Go Deep or Get No Sleep (by Tim O’Neill)
Editor Profile - Tim O’Neill is an independent technology consultant. He has over 30 years experience working in the WAN, Analog, ISDN, ATM and LAN test market. Tim has worked with companies like Navtel, Network General, Ganymede and ClearSight Networks and is now helping companies get lab recognition and technology verification. Tim is also the Chief Contributing Editor for LoveMyTool.com, a website designed to help network managers gain access to valuable information and real solution stories from other customers. Tim is a patent holding, published and degreed engineer, who has seen this technology grow from Teletype (current loop) data analysis to today’s 10 Gigabit LAN’s focused on business applications with heavy compliance demands. Tim can be reached at oldcommguy (at) bellsouth (dot) net.
One-Minute Videos courtsey of ConvergeDigest.com
Are you interested in Deep Packet Capture and Inspection, as every Network Manger should?
Then I have a site for you to visit to get and share great information, dPacket.org!
I recently had the pleasure and opportunity to meet with Kyle Rosenthal who is the co-Founder of a unique and very important information site, dPacket.org. This site was created to focus on the technologies and products related to Deep Packet Inspection (DPI) as well as Deep Packet Capture (DPC), both of which are very important for successful network management in today’s security and compliance intensive markets.
dPacket.org brings together many important resources to help in the thorough understanding of these demanding technologies as well as a blog/community for deeper exchange of information, ideas, success stories and much more.
The following review is a quick tutorial of DPI/DPC as well as an introduction into the valuable resources that dPacket.org provides which will help you increase your knowledge in this leading edge technology that is and will be a major part of the network future, your network future! Great reading….
Getting to Know Deep Packet Inspection and dPacket.org
The concept of Deep Packet Inspection (DPI) - defined as technologies that peer into the packet payloads (not just the headers) - often conjures up Orwellian images of censorship, surveillance, government and information control. The fact is that DPI engines make possible many of the products and features currently being deployed on networks today already. For example, intelligent switches and routers, next generation firewalls and load balancers, traffic analyzers, IDS/IPS, and leakage prevention all depend on DPI in some fashion.
The notion of networks having a deeper understanding of the contents running through them might seem strange to some, but it signals the dawn of a new era of intelligent networking for others. In truth, the potential for DPI probably lies somewhere between these two extremes. The purpose of this article is both to raise awareness of some of the benefits and challenges facing DPI, and to introduce a new organization called dPacket.org that creates a central resource to provide information, collaboration, and transparency on DPI-related topics.
In my previous career and now as the editor for LoveMyTool, and an Oldcommguy, I have had the unique opportunity to focus on the analysis of many network monitoring tools. Many of these tools now offer great benefits in part by achieving application-level context through DPI and deep packet capture (DPC).
These tools are created because packet headers alone simply don’t provide the information that many network operators need to address the security and performance issues plaguing their networks. DPI is proving to be a powerful tool to address malware threats, intellectual property theft, application quality of experience (QoE) issues, and more. Service providers are looking to DPI to offer service visibility and control; among the many reasons are P2P management, lawful intercept, tiered services, content-based billing, and advertisement targeting and injection.
Having researched many companies, products, and features, I see DPI emerging as a highly relevant and reoccurring theme, whether or not it has specifically been called DPI. And, to quote from dPacket.org, "DPI faces a comprehensive set of challenges—technical, operational, ethical, legal."
A list of challenges might look like this:
- Clarify what DPI means to the different people who are using it or plan to use it?
- What meaningful methodologies can be used to benchmark DPI-based functions?
- Where can the market benefit from standards and common taxonomies for DPI?
- Where does DPI belong, how should it be used, and how can we curb abuse?
- How do internal policies and external regulation change to address the presence of DPI?
So, why should we use dPacket.org to address such issues?
dPacket.org was founded by industry insiders who recognize that DPI has a broad group of stakeholders, and the comprehensive challenges presented by DPI will benefit from a central resource, broader discussions, and added transparency. It is a place where we can share our knowledge and experiences. dPacket.org is well funded from industry leaders not as a closed trade association, but as an open user-driven community with the intention of gaining 501(c)(3) status as an educational and scientific resource.
This means that 1) anyone can get involved, 2) dPacket.org has lobbying restrictions, 3) dPacket.org can only be transferred to another 501(c)(3). So while dPacket.org is industry funded, it is certainly designed to be a fair minded and independent organization. Kyle Rosenthal and Axel Weichert, who started dPacket.org, describe the site as “part technical resource, part community forum.” Kyle also stated:
“We are excited that our sponsors and organizations like LoveMyTool recognize the value that dPacket.org can deliver and are very encouraged by the level of involvement and interest we are receiving. Many DPI companies realize that the market is growing rapidly and that a central and open effort to address the challenges presented by DPI is an essential part to assure the technology delivers on its full potential and provides both economic and social benefits. January and February were our first two months live and the site is up to more than 150 unique visitors a day. I am hoping to see over the next six months the development of a more collaborative community with a broad representation of stakeholders.”
dPacket.org offers users the capability to blog, post articles, collaborate in groups, and comment on the content made available on the site. Currently, the site is filled mostly with useful vendor provided contents, but I expect we’ll start to see the addition of more contents from academia, service providers, interested citizens, and organizations like LoveMyTool as the site grows. For example, the site has an interesting article on network neutrality from Jon Peha at Carnegie Mellon.
I hope that this article has opened your eyes and has sparked your interest into this fascinating technology arena. This era of compliance, security with the ever increasing demand for the required depth of analysis and evidence requirements is the root of the need for DPI and DPC. The days of just troubleshooting your network by reviewing a few captured traces has gone and been replaced with the need for storing lots of frames for review as well as for evidence is here, today!
When one thinks of capturing and reviewing not just a few minutes but perhaps months of data, especially at the Gigabit speeds of today it stagers the mind but with DPI and DPC it can be done and done efficiently. dPacket.org is here to help us all find support and information to be successful as network managers and engineers as well as educate the upper management of the requirements. Be sure to check out dPacket.org and let me know what you think!
I wish everyone Great Success, My Best….Oldcommguy
Comments