Deep Packet Inspection
10/12/2017
Introduction
Deep packet inspection or DPI is now a fast growing application area, both in terms of technology and market size. Performance has increased and costs have been reduced, increasing the potential applications for DPI platforms.
Markets and Markets estimated in their 2016 report that the DPI market would grow from USD 7.01 Billion in 2016 to USD 18.60 Billion by 2021, at a CAGR of 21.6%. They cite the evolution of new ways of cyber-attacks, need for modern network performance management and optimization solutions, and advancements in communication technology to be some of the major driving factors.
The ability to open data streams, inspect their contents and make decisions based on what is found is at the core of DPI. This power to “inspect” is extremely attractive to many Advantech customers when they consider the variety of decision-based applications that can be layered onto the DPI on extremely powerful high-end network appliances.
The Challenge
Traditionally, DPI was the realm of hardware-based accelerated packet processing and made broad use of custom or proprietary network adapters based on FPGAs or proprietary silicon in the form of Network Processors, known as NPUs, sourced from several foundries. The use of specialized hardware for accelerating packet inspection on a broad range of high speed network traffic types, made DPI solutions expensive, tied to just few vendors, making open system development a challenge.
The Solution
Now, with high-end processing capacities in Intel architecture processors, coupled with the open source Data Plane Developers Kit (DPDK) and Hyperscan technology libraries that deliver high-performance multiple regex matching, DPI functionality is being embedded directly into the network on a larger scale. Using Intel® Xeon® processors, traffic can be analyzed in real-time as pattern matching algorithms allow specific packet payloads to be recognized. Once a packet is identified, choices can be made based on the application intent. The applications where DPI can make a positive impact are broad ranging. Here are a few examples:
- Security – Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
- Network Performance Management – dynamically reconfigures the network depending on load factors, thereby improving quality of user experience.
- Data Loss/Leak Prevention and Management
- Lawful Intercept – With VoIP traffic, DPI is needed to isolate specific call flows.
- Multi-Level Service Provision – Once different styles of content can be identified, a carrier can choose to send different packet streams over different quality and/or speed networks. This has the potential even to be user–or tariff–based.
- DRM – The entertainment industry has become very interested in DPI as a way to prevent the illegal sharing of copyrighted materials.
- Content regulation – The use of DPI in order to identify illegal or “undesirable” content continues to stimulate much debate.
Figure 1. Overview of Bump in the wire DPI services
Performance is undoubtedly one crucial element of any DPI solution but so is cost, as proprietary solutions are very expensive. Advantech’s FWA-6520 High-Performance Intel® Xeon® based Network Appliance addresses both aspects and can deliver wire-speed packet processing, at a significantly better price/performance ratio than a proprietary solution.
Figure 2. Advantech FWA-6520
Performance is undoubtedly the key element of DPI solutions and the FWA-6520 delivers on all scores. With 80 PCIe Express lanes, the FWA-6520 can support up to 8 Network Mezzanine Cards (NMC) for modular, configurable networking I/O and acceleration. All NMC slots provide enough bandwidth to support a wide range of GbE, 10GbE, 40GbE and 100GbE LAN modules. Based on the Intel® Xeon® architecture and DPDK, platform-tuned acceleration software increases packet processing throughput by up to 10x over a standard Linux port, enabling faster packet movement and processing in DPI more economically than on proprietary hardware solutions.
Key Features & Benefits
- Dual Intel® Xeon® Processors E5-2600 v3 / v4 up to 145W TDP
- DDR4
1866/2133/2400 MHz ECC RDIMM, up to 512GB
- Up to 8 x NMC (Network Mezzanine card) slots for a wide range of GbE, 10GbE, 40GbE and 100GbE NMCs (double size NMC support)
- Advanced LAN bypass feature
- IPMI 2.0 compliant hardware monitoring and platform management
- 2 x external PCIe x16 Full-height/Half-length support (depending on model)
Scalability: The Advantech FWA-6520 is available in up to 22 cores Intel® Xeon Processor to offer the good performance level which matches to the workload for DPI deployment in volume. Socket type CPU, customers can select the suitable CPU SKU based on their precise cost or performance need.
Memory Capacity: The 16 memory slots design in the FWA-6520 is an essential feature for in-memory data and deep packet processing across multiple network ports.
Expandability, Flexibility and Simple integration: 8 x NMC (Network Mezzanine Card) slots provide maximum Ethernet flexibility to support small to large enterprise networking requirements. Front loading modules also provide enhanced serviceability for easy system upgrade and downgrade.
Easy configuration: Advantech provides a quick start image (QSI) to assist customers in getting start with FWA-6520 without wasting time building the operating system or adding drivers.
Remote Management: Advantech’s FWA-6520 networking appliance brings a best performance with flexible solution, rich hardware features and powerful IPMI features.
Global logistics & Operational Excellence: Advantech’s worldwide service availabilities assist customers’ global maintenance and service support