Information Technology Reference
In-Depth Information
Fig. 5. DPI firmware architecture
headers. The flow analysis module provides statistics with fine granularity,
and application identification information on each flow. The flow data and the
chosen, “interesting” packets get forwarded from the buffer, through the
output selectors to further processing entities over the 1Gbps Ethernet
channels.
These processing entities are PCs called “Monitor Units” with high
processing and storage capacity. In order to reduce loss of data between the
outsider processing entities and the C-board, the packet information (headers
and predefined parts of the body) get encapsulated in TCP flows and then
forwarded. TCP is needed in order to assure lossless transfer of capture-data
towards the remote units. The Monitor Units carry out complex traffic
identification and traffic matrix analysis, as well as store bit-by-bit packet
header information if configured so.
The basic DPI requires a specific firmware architecture, where the traffic is
flowing from the XFPs towards the classifiers from where it will be de-
multiplexed to 1Gbps speed. The complex DPI algorithms run on the Monitor
Units.
The architecture shows the basic internal architecture for DPI application.
The first and most important “knob” is the flow classifier. Several methods
can be used, for example IP address range based, TCP/UDP port based, etc.,
selecting different portions of the traffic for deep inspection. It is even
possible to configure the flow classifier from software, selecting the hardware
filtering rules easily. Further user-selectable items are the statistic flow
analysis modules. According to the required set of flow information, specific
filters may be inserted in order to get the required information.
Search WWH ::
Custom Search