SlideShare a Scribd company logo

ISS World Prague 2010 - DPI at 40G and 100G: Moving Beyond Appliances

C
Continuous Computing

Featured Speaker:Mike Coward, co-Founder and CTO, Continuous Computing When: Thursday, June 3, 2010 Time: 12:00- 12:30 p.m. Track: Deep Packet Inspection Topic: DPI at 40G and 100G: Moving Beyond Appliances

Technology
1 of 28
40G and 100G DPI Platforms Moving Beyond Appliances Mike Coward CTO & co-founder - Continuous Computing www.ccpu.com Confidential and Proprietary
Agenda  Company Overview  DPI Market Trends – High Scale Requirements  DPI System Architecture Options  Bladed DPI Development Options  100G System Design Example www.ccpu.com Confidential and Proprietary 2
Quick Corporate Facts  Founded Feb ’98  Private, VC-financed  >300 employees globally  Headquarters in San Diego  Engineering in Bangalore, Shenzhen  Acquired Trillium® from Intel (Feb ’03) 95,000 ft2 facilities ISO 9001 certified RoHS compliant  Sell to equipment mfrs, not operators CMMI Level 3 www.ccpu.com Confidential and Proprietary 3
Integrated Systems & Services Protocols & HA Middleware Integrated DPI Platforms AdvancedTCA & Professional CompactPCI Hardware Services www.ccpu.com Confidential and Proprietary 4
2 Categories of DPI Applications Optimize / Protect OpEx Drive Revenue  IDS/IPS/Firewall  Tiered subscriber  Security gateway (UTM) bandwidth / applications  Subscriber traffic shaping  Managed Security Svcs  Peer-to-Peer blocking  Market intelligence  Peer-to-Peer caching / gathering redirection  Mobile ad insertion  Lawful intercept  Server virtualization Carrier demand for new revenue drives investment into large scale DPI Lawful Intercept gets higher capacity systems with minimal investment www.ccpu.com Confidential and Proprietary 5
Movement towards 40G and 100G: Core and Edge  Core  Cisco CRS-3: >1000 ports of 100G Ethernet  Juniper T1600  Access Equipment: DSLAM, G-EPON, 10G-EPON, CMTS  Adding 10G interfaces, and starting to add 40G and 100G interfaces  CMTS: channel bonding yields 200 Mb/s  Google fiber broadband at 1Gb/s  Recent informal survey: 19 of 21 operators planning to skip 40G and move directly to 100G interfaces www.ccpu.com Confidential and Proprietary 6
Appliances  Appliances: Good enough for multi-gigabit, even to 10G  Typically carefully tuned x86 with customized accelerated packet capture cards  Biggest Problem: Application creep  Applications and inspection criteria tend to expand over time: can’t guarantee line rate performance with new feature additions  Other issues: Redundancy, Scalability www.ccpu.com Confidential and Proprietary 7
40G Appliances? 100G Appliances?  Don’t bet against Moore’s Law  But not a silver bullet – still have to wait  2013: 40G Appliance  2016: 100G Appliance www.ccpu.com Confidential and Proprietary 8
The Solution Today: Bladed Systems  Bladed systems used in Telecom central office deployments for 20 years  Provide scalability, reliability, upgradeability  Proven technology in DPI / LI  80 Gbps traffic shaping system deployed since 2007  10 Gbps network security platform deployed since 2008  40 Gbps network security platform deployed since 2009  10 Gbps LI inspection system deployed since 2008 www.ccpu.com Confidential and Proprietary 9
40/100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing 100G Bladed DPI: 3 Tier Architectures Filtered Filtered Filtered Filtered Flow Identification Flow Processing PacketIdentification Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 10
3 Tier Architecture: Switching Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Switching layer load balances incoming traffic across payload cards  Apply thousands of rules at full line rate for pre-filtering, classification, packet steering www.ccpu.com Confidential and Proprietary 11
3 Tier Architecture: Packet Processing Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Packet Processing card capable of 5-tuple classification, DPI packet inspection for keywords, flow extraction  Capable of classifying packets into millions of flows, and applying individual rules to each flow: drop, mirror, forward www.ccpu.com Confidential and Proprietary 12
3 Tier Architecture: Compute Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Compute tier capable of complex data extraction, flow correlation, protocol decode, data storage  Leverages Intel silicon roadmap for cost effective processing capability and huge development ecosystem www.ccpu.com Confidential and Proprietary 13
40/100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing 100G Bladed DPI: 3 Tier Architectures Filtered Filtered Filtered Filtered Flow Identification Flow Processing PacketIdentification Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 14
Bladed DPI Components  4 components needed for Bladed DPI  x86 Compute Blades  Nothing better for complex flow analysis  Packet Processing Blades  Required for line rate encryption/decryption, IP header manipulation, flow duplication, DPI  Ethernet Switch Fabric  Must support load balancing, complex filtering  Chassis  Multiple sizes needed to support range of capacities www.ccpu.com Confidential and Proprietary 15
