Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
?
EE Times-Asia > Networks
?
?
Networks??

Understanding deep packet inspection (Part 1)

Posted: 19 Jun 2013 ?? ?Print Version ?Bookmark and Share

Keywords:Deep packet inspection? IP? network? DPI? server?

Another potential application is filtering content based on parameters such as in a consumer application, parental controls for adult material. DPI enables a deep understanding of the connections taking place and allows operators to apply policies to these.

Common requirements for use cases
When reviewing the above use cases, it can be noted that there are several requirements that are common across the different use cases. Some may be only partly applicable, while others are always applicable.

Transparency
The system being used to execute DPI applications should not be visible to the traffic passing through. This means, assuming no action is taken, that all traffic and packages passing from left to right will not notice there is an inspection system in between.

That extends also to packets that would normally be used to configure networks, such as routing information protocol (RIP) and border gateway protocol (BGP) packets, even though there is frequently a switching device present inside the inspection system.

Figure 2: Several requirements are common across diverse DPI use cases.

High throughput
The inspection system must have enough bandwidth available so all traffic coming from left or right can be passed through, to avoid the inspection system being a bottleneck in itself, causing network congestion and, most undesirable, becoming visible as a function in the network as a result of that. This requirement has follow-on requirements such as high (enough) processing capability, low latency, high availability and scalability.

High (enough) processing capabilities
Analysing data connections based on single or multiple packets is not an easy function. If additionally, content needs analysis in order to protect applications from injected malicious content, the performance requirements are very high. This, paired with the fact that application profiles typically are held in a large in-memory database, this calls for highest-end computing and high memory capacity in the system.

Splitting up connections (load balancing) across multiple entities as described above, eases this load to a level where real time processing becomes possible. Still massive compute capabilities together with enough memory for the in-memory database of fingerprints is required.

Low latency
Low latency, so a minimal time loss inside the inspection device, is an important requirement. After all, first, the system should not be visible in the flow, and some connections such as VoIP are very susceptible to latency. Second, latencies add up, creating slowness in connections, and causing bad user experiences.

High availability
An inspection device should be operational at any time in order to ensure complete coverage of what needs inspecting. Additionally, these machines are inside a connection, so any unavailability causes unavailability of certain connections, which, in the worst case, can result in loss of revenues.

Users today expect 24x7x365 availability, and, in some countries, even have legal rights to this. In 2010, Finland was the first country to make broadband a legal right for every citizen. And in 2013, Germany's Federal Court of Justice stated that Internet connection is a modern necessity, on par with the right to mobility, such that people can sue their Internet providers for damages if connection is lost.

Scalability
DPI applications are monitoring Internet traffic, which keeps growing with double-digit percentage rates all over the world. As a result, DPI devices must be able to easily adapt to these growing bandwidth requirements, preferably seamlessly.

This needs to be a given for many years to come, so an architecture is needed that allows gradual adjustments in line with the growing requirements.

About the author
Christof Wehner is with the Embedded Computing Division of Emerson Network Power.

To download the PDF version of this article, click here.


?First Page?Previous Page 1???2



Article Comments - Understanding deep packet inspection...
Comments:??
*? You can enter [0] more charecters.
*Verify code:
?
?
Webinars

Seminars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

?
?
Back to Top