NatSys Lab.
Deep Packet Inspection
Use Cases
● On-line advertising with active redirects● Market research● Users flow control● Data Leakage Protection (DLP)● Intellectual Web-content filtering● Intrusion detection and prevention
Deep Packet Inspection (DPI)
● Software solution for commodity x86-64 hardware
● Performs 10Gbps traffic analyzing and modification on network, transport and application layers
● Generates clickstream in Cisco RDR or custom BER formats
● Has user profiles storage and management module
Operation Modes
DPI can operate in following modes:● inline – the system works as common Linux
router which can actively filter and modify traffic on all layers
● active sniffer – the system can analyze traffic and generate clickstream and DNS and HTTP redirects
Inline Operation Mode(user flow control case)
Fault Tolerance in Inline Mode
DPI inline mode achieves fault tolerance using following technologies:● bypass network adapters● or standard Linux router failover
Active Sniffer Operation Mode(Web analytics case)
Advertising Redirects
DPI can redirect user requests depending on:● user settings (once per N seconds or requests)● matching request URI to set of regular
expressions● 400 or 500 HTTP errors● absence of corresponding DNS record● custom policy loaded in run-time from Policy
Server
Redirect in Inline Mode
Redirect in Active Sniffer Mode
Flow Control
● DPI works as a common Linux router with traffic control
● Limits traffic by TCP/UDP ports and/or IPv4/IPv6 addresses and sub-networks
● Control policy can be updated by Policy Server in run-time
Clickstream
● DPI can send or store extract of user traffic depending on custom rules
● The rules can specify values of particular HTTP headers or user addresses
● Flexible configuration of traffic extraction (clickstream)
● Traffic extraction can be compressed on-the-fly
Top Related