iPolicy: IP Services on Speed
The company says the product, the ipEnforcer 5000, can perform such tasks at gigabit speeds, which initially may be enough to set it apart in the marketplace.
It also announced that it has already deployed the system in TMEX USA Inc., a wholesale carrier that provides voice, video, and date services between the U.S. and Mexico, and VPN Dynamics, a provider of managed security solutions.
The company, headquartered in California with offices in India, was officially formed in February 2000 when two software companies merged: the U.S.-based TunnelNet Inc. and India-based Duet Technologies.
The company has a total of $22.5 million in assets and venture capital funding. Although the exact amount of venture funding iPolicy has received is still under wraps, the company has disclosed the names of its three biggest backers: Morgan Stanley Venture Partners, Greylock Partners, and Technology Crossover Ventures. It is currently raising its second round of funding, which is expected close in the next two months.
iPolicy’s product offering may sound familiar. IP service switches from companies like CoSine Communications Inc. (Nasdaq: COSN) and Nortel Networks Corp. (NYSE/Toronto: NT) (via its Shasta acquisition) also offer security services like VPN and firewall, so that service providers can sell those services to customers without deploying customer premises equipment. And like CoSine, iPolicy has built its own hardware and then teamed with third-party vendors like Elron Software, Network Associates (Nasdaq:NETA), and Symantec (Nasdaq:SYMC) for the actual services.
But iPolicy claims it will set itself apart with speed and scale. The product can support up to 500,000 concurrent sessions and multilayer inspection, says Mark Houseman, vice president of marketing for iPolicy. The ipEnforcer Unified Service Manager, the software sold to manage the device, can scale to support up to 1,000 geographically dispersed ipEnforcers and will keep track of policies for up to 100,000 customers, he contends.
Housman also says the product can apply security and QOS policies at gigabit line rates. CoSine says it will be able to forward packets at line rate with its latest hardware iteration, but that product won’t be available for testing until later this year (see CoSine Takes Another Tack). The ipEnforcer is already in test sites and will be generally available within the next two months.
Cooper Lee, executive director of TMEX USA, has been testing the ipEnforcer for the last couple of months and says the product’s architecture is superior to others on the market.
“I’ve seen a bunch of this gear,” he says. “And iPolicy is the only one that actually has the architecture that can support these services at full wire rate. They have the real deal and the product is ready now.”
He says that other IP service switches can get close to wire rate, but because they queue traffic, they can’t achieve full line rate. "To do gigabit-level forwarding, you need a lot of memory just to buffer the traffic. iPolicy doesn’t have to queue or buffer traffic, so they don’t put packets in and out of memory.”
iPolicy has also bucked a general industry trend to include routing code in its product. For example, CoSine supports routing protocols like BGP-4 and OSPF. And edge routing vendors like Unisphere Networks Inc. (Nasdaq: UNSP) and Cisco Systems Inc. (Nasdaq: CSCO) are including similar security and QOS functionality into their products (see Cisco Puts Service Creation on Edge).
- Marguerite Reardon, Senior Editor, Light Reading