Appliance Deployment Featured Article
Perform Deep Packet Inspection at Gigabit Speeds without Specialized NPUs
By Ashok Bindra, TMCnet Contributor
With rapidly increasing data plane load from mobile devices, cloud storage, and cloud computing on network servers, the need for deep packet inspection (DPI) also increases as a means of providing encrypted data security for all information passing across a network. In fact, according to appliance deployment expert NEI’s (News - Alert) director of Field Engineering Austin Hipes, “Data encryption is now an important part of people’s everyday lives at home and at work, whether it’s a family member backing up information from a personal laptop to a cloud tablet.”
In part two of a five part series on DPI, the author says that DPI and data encryption are typically linked together in the encryption-driven network services. As per the explanation, DPI is used to encrypt and decrypt data in real-time on the network to analyze packet contents and determine the appropriate routing based on intelligent traffic and security rules.
According to Hipes, in the past the only way to perform high-performance DPI and encryption was to use network processing units (NPUs) that were specifically designed for this application. The explanation indicates that NPUs are commonly found in network devices ranging from network monitoring systems and session border controllers to intrusion detection and prevention systems (IDPS). Besides using one or more NPUs, many platforms also provide complete system-level functionality for the control plane by incorporating CPU-based server hardware.
Although NPUs offer some advantages when performing DPI and encryption, they also have several key disadvantages. For instance, Hipes wrote that NPUs incorporate proprietary architecture that makes programming these devices difficult, requiring specialized skills. In addition, the code required for NPU programming is not compatible with the networking hardware code. Aside from dramatically decreasing system flexibility, it also means that two separate programming teams –one for NPU software and the other for CPU—are required any time these systems must be commissioned or modified.
“Coordinating these two unique teams can pose a real challenge to system owners and operators,” adds Hipes.
Furthermore, the NPUs complicate the design of hardware systems and significantly increase the cost. In part one of this series, the author shows that OEMs can overcome the challenges presented by NPUs with an optimized server platform from Intel (News - Alert). The communications infrastructure offers network security performance at multi-gigabit speeds without the need for NPUs.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Jamie Epstein