1 / 18

CSIT 560 Project Presentation

CSIT 560 Project Presentation. Packet Classifiers. Group 7 Members: Tommy Chen Anthony Cheung Libo Lui. Hong Kong University of Science and Technology MSc (IT ) 2008 Fall Semester - Track 1o. Agenda. What are Packet Classifiers? Packet Classifier Requirements

donar
Download Presentation

CSIT 560 Project Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSIT 560 Project Presentation Packet Classifiers Group 7 Members: Tommy Chen Anthony Cheung LiboLui Hong Kong University of Science and TechnologyMSc(IT) 2008Fall Semester - Track 1o

  2. Agenda • What are Packet Classifiers? • Packet Classifier Requirements • Packet Classifiers in the Research Space • Packet Classifiers in the Commercial Space • Conclusion

  3. What is Packet Classification? • Purpose: classify or group packets into flows or set of flows • Why? To provide services: • Priority - classify flows into CBR (constant), VBR( variable) , ABR (Available), UBR(unspecified) for priority purpose in an ATM router (slide 22, ATM.ppt) • differentiate services (route VoIP packets to high priority queue) • security (drop packets from certain subnet) • policy routing (load balancing at "edge" routers by routing packets to different servers) • statistics (measure traffic between subnet pairs)

  4. What is Packet Classification by looking at multiple fields and comparing against a set of rules- i.e. compare several fields in the IP Packet header versus entries in a "rule" table- takes place in routers, firewalls, packet filters, intrusion detections

  5. What is Packet Classification Depending on which field or fields classification is done, it can range from being very simple to complex:1. Single field in Packet Header E.g. IP routing2. Multi field in Packet Header E.g. service differentiation3. Content in Packet Body (classify must go through several layers to reach packet at application layer and perform regular expression matching)E.g. situational , scanning URL and cokie in an HTTP Header

  6. What is Packet Classification What is in the "rule" table- Common fields to look at Source address (5 bits), Destination address (5 bits), Protocol (TCP, UDP, etc..) , Destination Port,- Wild cards (*) and ranges for port are used in above- One or more actions for a particular rule (send to particular queue, drop packet, make a copy)- size of table vary from containing thousand rules (firewalls) to ten thousand (in core routers)- Ordering of these rules is significant as it represents the priority -

  7. Packet Classifier Requirement • - It can be implemented in hardware and software with hardware being more efficient than software,- speed: performance of classifying packets (particularly worst-case scenario), most important because it means QoS- scalability as database size increase- performance of rule-lookup/update on the "rules" tables- storage requirement for rules- power consumption and heat that can increase operating cost

  8. Packet classifiers in the Commercial Space

  9. Deep Packet Inspection • Visibility and Control • Identifies individual streams of traffic on a per-user and per-application basis • Examines headers, data protocol structures, and actual payload of messages as it passes inspection points • Marks / tags, redirects, blocks, limits rates, and reports classified packets

  10. how is Deep packet Inspection used • Mobile operators • Provide a personalized service offerings • Eliminate bandwidth bottlenecks • Internet Service Providers • Aid in the enforcement of certain global policies • Customized subscriber experience through content-filtering and additional security services • Video admission control Source: Cisco

  11. Why Deep Packet Inspection? • Better Service • Improved access control • Acceptable-usage monitoring • Quality of Service • Security • Cuts in Operating Cost and Capital Expenditures • New Service Opportunities • Additional tiers of services such as application-based, specific content-charging, and premium service support

  12. Companies currently Offering DPI technologies

  13. Overall, DPI and the visibility that it brings enable a more intelligent network – one that is responsive to fault conditions, attacks, network congestion, and other events, and that provides granular information to benefit both subscribers and service providers. have much better visibility into how subscribers are using broadband, and thus helps to determine what kind of new services should be offered in the future. On the operations side, better visibility into the network translates into improved troubleshooting of performance issues; greater awareness of, and responsiveness to, security issues; and improved monitoring generally. Network engineering can use the improved visibility and granularity of control to obtain increased understanding of traffic trends and capacity requirements. This should allow better planning and network optimization for application use, backed up by QOS parameter monitoring.

  14. Cisco Flexible Packet Matching • Introduces the concept of protocol header definition files (PHDFs) • Specify custom patterns to match on • Enables filtering, at a bit level, deep within the packet • Traffic entering the network can be immediately drop and/or log for auditing purposes • Can be used combination with other Cisco packet inspection technologies

  15. How Flexible Packet Matching Works? • Specify classification criteria based on any protocol and any field of the traffic's protocol stack • Inspect packets for characteristics of an attack • Takes appropriate actions (log, drop, or ICMP unreachable)

  16. Conclusions

  17. Thank You !

  18. Questions ?

More Related