NAVL - Embedded DPI Products For OEM Integrators

Network Application Visibility Library (NAVL) is a next-generation Deep Packet Inspection (DPI) software engine that provides real-time, Layer-7 classification of network traffic. Running on all popular processors and operating systems, NAVL allows integrators to remain focused on core competencies while implementing industry-leading DPI functionality from Procera in their products.

NAVL uses a combination of deep packet and deep flow inspection techniques to accurately identify today's most common applications including Mobile, Social Networking, P2P, Instant Messaging, File Sharing, Enterprise and Web 2.0 applications. These powerful capabilities enable use cases in both Enterprise and Service Provider communications products.

Subscriber experience is a critical measuring stick for Service Providers and telecommunications products must be able to monitor and enhance that experience. In Enterprise networks, businesses need to ensure that critical applications receive proper handling and treatment. The elements in these networks need to provide visibility to an increasingly diverse traffic mix. NAVL provides equipment vendors with that visibility while satisfying the diverse requirements of all use cases.

PROCERA'S ADVANCED DEEP PACKET INSPECTION TECHNOLOGY TECHNIQUES

Deep Packet Inspection (DPI) as implemented by Procera's Network Application Visibility Library (NAVL) includes, but is not limited to identification of network traffic packet attributes above layers 1-3 of, and extending to layers 4-7 of the OSI model (Layer 1- physical, layer 2 – data, layer 3 – network, layer 4 – transport, layer 5 – session, layer 6 – presentation, layer 7 – application). NAVL moves beyond even these, to include even more advanced application classification techniques, including Surgical Pattern Matching, Conversation Semantics, Deep Protocol Dissection, Behavioral and Statistical Analysis, Future Flow and Awareness and Flow Association.

Network Analytics solutions depend on data from Layer 7 DPI engines such as Procera's Network Application Visibility Library (NAVL) to provide insight into user behavior and traffic patterns on the network at certain times of day, week month or year. They can be used to help service providers and IT managers better understand who is going to what web sites and using which applications when. This helps ensure proper alignment of network resources with business priorities and provides a high quality experience for all users.

True application recognition can only be performed at Layers 4-7 of the OSI model by a DPI engine such as Procera's Network Application Visibility Library (NAVL), capable of identifying traffic on a per- application basis. Other solutions that attempt to recognize and classify traffic by port and protocol fall short, in that they fail to identify the thousands of applications that are developed to be delivered as HTTP over port 80, and those that "port-hop" or go from port to port when they are blocked or throttled back.

The use of true Layer 7 DPI engines such as Procera's Network Application Visibility Library (NAVL) to provide application classification helps ensure that telecommunications service providers and enterprise IT managers have complete visibility into all of the traffic on their networks. This enables much more granular root-cause analysis for network performance issues and failures as well as much more detailed historical reporting. Other "traffic visibility" solutions that identify applications at port and protocol levels only fail to identify most applications on the network at the application level, and misidentify many that masquerade as other applications by port-hopping or otherwise evading detection.

Layer 7 switches or "content switching" serves as the basis of content delivery networks or CDNs. These geographically dispersed networks, which incorporate technologies such as those used in Procera's Network Application Visibility Library (NAVL), to direct specific application traffic to certain location, are designed to take bandwidth-intensive traffic and content such as HD video closer to the consumer and store it locally. This means that the content travels shorter distances over faster pipes to fewer people, costing less to transmit on a per-bit basis and helping ensure a higher quality of experience for all users.

While traffic speeds on LANs and WANs have risen sharply since the advent of DPI technologies in the late 90s, so have the number and types of applications on these networks and the "bursty" nature of their behavior. Aggressive recreational streaming audio and video traffic including even mission-critical voice and video applications authorized by schools and businesses, can easily expand to consume all available bandwidth on a given link. Even worse, lack of visibility into network traffic make it impossible for IT managers to distinguish one from the other, often leading to "all or nothing" application admission policy implementations that can negatively affect business and learning processes and programs.

Platform developers and their customers who integrate Procera's Network Application Visibility Library (NAVL) OEM DPI application classification engine give users the ability to see all of the traffic on their networks and to choose how each traffic type will be managed on the network. They can then apply the control technologies of their choice to regulate both the performance of the network as a whole and the individual applications on it, ensuring high quality experiences for users of sanctioned applications and helping ensure that recreational and other traffic has minimal negative impact on business and learning performance.

True Layer 7 application classification engines such as Procera's Network Application Visibility Library (NAVL) are the only way to determine one application from another when all or many applications are being delivered over port 80 as simple HTTP/Internet traffic. In many cases, applications are developed so that if controls are applied when they attempt to enter the network on one port, they will "port-hop" or masquerade as another type of application and enter through another port on the network. Without the ability to look into Layer 7 and identify applications by name, applications will only be classified as HTTP, or even at a lower level of the OSI model, resulting in their being either misclassified or insufficiently classified to enable the necessary levels of control.

