Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Content Aware Networks Sailesh Kumar Cisco Research Two Important Applications • Security – IDS, IPS, AV, SPAM, App-firewall etc • Content Based Forwarding – Application Identification – Protocol Analysis – Field extraction (subscriber, URL, email address, etc) Two Important Applications • Security – IDS, IPS, AV, SPAM, etc • Content Based Forwarding Multi-billion $ Market Can become – Application Identification much bigger market – Protocol Analysis – Field extraction (subscriber, URL, email address, etc) Trends • Security - regex is popular – Old, outdated approach – New techniques such as machine learning (IronPort), anomaly detection, data mining etc are gaining popularity • Content Based Forwarding – Application Identification (p2p, skype, video over http) – Content based admission control (firewall) – Protocol analyzer (requires more than pattern matching) – Subscriber, content based statistics, billing Industry Trends • Vanilla regex acceleration – – – – – Vihana (Cisco supported) Netlogic (ASIC) LSI (Tarari acquisition) Sensory (Software regex) Most of these target security market • Niche markets – Xambala, GV, Nevis, Exegy, Allot, Tigerme • What about content based forwarding? – Few startups (P-Cube, Cisco acquired), Cisco products (NBAR, PISA), Juniper has some < few 100 million $ Why Content based Forwarding is not Gaining Traction? • Based on discussion with real customers (BT 21CN, Savis, Telecom Italia) 1. Customer friendliness • Regular languages are not easy to use by end customers 2. Performance 3. Cost Customer Friendliness • Regex is cumbersome • Customers want ability to recognize applications – regex is not sufficient • Customers want to use important attributes of applications – URL, port, MIME mail contents, etc • Want a simple interface to specify content classification rules – Block facebook.com from all users except marketing – Block SMTP if MIME subject contains xyz keyword Challenges • We are developing a 100 Gig system for content based forwarding – A number of important issues – Create efficient rules for application recognition, data analysis • We strongly believe that vanilla regex is not the right approach • Rules should be composed of grammar, and efficient logic around it – – – – – – Easy to use by customers Extraction of critical attributes of communication TCP normalization Character encoding issues Buffering issues System architecture • Co-software, hardware design, interface, etc • Unfortunately academia has focused too much on regex For Discussion • Can we develop better mechanisms to inspect packet content? – Customer friendliness is critical • What should be do in face of encryption? • What about net-neutrality? • Cisco is interested to support content based networking research; academia can show us the right way? – University participation through www.cisco.com/web/about/ac50/ac207/crc_new/ciscoarea/content.html