Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security."— Presentation transcript:

1 © 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security Infrastructure Bob Wiest Director of Technical Services Bivio Networks

2 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 2 What is Deep Packet Inspection (DPI)? Deep Packet Inspection (DPI) is a form of filtering that examines (inspects) both the payload and the header of a packet as it passes an inspection point. Ethernet Internet Protocol (IP) Transport Layer (TCP/UDP) Email (SMTP, POP3, IMAP) Web (HTTP/S) File Transfer (FTP, Gopher) Instant Messaging (IM) Peer-to-Peer (P2P) Applications Directory Services L2L3L4L5 – L7 Packet Payload / Application LayersPacket Header Layers Deep Packet Inspection

3 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 3 CONNECTIVITY “Dumb Pipes” PERFORMANCE “Fast Pipes” POLICY Software-defined “Smart Pipes” Enterprise: Security, traffic management, VoIP, acceleration Federal: Security, Information Awareness, Information Assurance Carriers: Enhanced services The 70s/80sThe 90s 21 st Century Specific/Limited use within the fixed enterprise Explosion of the Internet Broader expansion within and beyond the enterprise and to customers and business partners Network is mission critical to business success & survivability Key Network Transformation We Have Evolved to a “Policy-Centric Network” USAGE INFRASTRUCTURE

4 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 4 A Changing Environment PastCurrent & Future Security PerimeterEnd-to-end, Perimeter, Internal Threats StaticDynamic, Changing, Adaptive Performance Requirements LowHigh PastCurrent & Future Example FW, Routing, Switching, QoS IDP/IDS, A/V, Anti-Spam, LI Configuration StaticAdaptive & Flexible Packet Overhead FixedVariable Performance LinearNon-linear IT Network: Applications:

5 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 5 New Class of Network Applications Fixed Operations Packet HeaderPacket Data Dynamic & Adaptive Operations Routers ACLs, QoS Switches Dynamic Routers Firewalls Adaptive L4 Traffic Management IDS/IPS Anti-spam Anti-virus DDoS protection Content/XML Load Balancers VoIP security, monitoring, analysis WAN/Application optimization Load Balancers Dynamic Load Balancers 1 st gen. L7 Load Balancers

6 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 6 The Problem Restated Software now a key component of next generation networks Fast hardware-defined connectivity layer conflicts with increasingly complex software-defined policy layer Addressing collision of computing and networking is essential to future network infrastructure Increased complexity, time to market, costs and risks of policy-centric product delivery are now directly impacting the ability of companies to deliver and deploy effective networking products! Low Speed LAN/WANs Bridges High Speed LAN/WANs Routers/Switches Policy-Centric Infrastructure Products Hardware Software Hardware Software Hardware Software

7 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 7 Huge Product / Market Opportunity DPI is foundation for generation networking infrastructure Market spans multiple multi-billion dollar markets Bivio actively selling into several of them –Security –Carrier DPI –Federal –Enterprise vertical markets –Security, Traffic Management L1 L2 Switches L3 Routers L4 L5 L6 L7 DPI Devices

8 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 8 A New Solution is Needed New threats drive new requirements –Flexibility and Adaptability: signatures, policies, algorithms, and configurations –Performance: no longer optional Enforcement requires inline operation Scalability of solution inherent to networking Low latency essential –Rapid Time-To-Implement: keep pace with constantly changing and evolving threats, protocols & services Deliver scalable performance with standard architecture Application Integration: Easily integrate L7 applications

9 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 9 A New Approach: The Network Appliance Platform Bring benefits of general purpose computing to high speed networking without sacrificing performance Utilize a “systems approach”: provide a complete software and hardware appliance environment Linux OS environment leverages wealth of popular L7 open source applications Operational commonality

10 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 10 Anatomy of a Network Appliance Optimized for flexibility Non-deterministic performance Highly variable Complex operations Compute/Memory-intensive “Slow path” Data Plane Control Plane Application Processing Packet Processing Optimized for throughput, latency Deterministic performance Well-defined operations I/O intensive “Fast path”

11 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 11 Logical Packet Flow & Architecture Application Processing Subsystem –High-performance Linux processors –Provides fully parallelized & redundant execution environment Fabric Interconnect –High speed communication highway –Accommodates sustained full wire-speed data rates Network Processing Subsystem –High performance packet processor –Provides comprehensive load balancing & traffic management –APIs and custom data path applications High Performance Fabric Application Processing Subsystem Network Processing Subsystem Network IF Hardware Acceleration Application Processor Programmable Packet Processor Network IF

12 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 12 Summary Emerging network applications, with security as primary driver, are making software a core component of next generation networking This collision of computing and networking requires re-examination of network infrastructure A systems based approach, fusing Linux, general purpose computing and high-speed networking offers promise to propel networking into new era Purpose-built architecture enables true wire-rate packet inspection & processing

13 Uncompromising Performance, Unmatched Flexibility ©2008 Bivio Networks, Inc. Specifications subject to change without notice. Page 13 Bivio Networks Company Snapshot Company Facts Founded in 2000 Headquartered in San Francisco Bay area Growing customer list, revenue & momentum Our Products Network appliance platforms: Bivio 7000 Series and Bivio 2000 Series Markets Served Enterprises, federal government, carriers & network service providers Our Customers Network equipment manufacturers, application developers, and strategic direct enterprises including federal government requiring deep packet processing-intensive solutions Business Model OEM, strategic direct, channel Our Investors

Download ppt "© 2008 Bivio Networks, Inc. All rights reserved. Specifications subject to change without notice. Evolution & Requirements for DPI in Network Security."

Similar presentations

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN 1 - 1 1 BCMSN Module 1 Lesson 1 Network Requirements.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN Module 1 Lesson 1 Network Requirements.
Introducing Campus Networks

Introducing Campus Networks
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc.

Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
Overview Stewart Varney Bridge IT – 304-736-2800 Wednesday April 6, 2011.

Overview Stewart Varney Bridge IT – Wednesday April 6, 2011.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Colombo, Sri Lanka, 7-10 April 2009 Multimedia Service Delivery on Next Generation Networks Pradeep De Almeida, Group Chief Technology Officer Dialog Telekom.

Colombo, Sri Lanka, 7-10 April 2009 Multimedia Service Delivery on Next Generation Networks Pradeep De Almeida, Group Chief Technology Officer Dialog Telekom.
A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.

A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.

Similar presentations

Ads by Google