Introduction to AdvancedTCA™ (ATCA)  Open blade specification created for telecom market  Designed for Central Office Requirements  Reliability – High Available, Easily Serviceable  Capacity – Large boards – high power processors  Bandwidth – Up to 40Gbps/slot – 500Gbps/chassis  200+ PICMG members, dozens of blade vendors  Globally $100M+ of ATCA-focused R&D  Every permutation of CPU (x86, AMD, PowerPC), Packet Processor (RMI, Cavium, IXP), Ethernet switch fabric (Broadcom, Fulcrum), and I/O (1G/10G Ethernet, ATM, SS7, serial)  Blades are designed to interoperate – no vendor lock in  Good economies of scale: ATCA is $1B market www.ccpu.com Confidential and Proprietary 16
Typical High-End Next Generation ATCA DPI  FM80 ATCA 40G Fabric Switch  40G Switching to every slot in the backplane  16k TCAM-based rules for pattern matching & ingress processing  Integrated Load Balancing  XE80 Dual 6-core x86 CPU  Dual Westmere 6-Core CPU Up to 64GB DDR3 memory  Dual 10GE Fabric high performance accelerated NIC (TOE, RDMA, iSCSI)  PP80/CV80 – Dual 40G Packet Processors  Flexible Ethernet-based architecture  32GB memory for millions of flow entries www.ccpu.com Confidential and Proprietary 17
ATCA Comparison with Bladed Systems  Bladed Systems optimized for Enterprise compute applications  Lots of x86 processors, fairly simple Ethernet switching  ATCA optimized for Telco applications – same reqmts as DPI  Broad array of silicon architectures: x86, PowerPC, Packet Processors, Network Processors, FPGAs, DSPs  High Capacity Flexible I/O  Support for 10G, 40G, 100G Uplinks  Advanced Switch Features  Switch Load Balancing  Switch-based packet pre-filtering and routing  Globally, >$100M R&D focused on ATCA platforms www.ccpu.com Confidential and Proprietary 18
Packet Processors vs x86 Blades – Which is better?  Lots of debate in the market: Should DPI be done with packet processors or x86?  x86 vendors say:  Intel roadmap moves faster than anyone else, commodity: very good pricing  Packet Processors vendors say:  Integrated NICs and architecture allows very high packet rates  Integrated encryption/decryption allows line rate security processing  Our answer: Use Both!  x86 blades are best for complex flow analysis, deep correlation, database and reporting  Packet Processors: Packet reception, reassembly, regular expression scanning, application identification  Our experience is that the highest performance systems on the market include both www.ccpu.com Confidential and Proprietary 19
System Design Example  Requirements  Capable of monitoring 100G Tapped Interface  Want to monitor up to 1,000 users, with up to 1,000 flows per subscriber: 1M flows total  Want aggregate application decode rate of 10 Gbps www.ccpu.com Confidential and Proprietary 20
100G 100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced System Design Example Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing Filtered Filtered Filtered Filtered  100G Tapped interface means 200G into system  Need 200G of load balancing capability on switch Flow Identification Flow Processing PacketIdentification Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 21
40/100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced System Design Example Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing  Add 1 card as a spare for N+1 redundancy Filtered Filtered Filtered Filtered Flow Identification  Each Flow Identification card can handle 40G traffic Flow Processing PacketIdentification  200G ingress traffic means 5 packet processing cards Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 22
System Design Example Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Each Flow Analysis/Decode card can handle 2-5G traffic  Aggregate decode rate of 10G means 5 cards  Add 1 card as a spare for N+1 redundancy  Local Storage: 1TB per card, or use external storage www.ccpu.com Confidential and Proprietary 23
Flow Identification www.ccpu.com Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing  Fits into 1/3rd Telco Rack Load Balancing Switching Load Balancing Switching Flow Analysis Compute Flow Analysis Compute Flow Analysis Compute System Architecture: 100G Inspection Flow Analysis Compute Flow Analysis  100G Inspection platform: 200G ingress capacity Compute Flow Analysis Compute Confidential and Proprietary 24
Ways to deploy DPI on ATCA 1. Adopt 100% off-the-shelf ATCA hardware, and focus on DPI application Theory: More Differentiation More R&D Investment 2. Adopt ATCA system and develop custom Better Time to Market mezzanine or module to implement hardware “secret sauce” 3. Use ATCA switch, x86 cards, but develop full ATCA blade with specific DPI implementation 4. Use ATCA spec but develop all blades www.ccpu.com Confidential and Proprietary 25
CCPU Packet Inspection Platform Capabilities  Packet Inspection at 200+ Gbps per shelf  Mix of dedicated packet processing cards and x86 compute offers ideal blend of quick time-to- deployment and high capacity  Dedicated security engines allow real-time packet decryption at line rate  Supports tapped, inline bump-in-wire or terminated modes www.ccpu.com Confidential and Proprietary 26
Summary  ATCA emerging as the preferred architecture for next generation DPI deployments at 40G and 100G  Cost effective, scalable, future-proof www.ccpu.com Confidential and Proprietary 27
Thank You Mike Coward www.ccpu.com mike.coward@ccpu.com www.ccpu.com Confidential and Proprietary

