Green Hills Software's GateD family of products is a processor-neutral, comprehensive data-plane and control-plane solution. The scalability of the code, complete functionality, and expansive set of APIs make GateD ideal for inclusion in carrier-grade core, edge, and aggregation devices.
A complete platform for
developing secure networking products
For over 20 years, developers needing comprehensive software solutions for advanced routing—for everything from server redundancy to scalable, core IP routers—have relied on GateD, the gold standard in routing technology. During that time, hundreds of products have been built and deployed based on GateD technology.
GateD networking protocols comprise the most widely used, processor and platform-neutral routing suite in the world. With over two decades of deployment on the Internet, GateD is the most stable, fully-functional suite of routing protocols available in the world today.
Green Hills Software, the leader in secure and reliable software, has taken this proven routing and switching offering and combined it with the industry’s most secure operating system—INTEGRITY—as well as advanced TCP/IPv4/v6 host and routing stack—GHNet—to deliver the most comprehensive end-to-end software suite for building absolutely secure networking products.
Together, INTEGRITY combined with GateD represents a substantial evolutionary step forward in networking technology by enabling device security at the core. For the first time, equipment manufacturers and network device developers have at their disposal a secure, scalable foundation that supports the functionality required for building secure, highly available, carrier-grade network equipment, including core and edge IP routers and aggregation devices.
This integrated, scalable solution provides:
- INTEGRITY secure operating system
- GHNet IPv4/v6 host and router stack
- GateD Layer 3 routing
- secure network management services
- complete data plane integrated with the latest terabit switch hardware fabrics ports
- INTEGRITY Multivisor secure virtualization architecture
- optional software-only data forwarding plane
Security at the Core
Deploying GateD with the secure separation kernel architecture of the INTEGRITY enables the highest levels of security for network devices. INTEGRITY was designed from the beginning with security in mind, and supports the requirements and security policies of Multiple Independent Levels of Security (MILS), which is the architecture for composing secure computing systems from high-assurance components.
INTEGRITY provides protected execution of native applications, guest OS applications and system services; guaranteed resource allocation; information flow control between partitions, stack, router, network management and application isolation, along with containment of errors and attacks. All are essential components for hardening any networked device against both casual and targeted, well funded attacks.
A complete, scalable control-plane solution
for developing next-generation edge and carrier devices
Gate Layer 3 Routing was the first suite of routing protocols with broad IPv6 support. With GateD, networking device developers can pick and choose from individual protocols or license a variety of packages targeted at specific applications, all integrated, validated and tested with the INTEGRITY secure operating system and the GHNet IPv4/v6 host/router stack.
With this approach, customers can seamlessly add or reconfigure GateD routing protocols based on changing system requirements with the highest level of confidence in the shortest timeframe and at the lowest cost.
The modular design of GateD allows common functionality, data structures, and APIs to be shared across protocols. From an equipment manufacturer's perspective, this provides two immediate advantages:
- Additions and modifications to existing APIs at points of integration have limited effect on the stability of existing protocols. This means that even major new features can be deployed without anxiety over changes to long-established, de facto standard code, such as Green Hills' OSPF and BGP implementations.
- New protocols inherit a high degree of stability and robustness for the long deployment of standard functions, such as memory allocation, scheduling, and routing policy.
A common management API across all GateD products
The GateD Advanced Management Interface (AMI) comes standard with a license of GateD and consists of two distinct components:
- an API that provides direct access to all configurable options across all portions of the code, allowing highly scalable, incremental configurations
- an Agent designed for easy integration with any messaging system available on the control plane OS
AMI's simple, consistent API dramatically improves speed of integration with any user interface, providing substantial savings in time to market. When used in conjunction with the AMI Agent, the management plane can be off-loaded to a separate processor, or even an entirely different card, removing management overhead from the control plane and improving efficiency. When combined with Green Hills CLI module, dozens of engineering years can be saved.
One of the most time-consuming challenges facing equipment manufacturers today is the integration of management across their various subsystems. Green Hills has two ways to help you solve this problem. Green Hills GateD CLI module lets you start working with the code as soon as you receive it. And the CLI can easily be extended to manage the rest of the system. AMI provides a simple, consistent interface for integration with the management plane.
