Deep Packet Inspection DPI

For mobile devices, as high bandwidth applications such as video consuption increases, telecommunication service providers are under increasing pressure to support high bandwidth traffic. One of infrastructure cost reduction techniques is to use aggregation devices where one equipment can handle data from multiple sources. Large data centers such as Amazon, Google, Facebook etc are concerned about security attacks emanating from IP traffic flowing through their networks. Profiling the data flow enables service providers to take appropriate action based on type of content flowing through their equipment.

Layer7 Content processors build DPI techniques into. DPI enables several applications such as protocol analysis, intrusion detection, intrusion prevension, anti-malware protection, antivirus gateways, application recognition, URL filtering, unified threat management, subscriber charging, application aware QoS/ SLAs, Usage monitoring, subscriber charging, preventing denial of service etc.

One challenge with implementing DPI effectively is to scale the performance to support large number of flows and packets of various lengths. Additionally, the DPI engine needs to match the contents of the packets against large number of rules as well as a range of complex rule sets. A DPI processor will have independent large number of flows (several million flows typically) and traffic, large number of rules (several million) for 64byte to 1500byte packets. DFA and NFA techniques are used for achieving the performance.

DPI techniques are available in several devices, some of these are listed as below:
Cavium NITROX(R) DPI II

Cavium NITROX® DPI II CN18XX – Block Diagram

The NITROX® DPI II CN18XX processor family provides the most advanced hardware acceleration available for inline, NIC and co-processor Layer 7 content processing. It supports completely processor-less mode or can be coupled to OCTEON®, x86, MIPS, PowerPC or other general purpose processors, enabling intelligent, deep packet inspection in next-generation networking and wireless applications from 2 to 40 Gbps performance. The CN18XX processor family integrates Inline interfaces (Up to four XAUI and up to 8 SGMII), up to two PCI Express Gen 2 x4 or x8 I/Os along with the most advanced deep packet inspection engines, Hyper Finite Automata Thread Engine (HTE), to deliver the highest performance, low latency processing of very complex regular expression rules. Innovative 3rd generation Hyper Finite Automata (HFA) Deep Packet Inspection engine technology – includes revolutionary technology that combines both DFA and NFA engines. Rich compiler supports a very wide range of applications including application recognition, protocol analysis, flow statistics, application level firewalls, intrusion prevention (IPS), gateway anti-virus, unified threat management and content-based QoS in routers, switches, appliances and services blades.