The ubiquity of connected devices is putting demands on networks to deliver more data packets ever faster. Your smartphone, tablet vehicle, television, home and even your medical device depend on the network and its ability to operate efficiently, effectively and securely. Network operators need to have better insight on how their networks are operating to ensure they are meeting their customer needs. Network Monitoring with Deep Packet Inspection helps to deliver that insight.
This blog looks at Deep Packet Inspection and how the use of Network Processors (NP) can meet the real time inspection requirements that are present in today’s networks.
Deep Packet Inspection (DPI) is widely used at different packet handling stages ranging from the desktop to core networks. DPI is used to analyze traffic, from Layer 2 up to Layer 7 for many applications, for purposes such as traffic profiling, intrusion detection, intrusion prevention, content aware forwarding and load balancing, data leak prevention, anti-malware, service level agreement enforcement, network monitoring and trouble shooting and many others.
Central to many applications of DPI is pattern matching that compares and matches byte streams in packet flows with a set of pre-defined patterns (signatures). Each application may have its unique way of using the pattern matching result. Apart from conventional pattern matching techniques, DPI also involves classification of traffic which does not have a fixed signature. Central to DPI in all scenarios is to be able to accomplish all this at wire speed without compromising on classification percentage capability.
Network Traffic Increase and NP based DPI
All recent studies are showing exponential growth in internet traffic and the trend is expected to continue in years to come . The growth of internet traffic bandwidth has increased link speeds from 1Gbps to 10Gbps and to 100Gbps, presenting an increasing challenge for DPI to be applied at network at inspection points to incoming traffic at wire speed. This is further aggravated by the need to support DPI over a rapidly evolving set of protocols and services.
The recent progress in network processor design has shown that DPI implementation leveraging network processors can be very effective in performing DPI on incoming traffic to meet the real time response/decision requirement for various applications. As with many other technologies careful consideration needs to be given to design to get the most out of the network processor.
With many applications and services packet inspection from L2 to L7 needs to consider how to divide and map the DPI algorithm to the network processors capabilities such as available memory and number of processor cores. A further example is the inspection of dynamic length packets such as HTTP or protocols that are using non-standard values in various fields (such as non-standard ports), these types of situations can stress available memory or other resources.
Northforge Experience in DPI and Network Processors
Northforge software engineers have integration and porting experience, using network processors from different companies, including EzChip, Cavium and PMC-Sierra, and have developed and enhanced DPI algorithms for various protocols. The Northforge network processor team has in-depth knowledge and experience in various DPI processing stages, e.g., packet re-assembly, pre-classification, traffic classification via patterns and heuristics, load distribution, packet inspection (L2-L7), pattern signature matching, and flow profile policy application. Talk to us about how we can help solve your DPI needs.