1 / 13

Evolution & Requirements for DPI in Network Security Infrastructure

Evolution & Requirements for DPI in Network Security Infrastructure. Bob Wiest Director of Technical Services Bivio Networks. Packet Header Layers. Packet Payload / Application Layers. L2. L3. L4. L5 – L7. Ethernet. Internet Protocol (IP). Transport Layer (TCP/UDP).

noe
Download Presentation

Evolution & Requirements for DPI in Network Security Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evolution & Requirements for DPIin Network Security Infrastructure Bob Wiest Director of Technical Services Bivio Networks

  2. Packet Header Layers Packet Payload / Application Layers L2 L3 L4 L5 – L7 Ethernet InternetProtocol(IP) TransportLayer(TCP/UDP) Email (SMTP, POP3, IMAP) Web (HTTP/S) File Transfer (FTP, Gopher) Instant Messaging (IM) Peer-to-Peer (P2P) Applications Directory Services Deep PacketInspection What is Deep Packet Inspection (DPI)? Deep Packet Inspection (DPI) is a form of filtering that examines (inspects) both the payload and the header of a packet as it passes an inspection point.

  3. Key Network Transformation 21st Century The 70s/80s The 90s Network is mission critical to business success & survivability Explosion of the Internet Broader expansion within and beyond the enterprise and to customers and business partners USAGE Specific/Limited use within the fixed enterprise • POLICY • Software-defined “Smart Pipes” • Enterprise: Security, traffic management, VoIP, acceleration • Federal: Security, Information Awareness, Information Assurance • Carriers: Enhanced services CONNECTIVITY “Dumb Pipes” PERFORMANCE “Fast Pipes” INFRASTRUCTURE We Have Evolved to a “Policy-Centric Network”

  4. A Changing Environment IT Network: Applications:

  5. New Class of Network Applications Dynamic & Adaptive Operations Dynamic Load Balancers Adaptive L4 Traffic Management • IDS/IPS • Anti-spam • Anti-virus • DDoS protection • Content/XML Load Balancers • VoIP security, monitoring, analysis • WAN/Application optimization Dynamic Routers Load Balancers Routers ACLs, QoS Fixed Operations 1st gen. L7 Load Balancers Firewalls Switches Packet Header Packet Data

  6. The Problem Restated • Software now a key component of next generation networks • Fast hardware-defined connectivity layer conflicts with increasingly complex software-defined policy layer • Addressing collision of computing and networking is essential to future network infrastructure Policy-Centric Infrastructure Products High Speed LAN/WANs Routers/Switches Software Low Speed LAN/WANs Bridges Software Hardware Hardware Software Hardware Increased complexity, time to market, costs and risks of policy-centric product delivery are now directly impacting the ability of companies to deliver and deploy effective networking products!

  7. L7 L6 L5 L4 Huge Product / Market Opportunity • DPI is foundation for generation networking infrastructure • Market spans multiple multi-billion dollar markets • Bivio actively selling into several of them • Security • Carrier DPI • Federal • Enterprise vertical markets • Security, Traffic Management DPI Devices L3 Routers L2 Switches L1

  8. A New Solution is Needed • New threats drive new requirements • Flexibility and Adaptability: signatures, policies, algorithms, and configurations • Performance: no longer optional • Enforcement requires inline operation • Scalability of solution inherent to networking • Low latency essential • Rapid Time-To-Implement: keep pace with constantly changing and evolving threats, protocols & services • Deliver scalable performance with standard architecture • Application Integration: Easily integrate L7 applications

  9. A New Approach: The Network Appliance Platform • Bring benefits of general purpose computing to high speed networking without sacrificing performance • Utilize a “systems approach”: provide a complete software and hardware appliance environment • Linux OS environment leverages wealth of popular L7 open source applications • Operational commonality

  10. Anatomy of a Network Appliance • Optimized for flexibility • Non-deterministic performance • Highly variable • Complex operations • Compute/Memory-intensive • “Slow path” Control Plane Application Processing Data Plane • Optimized for throughput, latency • Deterministic performance • Well-defined operations • I/O intensive • “Fast path” Packet Processing

  11. Application Processing Subsystem Hardware Acceleration Application Processor High Performance Fabric Programmable Packet Processor Network IF Network IF Network Processing Subsystem Logical Packet Flow & Architecture • Application Processing Subsystem • High-performance Linux processors • Provides fully parallelized & redundant execution environment • Fabric Interconnect • High speed communication highway • Accommodates sustained full wire-speed data rates • Network Processing Subsystem • High performance packet processor • Provides comprehensive load balancing & traffic management • APIs and custom data path applications

  12. Summary • Emerging network applications, with security as primary driver, are making software a core component of next generation networking • This collision of computing and networking requires re-examination of network infrastructure • A systems based approach, fusing Linux, general purpose computing and high-speed networking offers promise to propel networking into new era • Purpose-built architecture enables true wire-rate packet inspection & processing

  13. Bivio Networks Company Snapshot

More Related