Recommended

Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson Collaboration
Ericsson Labs
 
EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...
EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...
EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...
Videoguy
 
Computer network lesson plan
Computer network lesson planComputer network lesson plan
Computer network lesson plan
sangusajjan
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
Albedo.Net.Audit.Ps
Albedo.Net.Audit.PsAlbedo.Net.Audit.Ps
Albedo.Net.Audit.Ps
PepeCaballero
 
QoS Cheatsheet by packetlife.net
QoS Cheatsheet by packetlife.netQoS Cheatsheet by packetlife.net
QoS Cheatsheet by packetlife.net
Febrian ‎
 
Enabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudEnabling Content Workflows in the Cloud
Enabling Content Workflows in the Cloud
Amazon Web Services
 
Diameter Overview
Diameter OverviewDiameter Overview
Diameter Overview
John Loughney
 

Recommended

Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson Collaboration
Ericsson Labs
 
EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...
EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...
EXPERIENCES WITH HIGH DEFINITION INTERACTIVE VIDEO ...
Videoguy
 
Computer network lesson plan
Computer network lesson planComputer network lesson plan
Computer network lesson plan
sangusajjan
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
Albedo.Net.Audit.Ps
Albedo.Net.Audit.PsAlbedo.Net.Audit.Ps
Albedo.Net.Audit.Ps
PepeCaballero
 
QoS Cheatsheet by packetlife.net
QoS Cheatsheet by packetlife.netQoS Cheatsheet by packetlife.net
QoS Cheatsheet by packetlife.net
Febrian ‎
 
Enabling Content Workflows in the Cloud
Enabling Content Workflows in the CloudEnabling Content Workflows in the Cloud
Enabling Content Workflows in the Cloud
Amazon Web Services
 
Diameter Overview
Diameter OverviewDiameter Overview
Diameter Overview
John Loughney
 
Spectra dtp4700h march2012_final
Spectra dtp4700h march2012_finalSpectra dtp4700h march2012_final
Spectra dtp4700h march2012_final
ADLINK Technology IoT
 
Is is
Is isIs is
Is is
Mohamed Gamel
 
757 08-switcharchp2
757 08-switcharchp2757 08-switcharchp2
757 08-switcharchp2
songoku218
 
PA Develops an LTE PHY for Catapult
PA Develops an LTE PHY for CatapultPA Develops an LTE PHY for Catapult
PA Develops an LTE PHY for Catapult
grahambell
 
Matrix setu ata vs linksys spa3102
Matrix setu ata vs linksys spa3102Matrix setu ata vs linksys spa3102
Matrix setu ata vs linksys spa3102
Gateway Business Solutions
 
SG Security Switch Brochure
SG Security Switch BrochureSG Security Switch Brochure
SG Security Switch Brochure
Shotaro Kaida
 
Osi 7 layer
Osi 7 layerOsi 7 layer
Osi 7 layer
Manode Boonpeng
 
Service Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley SeminarService Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley Seminar
Xelerated
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...
Andreas Ruppen
 
Lecture04 H
Lecture04 HLecture04 H
Lecture04 H
itsvineeth209
 
Diameter and Diameter Roaming
Diameter and Diameter RoamingDiameter and Diameter Roaming
Diameter and Diameter Roaming
John Loughney
 
