* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download bob
Survey
Document related concepts
Wireless security wikipedia , lookup
Computer security wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Airborne Networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Packet switching wikipedia , lookup
Transcript
Evolution & Requirements for DPI in Network Security Infrastructure Bob Wiest Director of Technical Services Bivio Networks © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Uncompromising Performance, Unmatched Flexibility What is Deep Packet Inspection (DPI)? Deep Packet Inspection (DPI) is a form of filtering that examines (inspects) both the payload and the header of a packet as it passes an inspection point. Packet Header Layers L2 Ethernet L3 Internet Protocol (IP) Packet Payload / Application Layers L4 L5 – L7 Transport Layer (TCP/UDP) Email (SMTP, POP3, IMAP) Web (HTTP/S) File Transfer (FTP, Gopher) Instant Messaging (IM) Peer-to-Peer (P2P) Applications Directory Services Deep Packet Inspection ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 2 Uncompromising Performance, Unmatched Flexibility INFRASTRUCTURE USAGE Key Network Transformation The 70s/80s The 90s Explosion of the Internet Specific/Limited use within the fixed enterprise Broader expansion within and beyond the enterprise and to customers and business partners 21st Century Network is mission critical to business success & survivability POLICY CONNECTIVITY PERFORMANCE “Dumb Pipes” “Fast Pipes” Software-defined Pipes” “Smart • Enterprise: Security, traffic management, VoIP, acceleration • Federal: Security, Information Awareness, Information Assurance • Carriers: Enhanced services We Have Evolved to a “Policy-Centric Network” ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 3 Uncompromising Performance, Unmatched Flexibility A Changing Environment IT Network: Past Current & Future Security Perimeter End-to-end, Perimeter, Internal Threats Static Dynamic, Changing, Adaptive Performance Requirements Low High Past Current & Future Example FW, Routing, Switching, QoS IDP/IDS, A/V, Anti-Spam, LI Configuration Static Adaptive & Flexible Packet Overhead Fixed Variable Performance Linear Non-linear Applications: ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 4 Uncompromising Performance, Unmatched Flexibility New Class of Network Applications Dynamic & Adaptive Operations Dynamic Load Balancers Adaptive L4 Traffic Management Dynamic Routers Fixed Operations Load Balancers • IDS/IPS • Anti-spam • Anti-virus • DDoS protection • Content/XML Load Balancers • VoIP security, monitoring, analysis • WAN/Application optimization Routers ACLs, QoS Firewalls 1st gen. L7 Load Balancers Switches Packet Header Packet Data ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 5 Uncompromising Performance, Unmatched Flexibility The Problem Restated Software now a key component of next generation networks Fast hardware-defined connectivity layer conflicts with increasingly complex software-defined policy layer Addressing collision of computing and networking is essential to future network infrastructure Policy-Centric Infrastructure Products High Speed LAN/WANs Routers/Switches Low Speed LAN/WANs Software Software Bridges Software Hardware Hardware Hardware Increased complexity, time to market, costs and risks of policy-centric product delivery are now directly impacting the ability of companies to deliver and deploy effective networking products! ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 6 Uncompromising Performance, Unmatched Flexibility Huge Product / Market Opportunity DPI is foundation for generation networking infrastructure Market spans multiple multi-billion dollar markets Bivio actively selling into several of them – – – – – Security Carrier DPI Federal Enterprise vertical markets Security, Traffic Management DPI Devices L7 L6 L5 L4 Routers L3 Switches L2 L1 ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 7 Uncompromising Performance, Unmatched Flexibility A New Solution is Needed New threats drive new requirements – Flexibility and Adaptability: signatures, policies, algorithms, and configurations – Performance: no longer optional • Enforcement requires inline operation • Scalability of solution inherent to networking • Low latency essential – Rapid Time-To-Implement: keep pace with constantly changing and evolving threats, protocols & services Deliver scalable performance with standard architecture Application Integration: Easily integrate L7 applications ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 8 Uncompromising Performance, Unmatched Flexibility A New Approach: The Network Appliance Platform Bring benefits of general purpose computing to high speed networking without sacrificing performance Utilize a “systems approach”: provide a complete software and hardware appliance environment Linux OS environment leverages wealth of popular L7 open source applications Operational commonality ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 9 Uncompromising Performance, Unmatched Flexibility Anatomy of a Network Appliance Control Plane Application Processing Optimized for flexibility Non-deterministic performance Highly variable Complex operations Compute/Memory-intensive “Slow path” Optimized for throughput, latency Deterministic performance Well-defined operations I/O intensive “Fast path” Packet Processing Data Plane ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 10 Uncompromising Performance, Unmatched Flexibility Logical Packet Flow & Architecture Application Processing Subsystem Application Processing Subsystem Hardware Acceleration – High-performance Linux processors – Provides fully parallelized & redundant execution environment Application Processor Fabric Interconnect High Performance Fabric Network IF Programmable Packet Processor – High speed communication highway – Accommodates sustained full wire-speed data rates Network IF Network Processing Subsystem Network Processing Subsystem – High performance packet processor – Provides comprehensive load balancing & traffic management – APIs and custom data path applications ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 11 Uncompromising Performance, Unmatched Flexibility Summary Emerging network applications, with security as primary driver, are making software a core component of next generation networking This collision of computing and networking requires re-examination of network infrastructure A systems based approach, fusing Linux, general purpose computing and high-speed networking offers promise to propel networking into new era Purpose-built architecture enables true wire-rate packet inspection & processing ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 12 Uncompromising Performance, Unmatched Flexibility Bivio Networks Company Snapshot Company Facts Founded in 2000 Headquartered in San Francisco Bay area Growing customer list, revenue & momentum Our Products Network appliance platforms: Bivio 7000 Series and Bivio 2000 Series Markets Served Enterprises, federal government, carriers & network service providers Our Customers Network equipment manufacturers, application developers, and strategic direct enterprises including federal government requiring deep packet processing-intensive solutions Business Model OEM, strategic direct, channel Our Investors ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 13