|
 |
|
General Information
|
Add To My Personal Library |
October 26, 2007
• Vol.29 Issue 43
Page(s) 25 in print issue
|
Fast Packet Inspection vs. Deep Packet Inspection
Different Approaches To Network & Application Performance
|
Jump to first occurrence of: [WEISMAN]
Traffic on an enterprise network mirrors traffic on a Los Angeles freeway. An hour-long drive during the weekday rush hour can take 15 minutes early on a Sunday morning. Bottlenecks result from people driving significantly slower than the speed limit (typically in the left lanes) or slowing down to rubberneck at a fender bender. And 18-wheelers share the road with motorcycles, Ferraris, pre-Nissan compacts, and just about any other four-wheeled engine-powered vehicle imaginable.
Unlike L.A. traffic, IT admins can manipulate their networks so that the SAP application gets higher priority and consequently more bandwidth than the latest version of Halo; an ecommerce Web site obtains extra bandwidth during busy shopping hours; and C-level executives always get priority over lower-level employees, among other examples. IT administrators are able to manage this traffic through a combination of network and application performance and acceleration appliances and software.
But which appliance solution to choose? Appliances take different approaches to network packet inspection. Deep Packet Inspection, or DPI, goes beyond traditional packet inspection by monitoring all the data contained in the packets, as well as the packet headers. Although DPI has been traditionally used to monitor data for security purposes, such as in firewalls, DPI can handle other tasks, including application acceleration and traffic management, says Vishal Sharma, principal consultant at research firm Metanoia.
Fast Packet Inspection, or FPI, looks at packet headers and certain protocol-specific details, such as HTTP or TCP layers, and offloads certain tasks from the actual application servers to free up the server CPU to focus on more mission-critical applications and allow more simultaneous sessions, Sharma says.
 Fast Equals Efficient
Streamcore (www.streamcore.com), a provider of application acceleration and performance solutions, uses the FPI approach in designing its appliances and StreamSense 5.0 platform. Eric Jeux, Streamcore’s CEO, asserts that the company’s ABBA (Application Behavior-Based Acceleration) engine offers users both visibility and control in a single solution. According to Jeux, Streamcore spent two years doing R&D to create an easy-to-install intuitive solution that is automated and adaptive. The FPI model provides users with whatever the user considers to be the relevant information needed on a reporting or real-time basis to determine application priority in an efficient manner.
According to Jeux, DPI-based appliances give users too much information. “It’s overwhelming, and oftentimes you’re getting information on applications you don’t need to know about,” Jeux says. “DPI translates information that leads to hours or even weeks of work. It may be good for an audit, but it isn’t efficient for network management.”
For his part, Yankee Group analyst David Vorhaus says that enterprises increasingly are trying to get their networks to do more with the same amount of resources. “They don’t want to have to pay to get to build out their network any further and pay for a lot more bandwidth capacity. What Streamcore and others can do is once you know exactly what’s going on in the network, then you can reliably target certain types of traffic, certain applications, or even certain users and attach hierarchy or quality of service to that traffic to make sure that the absolute mission-critical stuff is getting pushed to the front of the queue,” Vorhaus says.
Is There Really A Difference?
Although he likes the concept of FPI and believes that a lot of potential exists for it, Vorhaus says Streamcore is using FPI as a marketing term for what is in essence DPI solutions because Streamcore’s engine for inspecting packets seems to be the same as those used in DPI solutions.
“I’m sure that [Streamcore] would point out that there is a speed differential and other slight differences, but otherwise it’s pretty much one-to-one,” Vorhaus says. “The concept of automated service control for specific applications or even for specific subscribers in a service-provider environment is something that most deep packet layers are doing, as well.”
For his part, Metanoia’s Sharma does differentiate between FPI and DPI, adding that true DPI is still too pricey in terms of cost and power consumed to be applied to application acceleration. However, Sharma says there are a slew of companies working on reducing DPI’s cost so that it may be applied to a multitude of tasks, including application acceleration, and so that IT managers can use the minimal number of appliances to achieve their security and performance goals.
Sharma goes on to say that FPI-capable devices have taken on computing-intensive tasks associated with SSL processing, including IPsec cryptographic operations, compression, or protocol-splicing for TCP for server load balancing, among other actions. These devices “can produce gains in performance [between three-fold and 10-fold], relative to having the servers themselves do these tasks, a significant gain indeed,” Sharma says.
A Crowded Space
Sharma says he is aware of several companies offering application acceleration solutions that use FPI or something straddling between FPI and DPI technologies, in addition to Streamcore. Bivio Networks’ 2000 and 7000 Series (www.bivio.net) lean more toward using DPI for application acceleration while attempting to keep their costs comparable to typical appliances. Two other companies, Cavium Networks (www.caviumnetworks.com) and Tarari (www.tarari.com, which LSI Logic recently acquired) make specialized processors that are bundled with other vendors’ products, such as firewalls and filtering devices.
For his part, Vorhaus recommends several smaller players that make application acceleration solutions, including Procera Networks (www.proceranetworks.com), Allot Communications (www.allot.com), and SandVine (www.sandvine.com), along with Cisco Systems (www.cisco.com), which purchased P-Cube in 2004 for its Service Control Engine. In addition, Vorhaus recommends Anagran (www.anagran.com) routers as an alternative to other solutions. Using what the company calls its Fast Flow Routing Architecture, Anagran’s routers work by directly influencing the path of packets. 
by Robyn Weisman
DPI, FPI & Now CPI?
Metanoia’s Vishal Sharma says that a startup company called cPacket Networks (www.cpacket.com) recently announced a new processor with a unique architecture that performs Complete Packet Inspection, or CPI. According to Sharma, cPacket’s devices execute DPI at 10GBps; however, unlike competing architectures, cPacket’s processor consumes only six watts of power, which the company claims is a 100-fold cost performance improvement over current solutions.
“[cPacket] intend[s] to have [its] device be used by all kinds of big and small appliance and switch-router companies, so that DPI can become the de facto way of doing” application acceleration and network performance tasks, says Sharma. “Of course, this remains to be seen.”
|
|
|