Additionally, the AMI Agent allows communication with a remote management plane. The AMI Agent is easily ported to a variety of messaging systems. It provides a common point for integration with your existing CLIs, Web UI, or out-of-band management tools. For network management, an SNMP suite with MIBs for Layer 2 and Layer 3 is available. The SNMP suite contains a SNMP manager, an SNMP Master-Agent, and sub-agent interfaces to MIBs. The SNMP agent is part of the common management functionality shared by routing and switching protocols. Once the SNMP service is configured, no further work is needed when additional protocols are added.
When it comes to logging, debugging, and error reporting, the Advanced Management Interface allows in-depth debugging information to be routed to the CLI or log files, giving the developers direct access to the run-time state. The developer can query information on the state of the routing tables, interfaces, or individual protocols. Additionally, the protocols share common tracing and logging functions that keep track of events with a configurable level of verbosity. The output of this information can be sent to just about any destination, whether it is to a file in memory or on disk, to a syslog mechanism, or to the console or some other output device as a stream.
Command Line Interface (CLI)
pre-integrated, pre-developed configuration and management functionality
The GateD CLI module, which comes standard with a license of GateD, allows network equipment manufacturers to develop and deploy new network devices and network equipment at unprecedented speeds by removing the largest obstacle to deploying carrier-class control plane software—the development and integration of a complete management solution.
For years now, GateD has saved network equipment manufacturers millions of dollars in development costs and tremendously reduced time-to-market for new products with state-of-the-art control plane software. With the GateD CLI module, Green Hills takes these savings to the next level. The GateD CLI provides unprecedented functionality and ease of integration and solves the most difficult technical challenges in control-plane user interface design.
guest operating systems while increasing system availability
Network equipment manufacturers face growing challenges to deliver more application services to the user but do it in a way that does not impact security or system availability. They are also challenged with ways to enable their customers to incorporate their own value-added applications separate from the core device routing and switching services without compromising the integrity of such services.
Now with INTEGRITY Multivisor secure virtualization technology, customers can run guest operating systems and their associated guest applications in secure, separate partitioned virtual machines where such execution is contained in a manner that compromise or failures of the guest OS or its application will not affect any other part of the system.
This unique approach is independent of the end device's target processor type or number of cores—from single core Power Architecture to multi core Intel IA—and provides maximum architecture design flexibility while increasing system availability.
You no longer need to deliver separate platforms to perform a mix of routing and application services. With Green Hills secure virtualization, next generation network designs can consolidate these functions on one platform while assuring independent execution, separation and containment of each function.
Comprehensive service offering enable rapid
Expanding on its unique position in the industry by delivering comprehensive software solutions for secure networking, Green Hills offers a full range of professional services covering complete networking system design, integration, debug, optimization, customization, test and validation, training, and enhanced product support.
These services take into account all aspects of the complete solution Green Hills offers—covering the INTEGRITY operating system, GHNet networking stack, and GateD routing and switching. By taking advantage of these services, customers can deliver higher quality products in a shorter time to market and at a lower cost to develop and deploy.
Professional services are delivered by highly experienced networking professionals and include the following:
Design Consulting Service
Green Hills offers consulting services for customers on network architecture, networking security, software design and hardware design-- helping customers optimize designs and reduce initial architecture challenges while mitigate schedule risk.
Product Enhancement Service
Green Hills can fast track networking protocol enhancements or modifications to help customers keep their product release schedules on track while delivering the required next generation protocol support.
Product Integration Service
Green Hills offers a wide range of product integration services from support for a unique switch vendors networking reference platform to complete software integration on customers end platform and can range from basic Layer 2 switching or Layer 3 routing to complete single switch OEM solution integration.
Testing, Validation, and Verification Services
Green Hills offers complete conformance, performance, interoperability, and optimization on the customers end hardware platform by utilizing our internal suite of test suites in conjunction with ANVL and Spirent test platforms. These services allow the customer to expedite the availability of a fully qualified networking solution configured and tested to your required specifications and running only the set of protocols required on your end target hardware.
Green Hills offers enhanced support services that can be customized to meet support levels or responsiveness beyond Green Hills standard maintenance and support terms. Examples of this type of support would be priority development in a customer code branch, priority bug fixes, custom product releases, dedicated point of contact and on-site support.
Green Hills has a comprehensive training offering for its GateD routing and switching products built of the foundational aspects of the secure INTEGRITY operating system and the GHNet routing stack. We work with the customer to tailor the content of the training to make sure that the specific needs of such training will be covered in the training material delivery.