Link aggregation or "trunking" is a function performed by Ethernet switches at layers 1-3 (1 - physical, 2 - data and 3 - network) of the OSI model, none of which provide sufficient application intelligence to raise the platform to the level of a "content switch" or "Layer 4-7" switch. With the addition of true Layer 7 DPI application classification capabilities such as those provided by Procera's Network Application Visibility Library (NAVL), these platforms can be made to perform load balancing among groups or servers, as well as network address translation (NAT). They can also be used to offload SSL encryption and decryption from the server or to manage digital certificates. Layer 7 switching serves as the foundation of content delivery networks (CDNs).

Load balancers are essentially high speed switching platforms with Layer 4-7 capabilities added through the addition of specialized hardware or easy integrated software DPI engines such as Procera's Network Application Visibility Library (NAVL).

Load balancers "equalize" the computing resources required of a cluster of servers so that applications are served faster, servers are kept cooler and users have a higher quality experience. Application awareness is critical in this scenario to ensure that the correct application is served to the right user from the right server, regardless of whether or not that session is persistent over time and distance.

Network Testing solutions integrate leading Layer 7 DPI engines such as Procera's Network Application Visibility Library (NAVL) to help ensure that their planning, testing and results are correct. Critically, they need to know that the real-world application environments that they seek to create in the laboratory are in fact being created accurately, that the applications in those environments are behaving as they should, and that reports can be generated to demonstrate this. The difference between having been through real-world simulation and simple "packet-blasting" in testing phases can make or break a product when it is deployed in a production network.

Packet capture or data capture is one possible first step in the process of deep packet inspection (DPI), as performed by solutions such as Procera's Network Application Visibility Library (NAVL). It describes the act of act of capturing data packets in transit across a computer network and storing them in on-board memory for further inspection. Solutions such as NAVL are able to look into the packet header and payload, in addition to applying other advanced techniques, to report application type, name, source, destination, and other information.

Mobile Communications Service Providers (CSPs) are working to adapt their network infrastructures to enable them to better track and monetize the services their subscribers are using over their infrastructure. A provider's ability to exert some form of control over the user experience via the "control plane" of the network, using techniques such as deep packet inspection (DPI) and the Policy Charging and Rules Function (PCRF) is critical to this capability.

An increasing number of providers and the equipment manufacturers that work closely with them are integrating technologies such as Procera's Network Application Visibility Library (NAVL), an OEM DPI engine providing Layer 7 application classification, to enable full traffic visibility. They can then apply the control mechanisms or their choice to positively or negatively affect the performance of specific applications, depending on where they fit in their service offering and billing structures.

In addition to a wide variety of malware detection techniques, advanced vendors in the Secure Web Gateway (SWG) space are beginning to add DPI engines such as Procera's Network Application Visibility Library (NAVL) to their solutions for Layer 7 application classification. DPI capabilities will become increasingly important differentiators as the market continues to mature.

SWGs have become increasingly critical as the numbers and types of mobile devices, both company-owned and authorized and employee-supplied, or BYOD, have risen in recent years. SWGs feature URL filtering, malware detection and filtering and various controls for commonly used Internet applications. Content-aware data loss prevention (DLP) is also common feature of these platforms.

Software Defined Network (SDN) architectures are being developed based on the principle that abstracting the control plane, where Deep Packet Inspection (DPI) engines such as Procera's Network Application Visibility Library (NAVL) reside, from the data plane (where packets are located and moved) and placing this in a separate space, untethered to the physical routing and switching hardware on which the packets are transmitted, will allow instantaneous generation, and infinite reconfiguration of network resources to met specific needs, without any actual hardware being moved. In a network such as this, which applications are running over what, where, from and to whom is of critical importance. Only technologies such as NAVL, or software DPI engines providing Layer 7 application classification, can provide this information in a reliable, scalable and cost-effective way.

Unified Threat Management (UTM) appliances have become a staple of network security strategies, especially in small to medium businesses, given their relatively low cost, ease of installation and use and the ability they provide to update a variety of security functions network-wide at once. The near-incessant introduction of new, increasingly advanced and evasive malicious applications and protocols means that setting security policies based on IP addresses and ports is simply ineffective.

Add to this the fact that most security threats now come from within an organization's own walls, and the point-product solutions of the past are simply too costly, difficult to manage and hard to maintain to be practically effective. This is why Layer-7 classification has quickly become a "must-have" feature in the firewall/UTM space, and why Procera's Network Application Visibility Library (NAVL) is the choice of leading UTM vendors.

Procera's DPI-dedicated engineers are constantly at work developing new signatures and integrating them with the NAVL library through the NAVL plug-in architecture. With this always-updated visibility into the applications and protocols traversing the network, network administrators using NAVL-enabled UTMs can quickly define security policies, responding to security breaches in near real-time or even anticipating them before they happen.