According to Rohit Mehra, Vice President, Network Infrastructure, IDC, "the emergence of SD-WAN technology has been one of the fastest industry transformations we have seen in years1."The high growth potential of the SD-WAN market means that competition is high among solution providers. They need to add value to their solutions in order to differentiate their offerings and gain a competitive advantage. One way to do this is to bundle features based on Software-Defined Networking (SDN) and Network Function Virtualization (NFV) technologies into a wider SD-WAN offering. However, the success of these offerings depends on the ability to provide the solutions with a detailed understanding of network traffic through access to application-level and user-level visibility. The only technology capable of delivering such a granular view is Deep Packet Inspection (DPI). By providing detailed information about IP flows and their content in real-time, a DPI engine creates visibility that is essential to the delivery of more responsive and precise SD-WAN functions.
Support for uCPE: the must-have feature
The move towards virtualized architectures has created additional requirements, notably support for uCPE, which is essential for reducing total cost of ownership and the ability to deliver features such as Virtual Network Functions (VNFs). Any SD-WAN solution must therefore be able to function seamlessly across uCPE as well as dedicated hardware to cover all deployment scenarios. This means that embedded DPI engines must also support different runtime environments, including small, low-cost, access devices.
Encryption: it doesn’t have to be an issue
An increasing proportion of flows on IP networks, especially Internet traffic, is now encrypted. By definition, a DPI engine cannot read a packet payload that is encrypted. However, some DPI experts have developed advanced techniques such as statistical flow analysis, session prediction, peer matching, and certificate inspection that work around this and allow encrypted flows to be classified. Classification of these flows mean that value-added SD-WAN features such as traffic optimization, policy enforcement, and user experience are largely unaffected by encryption.
The Qosmos Division of Enea is a specialist in DPI technologies. Using techniques developed specifically for the classification of encrypted traffic, the following flows can be classified:
HTTPS/SSL encrypted flows
Encrypted P2P protocols like BitTorrent
Applications that use their own encryption protocol like Skype. Qosmos can also identify services like VoIP and chat within Skype by using statistical recognition.
Session prediction based on DNS cache
DPI: build vs. buy
One of the top questions facing developers of SD-WAN solutions is whether to build a proprietary DPI engine or to buy one from a specialist? In the end, it all comes down to cost and accuracy. Building an effective DPI engine is a highly specialized task. It requires the right kind of technical expertise, dedicated resources and a lot of time. However, and perhaps more importantly, achieving and maintaining the required level of accuracy as time goes by is a mountainous task. Applications and protocols constantly evolve so that over the long term, the number of hours required to maintain a fresh DPI solution far exceeds those required to build it in the first place.
By outsourcing DPI technology, development teams are free to concentrate resources on SD-WAN functionalities and performance while providing solutions with the most advanced DPI technologies available. In addition, sourcing a ready-to-use DPI engine component from a specialist gives access to a comprehensive protocol library that is regularly updated with new signatures and classification techniques, ensuring the highest level of network visibility at all times. Time-to-market for SD-WAN solutions is accelerated while development and maintenance costs are reduced, resulting in more effective management of overall operational expenditures.
What to look for in a DPI engine?
Certain DPI engine characteristics have a higher impact on the performance of SD-WAN solutions than others. The following is a list of key characteristics to look for when choosing a DPI engine:
Number of protocols and applications that can be identified
Ability to integrate custom signatures
Extraction of application metadata and number of metadata available
Ability to analyze traffic in real-time at any connection speed
Ability to classify and keep track of all network flows by application and user
Volume, delay and jitter provided per application, user and network link
Support for SDN/NFV environments by using a flow-based approach to cover traffic going across both physical and logical interfaces
Support for a wide range of run-time environments, from uCPE to appliances
Availability of actionable security information in real-time (e.g. automatic identification of fake or corrupted files)
Availability of computed statistics in real-time (e.g. MOS for VoIP)
For further reading, download the whitepaper “Adding Value to SD-WAN with DPI”.
This is Part 2 of the full article on "Gaining a Competitive Advantage in SD-WAN - The Role of DPI". Read Part 1: How to Gain a Competitive Advantage in Fast Growing SD-WAN Market' here.
About Qosmos Technology
Qosmos is the DPI Division of Enea and is totally focused on Deep Packet Inspection (DPI) technology, continuously monitoring protocols, reverse engineering new protocols and regularly delivering updates to ensure the highest possible traffic visibility for customer solutions.
Enea’s leading DPI-based classification and metadata engine, Qosmos ixEngine®, recognizes over 3100 protocols, more than any other DPI library on the market. Delivered as a software component, it is used by development teams at equipment manufacturers, solution vendors, and systems integrators to integrate DPI capabilities into their solutions. It can be used in all environments: physical, virtualized and SDN architectures.
Qosmos ixEngine is easily integrated into uCPE solutions by supporting DPDK and OVS for fast data capture and uses standard variables such as ConnTrack App ID and NSH to enable real-time service control. Designed with developers in mind, Qosmos’ software libraries are easy to embed into third party products and solutions.
For more information on Enea’s Qosmos DPI technology: www.qosmos.com.
Enea develops the software foundation for the connected society. We provide solutions for mobile traffic optimization, subscriber data management, network virtualization, traffic classification, embedded operating systems, and professional services. Solution vendors, systems integrators, and service providers use Enea to create new world-leading networking products and services. More than 3 billion people around the globe already rely on Enea technologies in their daily lives. For more information: www.enea.com.