network Engineers create, optimize, or support Wide Area Network, Local Area Network, Virtual Private Network, Wireless Network, Remote Access, and Internet Access. They work hand in hand with cabling specialists, telecom carriers, and manufacturers to provide the most complete network services possible.
Multi-core networking
6Wind has ported its Linux-based multi-core networking stack to a new PowerPC-based networking system-on-chip (SoC) from Freescale Semiconductor. The 6WindGate stack now supports Freescale's upcoming QorIQ P40
80, having been ported to the platform using Virtutech's Simics simulation environment, the company says.
The 6WindGate stack is aimed at telecommunications, security, and networking equipment manufacturers, says the company. It includes routing, security, QoS (quality-of-service), mobility, and IPv4-6 support, along with an XML-based management system for integration with UTM (unified threat management) software. Other features include standard-compliant IPsec cryptography hardware, and "fast-path" modules said to support the OpenBSD Cryptographic Framework (OCF).
The 6WindGate stack comes in a symmetrical multiprocessing version called ADS, as well as a fast-path enabled SDS version that is said to offer a fast data path by dedicating some cores specifically to data plane processing via its real-time MCEE (Multi-Core Executive Environment) operating system. In this configuration, it assigns other cores to control plane tasks running Linux.
6Wind also offers an EDS version that manages to accomplish fast-path performance without MCEE. Instead, it implements fast path as a Linux kernel module sitting between the Linux networking stack and the interface drivers (see diagram above).
QorIQ on the horizon
Announced in June, QorIQ is a pin- and software-compatible successor to Freescale's Linux-compatible PowerQUICC line of network processors. Based on one to eight e500 cores clocked from 400MHz to 1.5GHz, QorIQ is fabricated with 45nm process technology, leading to greater claimed power efficiency.
QorIQ P4 block diagram
The QorIQ P4080 is not expected to sample until mid 2009. However, Freescale collaborated with Virtutech in order to provide virtualized "Simics" simluation models for the chips. Using technology similar to processor virtualization, the Simics models mimic the QorIQ chips at the instruction-set level, enabling both hardware and software developers to get started in advance of hardware availability, the companies say.
6Wind provides its IP stack running on the Virtutech Simics Hybrid Virtual simulation platform, it says. Other companies touting early support for QorIQ, based on ports to Simics, include carrier-grade Linux distributors MontaVista and Wind River.
The Linux-compatible QorIQ SoCs range from the single-core P1010, clocked at 400MHz and consuming only four Watts, to the eight-core P4 clocked at 1.5Ghz and requiring 30 Watts, says Freescale. QorIQ uses the same e500 Power Architecture core used by PowerQUICC. Each e500 is said to offer 36-bit physical addressing, double-precision floating-point support, a 32KB L1 instruction cache, and a 32KB L1 data cache. Other touted features include one private backside cache per core, tri-level cache hierarchy, datapath acceleration architecture (DPAA), and a CoreNet coherency fabric on-chip, high-speed, interconnect between e500 cores, says the company.
Stated Eric Carmes, CEO of 6Wind, "Adding Freescale Semiconductor to our large list of technology partners essentially defines 6WIND as a reference solution for L2/L3 embedded networking software specifically designed for multicore."
The 6WindGate stack has been validated on x86, IXP4xx, IXP2xxx, and multi-core MIPS64 processors from Cavium and Raza, 6Wind Says. Additionally, last week, the company announced a reference design aimed at 4G wireless base stations and smart media gateway equipment. The design combines 6WindGate with VirtualLogix's VLX-NI (network infrastructure) virtualization technology, running on Texas Instruments's C6000 multi-core digital signal processors (DSPs).