Slashdot Mirror

← Back to Stories (view on slashdot.org)

80 Gbps Deep Packet Inspection Hardware Announced

Posted by ScuttleMonkey on from the comcast-on-backorder-for-months dept.

An anonymous reader writes to tell us that Procera Networks is launching a new weapon on the deep packet inspection (DPI) front. At $800,000 these 80 Gbps tanks aren't going to be sitting in everyone's closet, but it could mean that more traffic shaping is on the way. "The PL10000 can handle up to 5 million subscribers and can track 48 million real-time data flows. That's certainly a potent piece of hardware, but larger ISPs will need more. That's why Procera designed the new machines with full support for synchronizing traffic flows where return traffic might be routed to a different PacketLogic machine. The machine receiving the return traffic can make the machine monitoring the outbound traffic aware that it sees the other half of a TCP/IP conversation, for example, giving the devices more accuracy than those which might only have access to one side."

12 of 185 comments (clear)

  1. Just in time! by courteaudotbiz · · Score: 5, Funny

    Just in time for the olympic games!

  2. $800,000? by Bovius · · Score: 5, Insightful

    At almost a million dollars a pop, is it really saving money for ISPs to use these? How many would a major ISP need to shape all of their traffic?

    1. Re:$800,000? by Deadplant · · Score: 5, Insightful

      Seriously.
      Spend the money on a couple more 40Gb fiber lines instead.

    2. Re:$800,000? by sgt+scrub · · Score: 5, Interesting

      Better yet, force the telco's to put up the fiber networks they were awarded huge tax cuts to put up! They don't have bandwidth problems they have accountability problems created by the RIAA et el backed by people desperately trying to find a way to sensor the net.

      --
      Having to work for a living is the root of all evil.
  3. DPI - Encrypt by Unlikely_Hero · · Score: 5, Interesting

    DPI has only one option when presented with encrypted information however (at least afaik). Give the packet a low priority or pass it through normally (of course, it could also drop it entirely but doing that as a rule would be problematic to say the least). So it would be possible to force a bet. Can the ISPs afford to give encrypted traffic a very low priority?

    --
    Happiness does not come from having much, but from being attached to little.
    1. Re:DPI - Encrypt by Shakrai · · Score: 5, Insightful

      Can the ISPs afford to give encrypted traffic a very low priority?

      No, but if they wanted to be pricks they could identify p2p users and give THEIR encrypted traffic a very low priority.

      Even if you ran with full encryption and encrypted the communication with the tracker it's still trivial to identify you as a p2p user -- not many VPNs make connections with dozens (or hundreds) of remote hosts.

      The only way around that would be to VPN somewhere and use that VPN link to pass all your p2p traffic -- but if you have the means at your disposal to set that up then you likely have the means to find an ISP that doesn't throttle your p2p traffic.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  4. Re:A waste? by Kartoffel · · Score: 5, Insightful

    Investing in more capacity means a linear increase in customers and profits. Investing in network anti-neutrality, OTOH, means new and lucrative pricing structures for various services. They're just putting money where it stands to return the greater profit.

  5. I've decided: this is evil. by TheGratefulNet · · Score: 5, Interesting

    think about the original definition of ethernet and of IP, in general.

    in general, it was setup to pass packets and ideally to keep them in the same order and not drop them. beyond that, the upper layers (tcp and udp) did any higher level functions.

    this worked! for the longest (damned) time, it worked.

    and now, ISPs (and large networks) are starting to try to break out the 'cable is a bunch of bits' into discrete 'services' and then try to re-order things, drop things, queue them differently or somehow treat things non-uniformly.

    I think this is Evil(tm).

    I've been in the networking field for a few decades (really) and I've seen traffic shaping (what a euphemism, btw!) try to argue its case over and over again. but I keep getting back to the basic design principles of ethernet (csma-c/d) and tcp/udp-ip and when you have large enough pipes, you don't NEED a 'fast lane' or diamond lane, so to speak. it just mucks up the works, makes things harder to design and manage and really isn't helpful since you still need large pipes and all the shaping in the world won't CURE that, it only DEFERs things. that's not a cure.

    data should be 'opaque' and first-come first-served. equal access. standard layer (phys, dl, network) rules should still apply.

    ISPs who employ shaping are simply RIPPING OFF customers from their rightful bandwidth and also passing along the COST of the packet snooping hardware to us, the users. (don't think they'll just spring for the hardware on their own; they'll pass the costs of this stuff to us, to be sure).

    I think its evil. once you look at it from enough angles, you see that its not at all a good thing.

    --

    --
    "It is now safe to switch off your computer."
  6. I've said it before, I'll say it again by Aranykai · · Score: 5, Insightful

    If my ISP is going to inspect my packets to the point of identifying their content as p2p, then they should be 100% responsible for any and all illegal activities I may or may not conduct on their connections.

    The entire concept of the DMCA safe harbor clause was founded on the understanding that it would be virtually impossible for providers to monitor and filter illegal or unlawful activities and data. However, now it has become perfectly reasonable that they can identify and reroute or slow this traffic. This clearly nullify's the safeharbor provisions.

    The ISP's need to realize they cant have it both ways.

    --
    If sharing a song makes you a pirate, what do I have to share to be a ninja?
  7. Re:Math is fun. by D'Sphitz · · Score: 5, Insightful

    assuming every single subscriber is using his connection continuously 24 hours per day, not even stopping to so much as read a webpage or an email ...

  8. Re:Math is fun. by Bovius · · Score: 5, Informative

    This is also assuming every single packet that an ISP manages goes through a single physical location. So unless Comcast routes every packet to their headquarters at the top of Mt. Doom for inspection before delivery, they're going to need a lot more of these.

  9. Re:Math is fun. by gnick · · Score: 5, Funny

    Yes, 2kBps would be the available average bandwidth. So, assuming that nobody is running p2p software, downloading pornos, or retrieving linux isos, the available peak bandwidth would be much higher. But that would mean that you'd have to advertise speeds that you can't provide during high-demand times and hide a "we'll provide whatever we feel like providing and you'll have to keep paying for it whether you're satisfied or not" clause in the contract. Would any ISP ever stoop so low as to try something like that?

    --
    He's getting rather old, but he's a good mouse.