Deep Packet Inspection

Building Network Intelligence

Historically, network operators have relied on ports and protocols to monitor and manage network traffic and applications. But today, just the sheer volume of applications running across the network, things like social media, cloud-based business applications, streaming media, require operators and network managers to have a much higher application-level view into what's going on and that's where deep packet inspection and Network Intelligence comes into play.

So now you're looking at adding Network Intelligence into your solutions. You've got two options. You can build the technology from the ground up - investing a significant amount of time, resources and money into doing so - or you can look to partner with Procera. We are the network intelligence experts and our NAVL-based solution will allow you to quickly integrate deep packet inspection and Network Intelligence into your platform. Dramatically reducing the time and risk of bringing that solution to market.

What is NAVL?

NAVL is really a software library which our OEM partners and our customers can actually make use of. They can embed this into their applications and what it really is, is a packet parser and a flow analyzer and it is able to identify what are the different applications on these flows, and is also able to then parse out the applications and actually extract the metadata elements and make these elements available to the application or whatever is the end product, which our partners are trying to build.

How Does NAVL Work?

A traditional DPI has really been about trying to run a regular expression type of an engine on a particular flow, trying to find some sorts of patterns in that flow and say, "Hey look, I found a particular application or I found a particular protocol." That approach actually, unfortunately, doesn't work anymore. The scalability in NAVL actually comes from the way we go ahead and try and do this classification. We don't just sort of have a complete list of all the things we want to start searching for and we start searching for that blindly on the first packet coming in itself. There is a whole structure to the way we're trying to recognize these different applications.

So think about it, a flow comes in, we basically put in parser flow and we say, OK, look, I found the ethernet header. After the ethernet header, I know that I’m going to find the IP header, so I find the IP header. After IP, I know that the possibilities which exist are for TCP and UDP. On top of TCP, I know the possibilities are for all the different protocol on TCP. So whenever we are trying to search for a particular application, we know where we are trying to search for it - on which particular application...where do those applications exist. So whenever we add new classification signatures or classification techniques, we are adding those specific to their type of protocol in which they're operating. This allows us to scale and be able to still to maintain our performance even when new signatures and new applications are being constantly added.

NAVL Demo

What we're looking at here is a demonstration showcasing a full 90-gigabytes per second of deep packet inspection and classification on an off-the-shelf Intel x86 server. We've got 5 Intel baseline cards, each with two 10-gigabytes per second ports feeding traffic into this system. At the top, we can see the network throughput broken up by application as it streams across updating every second. Down on the bottom-left, we can see each application and the associated number of flows, packets and bytes, each updating per second as well.

What's most interesting to note on this visualization, is down at the bottom-right, looking at the CPU utilization, we're doing this full 90-gigabytes per second of classification utilizing just 31% of the overall processor power.

Use Cases for NAVL

If you think about all the various, different use cases for something like NAVL, you can pretty much use it everywhere. You can use it in products which you are focusing on for the enterprise market, for the service provider market. In all these products, you really need to be able identify what the applications are. And after you identify what the application is, then you want to apply the various different cross-policies. If you are doing a PCEF-type sort of function for a subscriber-type of deployment, or, if you are really trying to build a firewall or you’re trying to build a next-generation IPS, then you want to be able to extract the metadata, all the different pieces of information, be able to create different type of threat models and then be able to take whatever is the appropriate action for that type of traffic.

Wrap-up

Partnering with Procera Networks not only gets you access to our network Intelligence technology, it gets you access to our exemplary customer support and maintenance going forward. NAVL, as a full software-based solution, is going to get you ready with network intelligence today but also help ensure that you’re prepared as you move into Network Function Virtualization (NFV) and software-defined networking (SDN) tomorrow.


NAVL – The Next Generation of Deep Packet Inspection

Procera Networks' Network Application Visibility Library (NAVL) features next-generation Deep Packet Inspection (DPI) technology, providing real-time, Layer-7 application classification and metadata extraction for network traffic. NAVL uses a combination of deep packet inspection and application classification techniques to deliver industry leading coverage and accuracy of network traffic. In addition, the sophisticated hierarchical data flow architecture produces the fastest throughput performance and lowest memory footprint in the market. NAVL is delivered as an OEM Software Development Kit (SDK) to dramatically reduce the time, cost and complexity of adding deep packet inspection (DPI) technology and true Layer-7 application intelligence to your networking infrastructure device.

Procera’s Advanced Deep Packet Inspection Technology Techniques

Deep Packet Inspection (DPI) as implemented by Procera’s Network Application Visibility Library (NAVL) includes, but is not limited to identification of network traffic packet attributes above layers 1-3 of, and extending to layers 4-7 of the OSI model (Layer 1- physical, layer 2 – data, layer 3 – network, layer 4 – transport, layer 5 – session, layer 6 – presentation, layer 7 – application). NAVL moves beyond even these, to include even more advanced application classification techniques, including Surgical Pattern Matching, Conversation Semantics, Deep Protocol Dissection, Behavioral and Statistical Analysis, Future Flow and Awareness and Flow Association.