HIPAA compliance statement
HIPAA compliance statementHIPAA compliance statement
HIPAA compliance statement
qliqSoft
 
DIANA: Scenarios for QoS based integration of IP and ATM
DIANA: Scenarios for QoS based integration of IP and ATMDIANA: Scenarios for QoS based integration of IP and ATM
DIANA: Scenarios for QoS based integration of IP and ATM
John Loughney
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurement
jeromy fu
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
IMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATION
IMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATIONIMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATION
IMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATION
radziwil
 
A Funny Solution - over the top
A Funny Solution - over the topA Funny Solution - over the top
A Funny Solution - over the top
Xiaolin Lu
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
Michael Graves
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE Monitoring
Yoss Cohen
 
OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09
Catherine Nuel
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & Beyond
Radisys Corporation
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
scarisbrick
 

More Related Content

What's hot

757 08-switcharchp2
757 08-switcharchp2757 08-switcharchp2
757 08-switcharchp2
songoku218
 
HIPAA compliance statement
HIPAA compliance statementHIPAA compliance statement
HIPAA compliance statement
qliqSoft
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 

What's hot (17)

Spectra dtp4700h march2012_final
Spectra dtp4700h march2012_finalSpectra dtp4700h march2012_final
Spectra dtp4700h march2012_final
 
Is is
Is isIs is
Is is
 
757 08-switcharchp2
757 08-switcharchp2757 08-switcharchp2
757 08-switcharchp2
 
PA Develops an LTE PHY for Catapult
PA Develops an LTE PHY for CatapultPA Develops an LTE PHY for Catapult
PA Develops an LTE PHY for Catapult
 
Matrix setu ata vs linksys spa3102
Matrix setu ata vs linksys spa3102Matrix setu ata vs linksys spa3102
Matrix setu ata vs linksys spa3102
 
SG Security Switch Brochure
SG Security Switch BrochureSG Security Switch Brochure
SG Security Switch Brochure
 
Osi 7 layer
Osi 7 layerOsi 7 layer
Osi 7 layer
 
Service Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley SeminarService Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley Seminar
 
A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...A RESTful architecture for integrating decomposable delayed services within t...
A RESTful architecture for integrating decomposable delayed services within t...
 
Lecture04 H
Lecture04 HLecture04 H
Lecture04 H
 
Diameter and Diameter Roaming
Diameter and Diameter RoamingDiameter and Diameter Roaming
Diameter and Diameter Roaming
 
HIPAA compliance statement
HIPAA compliance statementHIPAA compliance statement
HIPAA compliance statement
 
DIANA: Scenarios for QoS based integration of IP and ATM
DIANA: Scenarios for QoS based integration of IP and ATMDIANA: Scenarios for QoS based integration of IP and ATM
DIANA: Scenarios for QoS based integration of IP and ATM
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurement
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
IMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATION
IMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATIONIMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATION
IMPROVING TRANSMISSION EFFICIENCY IN OPTICAL COMMUNICATION
 
A Funny Solution - over the top
A Funny Solution - over the topA Funny Solution - over the top
A Funny Solution - over the top
 

Similar to ISS World Prague 2010 - DPI at 40G and 100G: Moving Beyond Appliances

OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09
Catherine Nuel
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
scarisbrick
 
Brokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessBrokerage 2007 presentation wireless
Brokerage 2007 presentation wireless
imec.archive
 
Workload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platformWorkload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platform
Paul Stevens
 
Tr@Ins7 Heterogeneous Access Daan Pareit
Tr@Ins7 Heterogeneous Access Daan PareitTr@Ins7 Heterogeneous Access Daan Pareit
Tr@Ins7 Heterogeneous Access Daan Pareit
imec.archive
 
Java Abs Packet Sniffer Tool
Java Abs Packet Sniffer ToolJava Abs Packet Sniffer Tool
Java Abs Packet Sniffer Tool
ncct
 
Openstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with QuantumOpenstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with Quantum
Jean-Christophe "JC" Martin
 
Supply chain presentation 11 2006
Supply chain presentation 11 2006Supply chain presentation 11 2006
Supply chain presentation 11 2006
Girard Brewer
 
Isis Papyrus Document Capture Solutions
Isis Papyrus Document Capture SolutionsIsis Papyrus Document Capture Solutions
Isis Papyrus Document Capture Solutions
Friso de Jong
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
OpenCity Community
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013
Kappa Data
 

