The latest generation of Network packet brokers (NPBs) are playing a key role in simplifying network management and the move to virtual infrastructures. They have strengthened their capabilities and strategic value by adding intelligence that ensures a network tool only receives the data it needs to perform its function. This significantly reduces the amount of processing the tool has to do, improving system efficiency and performance. Some NPBs have also developed security-specific capabilities to optimize the effectiveness of security tools through pre-filtering capabilities. The ability to operate out-of-band enables security tools to perform tasks at line rate with no impact on the performance of applications.
To remain competitive and meet next-generation network requirements, vendors must therefore adopt a new approach in the development of their NPBs and integrate functions able to manage the increasing complexity of network traffic, virtual infrastructure requirements and the end-to-end network environment.
Adding Application Awareness for More Intelligent Data Processing
One way to meet these new challenges is to integrate a more granular level of flow analysis that includes application awareness and enables more intelligent data processing for precise traffic classification. It also allows vendors to expand NPB functions to include security, performance management and analytics capabilities. This detailed flow analysis coupled with application-awareness is provided by a Deep Packet Inspection (DPI)-based classification engine, coupled with rule engines to deliver flexible traffic filtering.
The Role of DPI
Deep Packet Inspection (DPI) technology identifies data traveling over networks in real time, providing a highly detailed picture of traffic up to layer 7 through the identification of protocols and types of application, and the extraction of additional information in the form of metadata.
By leveraging information from a DPI-based classification engine, NPB vendors can improve the functionality of their solutions to offer sophisticated filtering and other advanced features such as de-duplication to optimize the quantity and timing of data sent to any external tool. Obviously, this information can also be used to expand the range of NPB functions to include security, performance management and analytics capabilities. NPB vendors adopting this approach can gain a competitive advantage against other NPB solutions and also capture part of the value being delivered today by point-solution tools.
Overcoming the Challenges of Encryption and Network Virtualization
Some DPI-based classification engines also solve issues related specifically to encryption and virtualization, classifying, for example, traffic encrypted with SSL/TLS, P2P traffic and Skype traffic, and identifying entire sessions, from end-to-end, that use virtualized, physical and hybrid infrastructure.
Raising Functionality Through Extension Modules
NPB vendors can bring additional value to their solutions by combining the classification engine with extension modules such as a rule engine. This adds traffic filtering logic for more intelligent, more accurate and more efficient classification and routing that improves the effectiveness of downstream applications.
Advanced Deep Packet Inspection (DPI) technology, integrated into NPBs in the form of a classification engine, can therefore be a highly effective way to add value and next generation functionality to solutions. It increases the efficiency of the NPB and allows the addition of advanced features such as real-time session filtering and traffic de-duplication. These mechanisms optimize the quantity and timing of data sent to external tools and can also be used to expand the range of NPB functions to include security, performance management and analytics capabilities.
To find out more, download the white paper “Improving NPBs with DPI-based Traffic Classification”
Example of an Advanced DPI-based Classification Engine
A good example of an advanced, high-performance DPI-based classification engine is Enea’s Qosmos ixEngine. It provides the broadest range of protocol and application recognition in the telecom, enterprise and security markets with the ability to identify nearly all protocols and applications behind IP flows, on mobile and wireline networks, in any geography. It carries out full application decoding including classification, metadata extraction, content extraction and reconstruction of communications (e.g. Instant Messaging) as well as intelligent classification and routing. It can perform full protocol behavior analysis, for example full http decoding to handle http proxying. It supports complex networking behavior such as GTP encapsulation, VXLAN and tunnels (GRE, L2TP, etc.).
Additional modules have been developed for Qosmos ixEngine to enable greater granularity in traffic filtering through additional processing of classification results. These include a rule engine for execution of customer-defined rules at run-time (e.g. correlations, aggregations, etc.) and a module for custom signatures that enable vendors to complement Qosmos Signatures with user-defined signatures for proprietary protocols or extensions.
Article first published in The Fast Mode
About the Author
Erik Larsson is Senior Vice President of Marketing at Enea, where he drives product marketing, demand generation, branding and communication. Erik’s views on high-tech trends are regularly featured in articles, blog posts, webcasts, video interviews, and industry events.