Ipoque, a subsidiary of Rohde & Schwarz, has launched a deep packet inspection (DPI) engine designed specifically for IP traffic visibility in cloud computing.
The R&S vPACE cloud-optimized module uses native vector packet processing (VPP) processing to monitor virtualized and cloud-native functions (VNFs/CNFs) such as 5G user plane functions in real time.
- ipoque teams for AI and machine learning analytics
- Deep packet inspection to identify Bitcoin network activity
“The shift towards the cloud calls for packet processing technologies capable of delivering the speeds, latency and cost efficiency necessary to support growing traffic volumes and the breadth of applications hosted and delivered from the cloud. The adoption of VPP, which involves vector-based batch processing using a locally-stored vertex memory cache, significantly reduces CPU and energy consumption, allowing our DPI technology to deliver unrivaled performance and scalability in cloud and virtualized environments,” said Dr. Martin Mieth, VP Engineering at ipoque.
The vPACE combines traditional DPI techniques such as statistical/heuristical and behavioral analyses with metadata extraction and encrypted traffic intelligence (ETI) to accurately and reliably identify and classify protocols, applications, and services. Advanced ETI techniques include machine learning, deep learning, and high-dimensional data analysis. They enable traffic inspection in the cloud to be extended to encrypted traffic, including using protocols and techniques such as TLS 1.3, TLS 1.3 0-RTT, ESNI, ECH, DoT and DoH.
The vPACE engine can also handle network traffic that is obfuscated and anonymized, for example, to monitor traffic delivered via CDNs and VPNs, and traffic that is masked by randomization and domain fronting.
The engine builds on the R&S PACE2, a scalar packet processing (SPP)-based DPI engine also developed by ipoque. As well as the native vector processing, vPACE adds a comprehensive, frequently updated signature library and well-defined APIs for seamless integration. It also provides support for first packet classification using smart caching techniques.
The VPP improves DPI processing speeds by a factor of three with a memory footprint of less than 400 bytes per 5-tuple connection and 700 bytes per network endpoint. It also enables thread-safe endpoint access across multiple worker cores.
This enables network functions ranging from policy control and traffic management to analytics functions with application awareness. This allows for granular traffic rules and policies to be applied not only to applications types, but also to different services such as messaging, chat and video. It also provides cloud security tools such as firewalls, IDS/IPS and UTM with timely insights on suspicious and anomalous traffic patterns for an effective detection of cyberthreats and fraud.
Vendors can license the OEM DPI engine to significantly improve their time-to-market and future-proof traffic detection capabilities.
- DPI software to boost Wi-Fi network performance
- AI-based network protection system blocks viruses, malware
- Pipedream malware targets industrial control systems
Other articles on eeNews Europe
- TSMC looks to 2nm in 2024
- Intel shows mass production of qubits on 300mm wafers
- Learning to live with supply chain stress
- Raspberry Pi warns of bots as supply still tight
- Russia in $38bn electronics plan