Similar to ISS World Prague 2010 - DPI at 40G and 100G: Moving Beyond Appliances (20)

Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE Monitoring
 
OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09OW2 Petals Dragon SOA Linuxtag09
OW2 Petals Dragon SOA Linuxtag09
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & Beyond
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
Brokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessBrokerage 2007 presentation wireless
Brokerage 2007 presentation wireless
 
Workload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platformWorkload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platform
 
Tr@Ins7 Heterogeneous Access Daan Pareit
Tr@Ins7 Heterogeneous Access Daan PareitTr@Ins7 Heterogeneous Access Daan Pareit
Tr@Ins7 Heterogeneous Access Daan Pareit
 
Java Abs Packet Sniffer Tool
Java Abs Packet Sniffer ToolJava Abs Packet Sniffer Tool
Java Abs Packet Sniffer Tool
 
Value Networks and Business Models of Information-centric Networking
Value Networks and Business Models of Information-centric NetworkingValue Networks and Business Models of Information-centric Networking
Value Networks and Business Models of Information-centric Networking
 
NFV SDN for carriers
NFV SDN for carriersNFV SDN for carriers
NFV SDN for carriers
 
Openstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with QuantumOpenstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with Quantum
 
Supply chain presentation 11 2006
Supply chain presentation 11 2006Supply chain presentation 11 2006
Supply chain presentation 11 2006
 
Isis Papyrus Document Capture Solutions
Isis Papyrus Document Capture SolutionsIsis Papyrus Document Capture Solutions
Isis Papyrus Document Capture Solutions
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
 
Openstack@ebay.pptx
Openstack@ebay.pptxOpenstack@ebay.pptx
Openstack@ebay.pptx
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Centros de contacto: las demandas y requerimientos del mercado
Centros de contacto: las demandas y requerimientos del mercadoCentros de contacto: las demandas y requerimientos del mercado
Centros de contacto: las demandas y requerimientos del mercado
 
Stratum Global RFID
Stratum Global RFIDStratum Global RFID
Stratum Global RFID
 

More from Continuous Computing

Embedding LTE into Netbooks & Consumer Electronics
Embedding LTE into Netbooks & Consumer ElectronicsEmbedding LTE into Netbooks & Consumer Electronics
Embedding LTE into Netbooks & Consumer Electronics
Continuous Computing
 

More from Continuous Computing (20)

Intelligent Mobile Broadband
Intelligent Mobile BroadbandIntelligent Mobile Broadband
Intelligent Mobile Broadband
 
The Best That LTE Can Be
The Best That LTE Can BeThe Best That LTE Can Be
The Best That LTE Can Be
 
Traffic Management, DPI, Internet Offload Gateway
Traffic Management, DPI, Internet Offload GatewayTraffic Management, DPI, Internet Offload Gateway
Traffic Management, DPI, Internet Offload Gateway
 
3G & LTE Wireless Solutions
3G & LTE Wireless Solutions3G & LTE Wireless Solutions
3G & LTE Wireless Solutions
 
4 Years Later: The Evolving Femto Ecosystem & Value Proposition
4 Years Later: The Evolving Femto Ecosystem & Value Proposition4 Years Later: The Evolving Femto Ecosystem & Value Proposition
4 Years Later: The Evolving Femto Ecosystem & Value Proposition
 
Evaluating Approaches to Building DPI into an LTE Network at the PDN Gateway ...
Evaluating Approaches to Building DPI into an LTE Network at the PDN Gateway ...Evaluating Approaches to Building DPI into an LTE Network at the PDN Gateway ...
Evaluating Approaches to Building DPI into an LTE Network at the PDN Gateway ...
 
LTE-Traffic Management & Monetization
LTE-Traffic Management & MonetizationLTE-Traffic Management & Monetization
LTE-Traffic Management & Monetization
 
Effective Load Balancing for ATCA Platforms
Effective Load Balancing for ATCA PlatformsEffective Load Balancing for ATCA Platforms
Effective Load Balancing for ATCA Platforms
 
DPI Traffic Management for Switched Ethernet ATCA Platforms
DPI Traffic Management for Switched Ethernet ATCA PlatformsDPI Traffic Management for Switched Ethernet ATCA Platforms
DPI Traffic Management for Switched Ethernet ATCA Platforms
 
Welcoming Session and Year in Review
Welcoming Session and Year in Review Welcoming Session and Year in Review
Welcoming Session and Year in Review
 
ATCA's Big Femtocell Opportunity
ATCA's Big Femtocell OpportunityATCA's Big Femtocell Opportunity
ATCA's Big Femtocell Opportunity
 
Architecting Femtocell Solutions- The Ten Most Important Steps to Building a ...
Architecting Femtocell Solutions- The Ten Most Important Steps to Building a ...Architecting Femtocell Solutions- The Ten Most Important Steps to Building a ...
Architecting Femtocell Solutions- The Ten Most Important Steps to Building a ...
 
