Surasak.S@ku.ac.th 

1

WUNCA 22nd, Suranaree University of Technology

29 July 2010 

2

3

4

Ethernet Network

Layer (IP)

Transport Layer

(TCP/UDP) Payload

L2 L3 L4 L5 – L7

Packet Payload/Application Layers Packet Header Layers

5

Ethernet Network

Layer (IP)

Transport Layer

(TCP/UDP)

Email (SMTP, POP3, IMAP) Web (HTTP/S)

File Transfer (FTP, Gopher) Instant Messaging (IM)

Peer-to-Peer (P2P) Applications Directory Services

L2 L3 L4 L5 – L7 Packet Payload/Application Layers Packet Header Layers

Deep Packet Inspection

6

Ethernet Network

Layer (IP)

Transport Layer

(TCP/UDP)

Email (SMTP, POP3, IMAP) Web (HTTP/S)

File Transfer (FTP, Gopher) Instant Messaging (IM)

Peer-to-Peer (P2P)

L2 L3 L4 L5 – L7

Deep Packet Inspection

Shallow Packet Inspection

7

Fixed Operations

Packet Header Packet Data

Dynamic & Adaptive

Operations

Routers ACLs, QoS

Switches

Dynamic Routers

Firewalls

Adaptive L4 Traffic

Management •  IDS/IPS •  Anti-spam •  Anti-virus •  DDoS protection •  Content/XML Load Balancers •  VoIP security, monitoring, analysis •  WAN/Application optimization

Load Balancers

Dynamic Load

Balancers

1st gen. L7 Load

Balancers

8

9

Hardware Theft

DoS/DDos

Intrusions

Viruses

Trojans

Worms

SPAM

More complex applications

Carry much richer content

Page 10

CONNECTIVITY “Dumb Pipes”

PERFORMANCE “Fast Pipes”

POLICY Software-defined

“Smart Pipes” •  Enterprise: Security, traffic

management, VoIP, acceleration •  Federal: Security, Information

Awareness, Information Assurance •  Carriers: Enhanced services

The 70s/80s The 90s 21st Century

Specific/Limited use within the fixed enterprise

Explosion of the Internet Broader expansion within and beyond the enterprise and to

customers and business partners

Network is mission critical to business success &

survivability

Evolution to a “Policy-Centric Network”

USA

GE

INFR

AST

RU

CTU

RE

11

12

Intrusion Prevention System

Intrusion Detection System

Stateful Firewall

13

permit tcp any host <Mail Server> port 25 deny any any Mail Client Mail Sever

SYN

SYN/ACK

ACK

14

permit tcp any host <Mail Server> port 25 deny any any

Mail Client Mail Sever

HELO

HELO

Mail From: <buff@at.net>

15

deny SMTP <Mail Client, port> <Mail Server, 25> Mail Client Mail Sever

VRFY root

VRFY Buffer Overflow

16

17

18

P2P

VoIP/Skype

Virus/Worm/Trojan

Spam

DoS

Forwarding

Redirection

Denying

Throughput Control

QoS/Shaping

Protocol Report

Services Report

Subscriber Report

Attack Report

Logging

19

  How to handle the speed and volume of incoming data?

  How to handle the large number of attack signatures?

  How to efficiently analyze complex and overlapped pattern?

20

100000

10000

1000

100

10

1

83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 !

10 Mb/s !

100 Mb/s !

1 Gb/s !

10 GbE !

40/100 GbE !

year !

Mb/s ! 400 GbE 1 Terabit?!

21

0 1 2 3 4 5 6 7 8 9

64 128 256 512 1024 1518

Zero Loss Throughput V.S. Frame size

0

10

20

30

40

50

60

70

64 128 256 512 1024 1518

Zero loss CPU Utilization

Gbps

%

Bytes

Bytes

22

Altera Stratix Xilinx Virtex

Intel IXP Series

ClassiPi PMC Tarari T1000 Netlogic NetLT

23

24

ATCA Shelf Manager

10G Switch Blade Processors Blade

25

12U Modular AdvancedTCA chassis

80 Gbps capacity

5 million subscribers handle

48 million data flows tracking

26

  ISPs start implementing DPI for services control

  More new hardware platforms hit the market for high speed network

  Controversy about net neutrality and end-to-end nature of Internet

27

28

Q&A 

29