© 2008 bivio networks, inc. all rights reserved. specifications subject to change without notice....
Post on 18-Dec-2015
217 views
TRANSCRIPT
![Page 1: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/1.jpg)
© 2008 Bivio Networks, Inc. All rights reserved.Specifications subject to change without notice.
Evolution & Requirements for DPIin Network Security Infrastructure
Bob WiestDirector of Technical Services
Bivio Networks
![Page 2: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/2.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 2
What is Deep Packet Inspection (DPI)?
Deep Packet Inspection (DPI) is a form of filtering that examines (inspects) both the
payload and the header of a packet as it passes an inspection point.
EthernetInternetProtocol
(IP)
TransportLayer
(TCP/UDP)
Email (SMTP, POP3, IMAP)Web (HTTP/S)
File Transfer (FTP, Gopher)Instant Messaging (IM)
Peer-to-Peer (P2P) ApplicationsDirectory Services
L2 L3 L4 L5 – L7
Packet Payload / Application LayersPacket Header Layers
Deep PacketInspection
![Page 3: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/3.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 3
CONNECTIVITY
“Dumb Pipes”
PERFORMANCE
“Fast Pipes”
POLICY
Software-defined “Smart Pipes”
• Enterprise: Security, traffic management, VoIP, acceleration
• Federal: Security, Information Awareness, Information Assurance
• Carriers: Enhanced services
The 70s/80s The 90s 21st Century
Specific/Limited use within the fixed enterprise
Explosion of the Internet
Broader expansion within and beyond the enterprise and to
customers and business partners
Network is mission critical to business success &
survivability
Key Network Transformation
We Have Evolved to a “Policy-Centric Network”
US
AG
EIN
FR
AS
TR
UC
TU
RE
![Page 4: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/4.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 4
A Changing Environment
Past Current & Future
Security Perimeter End-to-end, Perimeter, Internal
Threats Static Dynamic, Changing, Adaptive
Performance Requirements
Low High
Past Current & Future
ExampleFW, Routing,
Switching, QoSIDP/IDS, A/V, Anti-Spam, LI
Configuration Static Adaptive & Flexible
Packet Overhead Fixed Variable
Performance Linear Non-linear
IT Network:
Applications:
![Page 5: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/5.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 5
New Class of Network Applications
Fixed Operations
Packet Header Packet Data
Dynamic & Adaptive
Operations
RoutersACLs, QoS
Switches
Dynamic Routers
Firewalls
Adaptive L4 Traffic
Management • IDS/IPS• Anti-spam• Anti-virus• DDoS protection• Content/XML Load Balancers• VoIP security, monitoring, analysis• WAN/Application optimization
Load Balancers
Dynamic Load
Balancers
1st gen. L7 Load
Balancers
![Page 6: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/6.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 6
The Problem RestatedSoftware now a key component of next generation networks
Fast hardware-defined connectivity layer conflicts with increasingly complex software-defined policy layer
Addressing collision of computing and networking is essential to future network infrastructure
Increased complexity, time to market, costs and risks of policy-centric product delivery are now directly impacting the ability of companies to
deliver and deploy effective networking products!
Low Speed LAN/WANs
Bridges
High Speed LAN/WANs
Routers/Switches
Policy-Centric Infrastructure Products
Hardware
Software Hardware
Software
Hardware
Software
![Page 7: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/7.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 7
Huge Product / Market Opportunity
DPI is foundation for generation networking infrastructure
Market spans multiple multi-billion dollar markets
Bivio actively selling into several of them– Security– Carrier DPI– Federal– Enterprise vertical markets– Security, Traffic
Management L1
L2Switches
L3Routers
L4
L5
L6
L7
DPI Device
s
![Page 8: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/8.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 8
A New Solution is Needed
New threats drive new requirements– Flexibility and Adaptability: signatures, policies, algorithms,
and configurations– Performance: no longer optional
• Enforcement requires inline operation
• Scalability of solution inherent to networking
• Low latency essential
– Rapid Time-To-Implement: keep pace with constantly changing and evolving threats, protocols & services
Deliver scalable performance with standard architecture
Application Integration: Easily integrate L7 applications
![Page 9: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/9.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 9
A New Approach: The Network Appliance Platform
Bring benefits of general purpose computing to high speed networking without sacrificing performance
Utilize a “systems approach”: provide a complete software and hardware appliance environment
Linux OS environment leverages wealth of popular L7 open source applications
Operational commonality
![Page 10: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/10.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 10
Anatomy of a Network Appliance
Optimized for flexibility
Non-deterministic performance
Highly variable
Complex operations
Compute/Memory-intensive
“Slow path”
Data PlaneData Plane
Control PlaneControl Plane
Application Application ProcessingProcessing
Packet Packet ProcessingProcessing
Optimized for throughput, latency
Deterministic performance
Well-defined operations
I/O intensive
“Fast path”
![Page 11: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/11.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 11
Logical Packet Flow & Architecture
Application Processing Subsystem– High-performance Linux processors– Provides fully parallelized &
redundant execution environment
Fabric Interconnect– High speed communication highway– Accommodates sustained full wire-speed
data rates
Network Processing Subsystem– High performance packet processor– Provides comprehensive load
balancing & traffic management– APIs and custom data path applications
High Performance Fabric High Performance Fabric
Application Processing Subsystem
Network Processing Subsystem
Network IFNetwork IF
Hardware AccelerationHardware Acceleration
Application Application ProcessorProcessor
Programmable Programmable Packet ProcessorPacket Processor
Network IFNetwork IF
![Page 12: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/12.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 12
Summary
Emerging network applications, with security as primary driver, are making software a core component of next generation networking
This collision of computing and networking requires re-examination of network infrastructure
A systems based approach, fusing Linux, general purpose computing and high-speed networking offers promise to propel networking into new era
Purpose-built architecture enables true wire-rate packet inspection & processing
![Page 13: © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d255503460f949fc1ef/html5/thumbnails/13.jpg)
Uncompromising Performance, Unmatched Flexibility
©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 13
Bivio Networks Company Snapshot
Company Facts
Founded in 2000
Headquartered in San Francisco Bay area
Growing customer list, revenue & momentum
Our Products
Network appliance platforms: Bivio 7000 Series and Bivio 2000 Series
Markets Served
Enterprises, federal government, carriers & network service providers
Our Customers
Network equipment manufacturers, application developers, and strategic direct enterprises including federal government requiring deep packet processing-intensive solutions
Business Model
OEM, strategic direct, channel
Our Investors