Commercial Realities and Subscriber-Centric Strategies for Broadband Traffic ...
Commercial Realities and Subscriber-Centric Strategies for Broadband Traffic ...Commercial Realities and Subscriber-Centric Strategies for Broadband Traffic ...
Commercial Realities and Subscriber-Centric Strategies for Broadband Traffic ...
 
LTE Femtocell Roadmap- From Concept to Reality
LTE Femtocell Roadmap- From Concept to RealityLTE Femtocell Roadmap- From Concept to Reality
LTE Femtocell Roadmap- From Concept to Reality
 
Embedding LTE into Netbooks & Consumer Electronics
Embedding LTE into Netbooks & Consumer ElectronicsEmbedding LTE into Netbooks & Consumer Electronics
Embedding LTE into Netbooks & Consumer Electronics
 
In-house or Outsource? Evaluating the Make vs. Buy Decision
In-house or Outsource? Evaluating the Make vs. Buy DecisionIn-house or Outsource? Evaluating the Make vs. Buy Decision
In-house or Outsource? Evaluating the Make vs. Buy Decision
 
Are You Ready for VAS 2.0 with LTE?
Are You Ready for VAS 2.0 with LTE?Are You Ready for VAS 2.0 with LTE?
Are You Ready for VAS 2.0 with LTE?
 
Unstoppable Wireless Forces
Unstoppable Wireless ForcesUnstoppable Wireless Forces
Unstoppable Wireless Forces
 
LTE = Femtocells Biggest Opportunity
LTE = Femtocells Biggest OpportunityLTE = Femtocells Biggest Opportunity
LTE = Femtocells Biggest Opportunity
 
Delivering Innovative New Wireless Products and Services – Open or Managed Pl...
Delivering Innovative New Wireless Products and Services – Open or Managed Pl...Delivering Innovative New Wireless Products and Services – Open or Managed Pl...
Delivering Innovative New Wireless Products and Services – Open or Managed Pl...
 

