Slashdot Mirror

← Back to Stories (view on slashdot.org)

80 Gbps Deep Packet Inspection Hardware Announced

Posted by ScuttleMonkey on from the comcast-on-backorder-for-months dept.

An anonymous reader writes to tell us that Procera Networks is launching a new weapon on the deep packet inspection (DPI) front. At $800,000 these 80 Gbps tanks aren't going to be sitting in everyone's closet, but it could mean that more traffic shaping is on the way. "The PL10000 can handle up to 5 million subscribers and can track 48 million real-time data flows. That's certainly a potent piece of hardware, but larger ISPs will need more. That's why Procera designed the new machines with full support for synchronizing traffic flows where return traffic might be routed to a different PacketLogic machine. The machine receiving the return traffic can make the machine monitoring the outbound traffic aware that it sees the other half of a TCP/IP conversation, for example, giving the devices more accuracy than those which might only have access to one side."

10 of 185 comments (clear)

  1. Re:DPI - Encrypt by Unlikely_Hero · · Score: 2, Informative

    quite true, good points all around. One issue with the last part though, the means to find an ISP that doesn't throttle? Sure. To have that ISP be in your area...not so sure.

    --
    Happiness does not come from having much, but from being attached to little.
  2. Re:DPI - Encrypt by TooMuchToDo · · Score: 3, Informative

    https://www.relakks.com/?lang=en does exactly what you've described. I believe the cost is $10/month US.

  3. Re:DPI - Encrypt by Em+Adespoton · · Score: 3, Informative

    It should be trivial to limit any end nodes to a maximum of, say, 8 encrypted connections with unique netblocks on the destination. Any new sessions negotiated after that will automatically be given very low priority.

    Also, a TCP packet contains a lot more than just an encrypted payload: you can tell a lot about a packet from the other parts: source and destination ports, sequence and acknowledgement numbers, header length, reserved ID bits, urgent flag, ACK flag, push flag, RST flag, SYN flag, FIN flag, Window size, checksum, urgent pointer and even the options field. I'm sure that it wouldn't be very difficult to set up a bayesian detection ruleset using this data to identify what protocol is being used. The checksum and flags wouldn't be all that useful, but the port numbers, header length, window size, urgent pointer and seq/ack number progressions can be quite telling.

  4. Re:?? subscribers @ 80gbps by blhack · · Score: 2, Informative

    only 80Gbps with 5 million subscribers? Those 5 million subscribers are not all using their connections concurrently. Think about what just happened when I loaded this webpage: it downloaded a text file full of HTML/CSS/Javascript/Whatever else slashdot uses, and now it sits here while I type this comment. I'm not using my connection right now, and won't be using it again until I hit the submit button.
    --
    NewslilySocial News. No lolcats allowed.
  5. Re:DPI - Encrypt by Hal_Porter · · Score: 2, Informative

    Yeah but the connection speeds you get over relakks are lousy if you leave it running for a few hours. They probably throttle too.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  6. Re:Math is fun. by dwandy · · Score: 1, Informative

    Yeah, but 80Gbps/5 million subscribers = 2kBps. How long can you keep 5 million subscribers with speeds like that?
    forever when you're a monopoly, or at best part of a small oligopoly where everyone plays along.
    --
    If you think imaginary property and real property are the same, when does your house become public domain?
  7. Re:Math is fun. by Bovius · · Score: 5, Informative

    This is also assuming every single packet that an ISP manages goes through a single physical location. So unless Comcast routes every packet to their headquarters at the top of Mt. Doom for inspection before delivery, they're going to need a lot more of these.

  8. Re:DPI - Encrypt by InlawBiker · · Score: 2, Informative

    That's what all the new-fangle dual core CPUs are for. One to download the porn the other to watch it.

  9. Re:DPI - Encrypt by evanbd · · Score: 3, Informative

    Freenet runs over UDP with fully randomized ports. It acknowledges messages, but even the ACKs are encrypted. Window sizes are hidden behind the crypto as well. Except for the initial connection, handshaking is done by routing through previously established connections.

    I'd like to see them DPI that. The best they can do is traffic analysis and decide it looks like P2P and throttle on that.

  10. Re:Just in time! by keneng · · Score: 4, Informative

    It's not that funny. I live in China. We will even have slower traffic now. As it stands forget watching youtube. All I can get is about 30KB/s download/upload on a single connection which is barely enough to listen to internet radio. The good news is that I can have more than one connection open with other countries, but from what I understand no media players or streaming servers have this parallel 30KB/s connection capability to total the necessary 4Mbps/download for watching internet video. That's why China's "Golden Shield" works so well. In order to circumvent it, one must have tools to open multiple connections for the single purpose intended i.e. media player, web serving one large page through multiple data sending connections. Oddly enough if I connect to websites inside China I can get 4Mb/s connections. The world's internet is crippled with equipment like this in my perspective and experience already. I'm grateful I can actually express my opinion about this here. BTW for the last four to five months slashdot has had this quantserve in-your-face job ad when accessing the site. From China, it often slows down the page access and takes sometimes 5 to 10 minutes before I can read the main page. Is this normal?