Slashdot Mirror
80 Gbps Deep Packet Inspection Hardware Announced
An anonymous reader writes to tell us that Procera Networks is launching a new weapon on the deep packet inspection (DPI) front. At $800,000 these 80 Gbps tanks aren't going to be sitting in everyone's closet, but it could mean that more traffic shaping is on the way. "The PL10000 can handle up to 5 million subscribers and can track 48 million real-time data flows. That's certainly a potent piece of hardware, but larger ISPs will need more. That's why Procera designed the new machines with full support for synchronizing traffic flows where return traffic might be routed to a different PacketLogic machine. The machine receiving the return traffic can make the machine monitoring the outbound traffic aware that it sees the other half of a TCP/IP conversation, for example, giving the devices more accuracy than those which might only have access to one side."
At almost a million dollars a pop, is it really saving money for ISPs to use these? How many would a major ISP need to shape all of their traffic?
in a few years when every client does opportunistic point-to-point encryption. We are headed that way, right?
No, but if they wanted to be pricks they could identify p2p users and give THEIR encrypted traffic a very low priority.
Even if you ran with full encryption and encrypted the communication with the tracker it's still trivial to identify you as a p2p user -- not many VPNs make connections with dozens (or hundreds) of remote hosts.
The only way around that would be to VPN somewhere and use that VPN link to pass all your p2p traffic -- but if you have the means at your disposal to set that up then you likely have the means to find an ISP that doesn't throttle your p2p traffic.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Surely that money could be better spent improving their capacity by purchasing new equipment with better signaling methods or even extra lines rather than on equipment to inspect and shape (i.e. selectively throttle) traffic?
Even if improving the capacity costs a fair bit extra the space for more customers at higher speeds and more consistent service for existing customers will surely increase their profits by offering more than their competition right?
How much of this advertised speed is more or less advertising hype more than anything else??? We all know what it takes to do packet inspection and rules table lookups, so to me, this number seems a bit on the hyped up side...
Anyone else getting this same riff??
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
$800,000/5 million subscribers = $0.16 per subscriber.
Expect to see the surcharge in your next bill!!!
If my ISP is going to inspect my packets to the point of identifying their content as p2p, then they should be 100% responsible for any and all illegal activities I may or may not conduct on their connections.
The entire concept of the DMCA safe harbor clause was founded on the understanding that it would be virtually impossible for providers to monitor and filter illegal or unlawful activities and data. However, now it has become perfectly reasonable that they can identify and reroute or slow this traffic. This clearly nullify's the safeharbor provisions.
The ISP's need to realize they cant have it both ways.
If sharing a song makes you a pirate, what do I have to share to be a ninja?
It looks like a disaster in a box to me: not only does it allow anyone with the price of the machine to monitor and inspect each and every packet you exchange, it also is capable of destroying the legal protections that ISPs currently enjoy.
The ISPs are treated like common carriers and are exempt from many liabilities because they carry all traffic equally and don't know or control the content of that traffic. Now that they're insisting that they need to "prioritize" some traffic at the expense of others, monitor and drop traffic because of its content, and are installing machines like these that further refine their ability to monitor and control what traffic you'll be allowed to transmit - well, their "safe harbor" exemptions are based on them not doing any of this.
Just the existence of this machine will be the undoing of many...
when you simply pass traffic as you get it, you can avoid paying (in real dollars) for equipment that looks inside.
;(
you can avoid the network management complexity if you simply let networks 'work' as they always have.
are you running into a lot of dropped packets? simple: you are over-selling. there is an EASY way to fix that.
oh, and an evil way. guess which one most ISPs and large public networks pick?
by the time you factor in the cost of the snooper silicon, all its overhead and the training/support overhead, I argue that simply just upping the network pipes would have been cheaper and generated more goodwill and user satisfaction.
sometimes, I am in disbelief as to why the most simple solutions are side-stepped in favor or more expensive and more complicated ones!
charge for bit-rates, but please stop trying to carve them out into sub-channels. its wrong, its against the whole idea of a shared network (up and down the layers) and people will still try to find ways around your 'ways'. its an arms race. HOWEVER, if you stop the arms race and simply let people pay for their rate of data, you avoid all this nonsense.
the simple solution evades. yet again. why am I not surprised
--
"It is now safe to switch off your computer."
I'll bet in the war against p2p, making p2p data look like normal "priority" data is going to be far easier, and far cheaper than the ISPs trying to identify and block/slow the data they don't like. Consider that hiding p2p data takes one person with a keyboard and some smarts. In a month this guy will work around any solution the $800K machine guys have put together, and the next machine will be 8 million dollars to do the same job.
Encryption? Just the first salvo. Others have pointed out that p2p makes a lot of connections. That's fine, just create a secure queuing system where people wait their turns (and don't have multiple data streams). Or, a repeater system where you get one or two data feeds in, and feed to one or two other people. There's no reason why a p2p system has to have 50 different connections to different people. Start looking at the data itself and see if it's http-like? Okee-doke, just create an http wrapper around your data so it looks like http. These are just the dumb ideas I came up with on the fly. Real solutions would be a lot better.
This kind of asymmetric "war" has been fought before, namely with copyright protection in the 80s. The result? Cracked programs are more valuable than non-cracked programs (oh, and all copyright protection schemes were cracked)
In a system with untrusted intelligent nodes, you can't really create a priority system without some people making their non-priority data look like priority data. The internet was designed for the end nodes to be smart, and the network to be dumb. (The exact opposite of the phone system). It seems to me this is just a basic design principle of the internet.
AccountKiller
With IPsec, they won't even be able to see what protocol is being used. The more we use IPsec for everything, the less these things will look like an attractive way to spend money that would otherwise go to expanding capacity.
now we need to go OSS in diesel cars