Recently uploaded

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 

ISS World Prague 2010 - DPI at 40G and 100G: Moving Beyond Appliances

  • 1. 40G and 100G DPI Platforms Moving Beyond Appliances Mike Coward CTO & co-founder - Continuous Computing www.ccpu.com Confidential and Proprietary
  • 2. Agenda  Company Overview  DPI Market Trends – High Scale Requirements  DPI System Architecture Options  Bladed DPI Development Options  100G System Design Example www.ccpu.com Confidential and Proprietary 2
  • 3. Quick Corporate Facts  Founded Feb ’98  Private, VC-financed  >300 employees globally  Headquarters in San Diego  Engineering in Bangalore, Shenzhen  Acquired Trillium® from Intel (Feb ’03) 95,000 ft2 facilities ISO 9001 certified RoHS compliant  Sell to equipment mfrs, not operators CMMI Level 3 www.ccpu.com Confidential and Proprietary 3
  • 4. Integrated Systems & Services Protocols & HA Middleware Integrated DPI Platforms AdvancedTCA & Professional CompactPCI Hardware Services www.ccpu.com Confidential and Proprietary 4
  • 5. 2 Categories of DPI Applications Optimize / Protect OpEx Drive Revenue  IDS/IPS/Firewall  Tiered subscriber  Security gateway (UTM) bandwidth / applications  Subscriber traffic shaping  Managed Security Svcs  Peer-to-Peer blocking  Market intelligence  Peer-to-Peer caching / gathering redirection  Mobile ad insertion  Lawful intercept  Server virtualization Carrier demand for new revenue drives investment into large scale DPI Lawful Intercept gets higher capacity systems with minimal investment www.ccpu.com Confidential and Proprietary 5
  • 6. Movement towards 40G and 100G: Core and Edge  Core  Cisco CRS-3: >1000 ports of 100G Ethernet  Juniper T1600  Access Equipment: DSLAM, G-EPON, 10G-EPON, CMTS  Adding 10G interfaces, and starting to add 40G and 100G interfaces  CMTS: channel bonding yields 200 Mb/s  Google fiber broadband at 1Gb/s  Recent informal survey: 19 of 21 operators planning to skip 40G and move directly to 100G interfaces www.ccpu.com Confidential and Proprietary 6
  • 7. Appliances  Appliances: Good enough for multi-gigabit, even to 10G  Typically carefully tuned x86 with customized accelerated packet capture cards  Biggest Problem: Application creep  Applications and inspection criteria tend to expand over time: can’t guarantee line rate performance with new feature additions  Other issues: Redundancy, Scalability www.ccpu.com Confidential and Proprietary 7
  • 8. 40G Appliances? 100G Appliances?  Don’t bet against Moore’s Law  But not a silver bullet – still have to wait  2013: 40G Appliance  2016: 100G Appliance www.ccpu.com Confidential and Proprietary 8
  • 9. The Solution Today: Bladed Systems  Bladed systems used in Telecom central office deployments for 20 years  Provide scalability, reliability, upgradeability  Proven technology in DPI / LI  80 Gbps traffic shaping system deployed since 2007  10 Gbps network security platform deployed since 2008  40 Gbps network security platform deployed since 2009  10 Gbps LI inspection system deployed since 2008 www.ccpu.com Confidential and Proprietary 9
  • 10. 40/100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing 100G Bladed DPI: 3 Tier Architectures Filtered Filtered Filtered Filtered Flow Identification Flow Processing PacketIdentification Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 10
  • 11. 3 Tier Architecture: Switching Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Switching layer load balances incoming traffic across payload cards  Apply thousands of rules at full line rate for pre-filtering, classification, packet steering www.ccpu.com Confidential and Proprietary 11
  • 12. 3 Tier Architecture: Packet Processing Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Packet Processing card capable of 5-tuple classification, DPI packet inspection for keywords, flow extraction  Capable of classifying packets into millions of flows, and applying individual rules to each flow: drop, mirror, forward www.ccpu.com Confidential and Proprietary 12
  • 13. 3 Tier Architecture: Compute Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Compute tier capable of complex data extraction, flow correlation, protocol decode, data storage  Leverages Intel silicon roadmap for cost effective processing capability and huge development ecosystem www.ccpu.com Confidential and Proprietary 13
  • 14. 40/100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing 100G Bladed DPI: 3 Tier Architectures Filtered Filtered Filtered Filtered Flow Identification Flow Processing PacketIdentification Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 14
  • 15. Bladed DPI Components  4 components needed for Bladed DPI  x86 Compute Blades  Nothing better for complex flow analysis  Packet Processing Blades  Required for line rate encryption/decryption, IP header manipulation, flow duplication, DPI  Ethernet Switch Fabric  Must support load balancing, complex filtering  Chassis  Multiple sizes needed to support range of capacities www.ccpu.com Confidential and Proprietary 15
  • 16. Introduction to AdvancedTCA™ (ATCA)  Open blade specification created for telecom market  Designed for Central Office Requirements  Reliability – High Available, Easily Serviceable  Capacity – Large boards – high power processors  Bandwidth – Up to 40Gbps/slot – 500Gbps/chassis  200+ PICMG members, dozens of blade vendors  Globally $100M+ of ATCA-focused R&D  Every permutation of CPU (x86, AMD, PowerPC), Packet Processor (RMI, Cavium, IXP), Ethernet switch fabric (Broadcom, Fulcrum), and I/O (1G/10G Ethernet, ATM, SS7, serial)  Blades are designed to interoperate – no vendor lock in  Good economies of scale: ATCA is $1B market www.ccpu.com Confidential and Proprietary 16
