© 2008 Bivio Networks, Inc. All rights reserved.Specifications subject to change without notice.

Evolution & Requirements for DPIin Network Security Infrastructure

Bob WiestDirector of Technical Services

Bivio Networks

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 2

What is Deep Packet Inspection (DPI)?

Deep Packet Inspection (DPI) is a form of filtering that examines (inspects) both the

payload and the header of a packet as it passes an inspection point.

EthernetInternetProtocol

(IP)

TransportLayer

(TCP/UDP)

Email (SMTP, POP3, IMAP)Web (HTTP/S)

File Transfer (FTP, Gopher)Instant Messaging (IM)

Peer-to-Peer (P2P) ApplicationsDirectory Services

L2 L3 L4 L5 – L7

Packet Payload / Application LayersPacket Header Layers

Deep PacketInspection

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 3

CONNECTIVITY

“Dumb Pipes”

PERFORMANCE

“Fast Pipes”

POLICY

Software-defined “Smart Pipes”

• Enterprise: Security, traffic management, VoIP, acceleration

• Federal: Security, Information Awareness, Information Assurance

• Carriers: Enhanced services

The 70s/80s The 90s 21st Century

Specific/Limited use within the fixed enterprise

Explosion of the Internet

Broader expansion within and beyond the enterprise and to

customers and business partners

Network is mission critical to business success &

survivability

Key Network Transformation

We Have Evolved to a “Policy-Centric Network”

US

AG

EIN

FR

AS

TR

UC

TU

RE

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 4

A Changing Environment

Past Current & Future

Security Perimeter End-to-end, Perimeter, Internal

Threats Static Dynamic, Changing, Adaptive

Performance Requirements

Low High

Past Current & Future

ExampleFW, Routing,

Switching, QoSIDP/IDS, A/V, Anti-Spam, LI

Configuration Static Adaptive & Flexible

Packet Overhead Fixed Variable

Performance Linear Non-linear

IT Network:

Applications:

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 5

New Class of Network Applications

Fixed Operations

Packet Header Packet Data

Dynamic & Adaptive

Operations

RoutersACLs, QoS

Switches

Dynamic Routers

Firewalls

Adaptive L4 Traffic

Management • IDS/IPS• Anti-spam• Anti-virus• DDoS protection• Content/XML Load Balancers• VoIP security, monitoring, analysis• WAN/Application optimization

Load Balancers

Dynamic Load

Balancers

1st gen. L7 Load

Balancers

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 6

The Problem RestatedSoftware now a key component of next generation networks

Fast hardware-defined connectivity layer conflicts with increasingly complex software-defined policy layer

Addressing collision of computing and networking is essential to future network infrastructure

Increased complexity, time to market, costs and risks of policy-centric product delivery are now directly impacting the ability of companies to

deliver and deploy effective networking products!

Low Speed LAN/WANs

Bridges

High Speed LAN/WANs

Routers/Switches

Policy-Centric Infrastructure Products

Hardware

Software Hardware

Software

Hardware

Software

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 7

Huge Product / Market Opportunity

DPI is foundation for generation networking infrastructure

Market spans multiple multi-billion dollar markets

Bivio actively selling into several of them– Security– Carrier DPI– Federal– Enterprise vertical markets– Security, Traffic

Management L1

L2Switches

L3Routers

L4

L5

L6

L7

DPI Device

s

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 8

A New Solution is Needed

New threats drive new requirements– Flexibility and Adaptability: signatures, policies, algorithms,

and configurations– Performance: no longer optional

• Enforcement requires inline operation

• Scalability of solution inherent to networking

• Low latency essential

– Rapid Time-To-Implement: keep pace with constantly changing and evolving threats, protocols & services

Deliver scalable performance with standard architecture

Application Integration: Easily integrate L7 applications

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 9

A New Approach: The Network Appliance Platform

Bring benefits of general purpose computing to high speed networking without sacrificing performance

Utilize a “systems approach”: provide a complete software and hardware appliance environment

Linux OS environment leverages wealth of popular L7 open source applications

Operational commonality

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 10

Anatomy of a Network Appliance

Optimized for flexibility

Non-deterministic performance

Highly variable

Complex operations

Compute/Memory-intensive

“Slow path”

Data PlaneData Plane

Control PlaneControl Plane

Application Application ProcessingProcessing

Packet Packet ProcessingProcessing

Optimized for throughput, latency

Deterministic performance

Well-defined operations

I/O intensive

“Fast path”

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 11

Logical Packet Flow & Architecture

Application Processing Subsystem– High-performance Linux processors– Provides fully parallelized &

redundant execution environment

Fabric Interconnect– High speed communication highway– Accommodates sustained full wire-speed

data rates

Network Processing Subsystem– High performance packet processor– Provides comprehensive load

balancing & traffic management– APIs and custom data path applications

High Performance Fabric High Performance Fabric

Application Processing Subsystem

Network Processing Subsystem

Network IFNetwork IF

Hardware AccelerationHardware Acceleration

Application Application ProcessorProcessor

Programmable Programmable Packet ProcessorPacket Processor

Network IFNetwork IF

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 12

Summary

Emerging network applications, with security as primary driver, are making software a core component of next generation networking

This collision of computing and networking requires re-examination of network infrastructure

A systems based approach, fusing Linux, general purpose computing and high-speed networking offers promise to propel networking into new era

Purpose-built architecture enables true wire-rate packet inspection & processing

Uncompromising Performance, Unmatched Flexibility

©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 13

Bivio Networks Company Snapshot

Company Facts

Founded in 2000

Headquartered in San Francisco Bay area

Growing customer list, revenue & momentum

Our Products

Network appliance platforms: Bivio 7000 Series and Bivio 2000 Series

Markets Served

Enterprises, federal government, carriers & network service providers

Our Customers

Network equipment manufacturers, application developers, and strategic direct enterprises including federal government requiring deep packet processing-intensive solutions

Business Model

OEM, strategic direct, channel

Our Investors