Vector packet processing (VPP) has introduced significant enhancements to packet processing, specifically across workloads hosted on the cloud. R&S®vPACE, the latest DPI engine by ipoque, is optimized for VPP. Building on the success of its scalar packet processing engine R&S®PACE 2, R&S®vPACE offers identification and classification of network traffic for demanding environments with a significantly enhanced clocks-per-packet ratio, enabling linear scalability and the fastest real-time processing capability in the market. Combined, R&S®vPACE and R&S®PACE 2 form a DPI suite that can be used in VPP and traditional host OS processing respectively, enabling virtualized and cloud-native architectures to be powered by deep network intelligence regardless of their underlying packet processing technology.
Eliminating false positives
Speed, however, is not the only parameter that determines the performance and efficiency of a DPI engine. Accuracy, i.e. the precision by which a DPI engine identifies protocols, applications or service types, is fundamental to a number of key network functionalities and applications. Both R&S®PACE 2 and R&S®vPACE boast a classification accuracy of 100% with virtually no false positives, and a time to resolution that goes down to nanoseconds. This accuracy is augmented by a comprehensive signature library that is updated weekly, reflecting the latest protocols and applications. The classification of protocols enables network administrators to understand the type of data that is being transmitted across their network. Examples include standard protocols such as HTTP, FTP and SMTP and proprietary protocols such as Skype’s Skype protocol, the Venturi Transport Protocol and WhatsApp’s chat. Applications, on the other hand, range from enterprise proprietary applications hosted on premises to Cloud and SaaS applications hosted and managed on third-party platforms. Examples are Salesforce, Dropbox, Microsoft 365, YouTube, Facebook and Whatsapp. Accurate identification of application packets would reveal not only the application but also the service types that are being communicated, which can include text, video or audio messages.
Where precision really matters
High classification accuracy is also critical in fingerprinting malicious traffic. Accurate classification of the Domain Name Server (DNS) protocol helps in identifying DNS amplification, DNS hijacking or DNS tunneling attacks. Reliable classification enables security solutions such as next-generation firewalls, unified threat management systems and IPS/IDS solutions to zoom into attack pathways and sources swiftly and arrest fresh attacks. While it is not the most critical objective, accurate traffic classification paves the way for better network management and a better customer experience. Application and protocol classification, when available in real time, allows for the creation of content and SLA-based tiered plans and enables application-aware routing and forwarding on fixed and mobile networks. This optimizes the use of expensive routes and computing-intensive network functions such as load balancers and network address translators (NAT). Lastly, accurate classification, when combined with traffic attributes such as speeds, bandwidth and latencies, leads to a more truthful representation of network events, which can be used to optimize the existing network architecture.
More precision, higher DPI efficiency
Accuracy of classification also drives the efficiency of DPI as a monitoring tool, as it eliminates the need for multiple network detection and response solutions, which can introduce more latency into the network. Combined with a low memory footprint of 400 bytes per flow, the classification accuracy of the ipoque DPI engines helps network managers deploy a truly cost-optimized, highly efficient solution for application awareness and network visibility. High classification accuracy is particularly important in DPI implementations that involve sampling where only a portion of the traffic is sent to a DPI node. For complete traffic analytics covering information such as the bandwidth used, latency, jitter and round-trip time, network operators can rely on inherent accuracy rates provided by DPI and couple the classification information rendered by DPI with wider traffic analytics readily available from other network components, such as software-defined networking (SDN)-controller which receives full traffic information from its switches. This enables accurate traffic profiling and analysis across all flows, despite the use of sampling.
Automation begins with accuracy
As networks move towards automation, AI-based techniques such as machine learning (ML) and deep learning (DL) are employed by new architectures such as SDN to invoke and control network functions autonomously. This automation, however, hinges on both real-time traffic inputs as well as past data on protocols, applications and service types. The more accurate past classification data is, the more meaningful the algorithms and features defined in the AI systems will be. This leads to improved network responses and a higher predictive capability across networks. Likewise, the use of ML and DL and other AI techniques such as high-dimensional data analysis for classifying encrypted traffic can only turn up accurate results if non-encrypted data feeds used in its analysis have been classified accurately.
The effectiveness of traffic filtering hinges largely on its packet classification accuracy. False positives can lead to unnecessary consumption of network resources while false negatives leave applications and threats unaddressed. First packet classification, for example, requires accurate classification from the first packet so that appropriate security and traffic policies can be applied in time. Accuracy is therefore one of the defining qualities of any traffic classification engine. The ability of R&S®PACE 2 and R&S®vPACE to deliver virtually no false positives is clearly a testament to its standing as a leading DPI engine.
Stay informed - Subscribe to our newsletter