  • 17. Typical High-End Next Generation ATCA DPI  FM80 ATCA 40G Fabric Switch  40G Switching to every slot in the backplane  16k TCAM-based rules for pattern matching & ingress processing  Integrated Load Balancing  XE80 Dual 6-core x86 CPU  Dual Westmere 6-Core CPU Up to 64GB DDR3 memory  Dual 10GE Fabric high performance accelerated NIC (TOE, RDMA, iSCSI)  PP80/CV80 – Dual 40G Packet Processors  Flexible Ethernet-based architecture  32GB memory for millions of flow entries www.ccpu.com Confidential and Proprietary 17
  • 18. ATCA Comparison with Bladed Systems  Bladed Systems optimized for Enterprise compute applications  Lots of x86 processors, fairly simple Ethernet switching  ATCA optimized for Telco applications – same reqmts as DPI  Broad array of silicon architectures: x86, PowerPC, Packet Processors, Network Processors, FPGAs, DSPs  High Capacity Flexible I/O  Support for 10G, 40G, 100G Uplinks  Advanced Switch Features  Switch Load Balancing  Switch-based packet pre-filtering and routing  Globally, >$100M R&D focused on ATCA platforms www.ccpu.com Confidential and Proprietary 18
  • 19. Packet Processors vs x86 Blades – Which is better?  Lots of debate in the market: Should DPI be done with packet processors or x86?  x86 vendors say:  Intel roadmap moves faster than anyone else, commodity: very good pricing  Packet Processors vendors say:  Integrated NICs and architecture allows very high packet rates  Integrated encryption/decryption allows line rate security processing  Our answer: Use Both!  x86 blades are best for complex flow analysis, deep correlation, database and reporting  Packet Processors: Packet reception, reassembly, regular expression scanning, application identification  Our experience is that the highest performance systems on the market include both www.ccpu.com Confidential and Proprietary 19
  • 20. System Design Example  Requirements  Capable of monitoring 100G Tapped Interface  Want to monitor up to 1,000 users, with up to 1,000 flows per subscriber: 1M flows total  Want aggregate application decode rate of 10 Gbps www.ccpu.com Confidential and Proprietary 20
  • 21. 100G 100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced System Design Example Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing Filtered Filtered Filtered Filtered  100G Tapped interface means 200G into system  Need 200G of load balancing capability on switch Flow Identification Flow Processing PacketIdentification Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 21
  • 22. 40/100G www.ccpu.com Load Balancing Load Balancing Switching Switching Load Balanced Load Balanced Load Balanced Load Balanced System Design Example Flow Identification Flow Identification Packet Processing Flow Processing Packet Identification Flow Processing Packet Identification Packet Processing  Add 1 card as a spare for N+1 redundancy Filtered Filtered Filtered Filtered Flow Identification  Each Flow Identification card can handle 40G traffic Flow Processing PacketIdentification  200G ingress traffic means 5 packet processing cards Flow Processing PacketIdentification Flow Analysis Packet Processing Compute Confidential and Proprietary 22
  • 23. System Design Example Packet Processing Packet Identification Packet Processing PacketIdentification Flow Analysis Load Balancing Flow Processing Packet Identification Flow Processing PacketIdentification Load Balanced Filtered Load Balancing Flow Processing Flow Identification Flow Processing Flow Identification Compute Switching Packet Processing Flow Identification Switching Load Balanced Filtered 40/100G Load Balanced Filtered Load Balanced Filtered  Each Flow Analysis/Decode card can handle 2-5G traffic  Aggregate decode rate of 10G means 5 cards  Add 1 card as a spare for N+1 redundancy  Local Storage: 1TB per card, or use external storage www.ccpu.com Confidential and Proprietary 23
  • 24. Flow Identification www.ccpu.com Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing Flow Identification Packet Processing  Fits into 1/3rd Telco Rack Load Balancing Switching Load Balancing Switching Flow Analysis Compute Flow Analysis Compute Flow Analysis Compute System Architecture: 100G Inspection Flow Analysis Compute Flow Analysis  100G Inspection platform: 200G ingress capacity Compute Flow Analysis Compute Confidential and Proprietary 24
  • 25. Ways to deploy DPI on ATCA 1. Adopt 100% off-the-shelf ATCA hardware, and focus on DPI application Theory: More Differentiation More R&D Investment 2. Adopt ATCA system and develop custom Better Time to Market mezzanine or module to implement hardware “secret sauce” 3. Use ATCA switch, x86 cards, but develop full ATCA blade with specific DPI implementation 4. Use ATCA spec but develop all blades www.ccpu.com Confidential and Proprietary 25
  • 26. CCPU Packet Inspection Platform Capabilities  Packet Inspection at 200+ Gbps per shelf  Mix of dedicated packet processing cards and x86 compute offers ideal blend of quick time-to- deployment and high capacity  Dedicated security engines allow real-time packet decryption at line rate  Supports tapped, inline bump-in-wire or terminated modes www.ccpu.com Confidential and Proprietary 26
  • 27. Summary  ATCA emerging as the preferred architecture for next generation DPI deployments at 40G and 100G  Cost effective, scalable, future-proof www.ccpu.com Confidential and Proprietary 27
  • 28. Thank You Mike Coward www.ccpu.com mike.coward@ccpu.com www.ccpu.com Confidential and Proprietary