Beyond Deep Packet Inspection: New Chip First to Perform "Complete" Packet Inspection, at Wire Speeds to 20 Gbps and Beyond.Breakthrough Processing Architecture Outperforms Existing Best-of-Breed Traffic Analysis by 10x; Low Cost, Low Power Enables Embedding in Any Switch - From Enterprise and Service Providers to Small Office MOUNTAIN VIEW, Calif. -- cPacket announced today a new chip that can perform "complete packet inspection" - a combination of "deep packet inspection Analyzing network traffic to discover the type of application that sent the data. In order to prioritize traffic or filter out unwanted data, deep packet inspection can differentiate data, such as video, audio, chat, voice over IP (VoIP), e-mail and Web. " plus header classification - and can do so at an unprecedented 20 gigabits per second at 6 Watts. The chip makes possible "intelligent" network switches, routers, or network devices that are able to actively analyze and respond to network traffic based upon a 100% analysis of the packet payloads as well as the headers. It offers as much as 10 times the processing performance, for one-tenth the cost, of today's extremely complex and expensive solutions. The 100-to-1 breakthrough in system cost-performance is so significant that complete packet inspection - and the intelligent network devices that it enables - has the potential to become pervasive, not only at the network perimeter, but in LAN switches, line cards, blade servers, and even in SOHO Soho (sōhō`, sə–), district of Westminster, London, England, known for its continental restaurants. Once a fashionable quarter, it became popular among writers and artists in the 19th cent. equipment. Use of the chip both in existing designs and high-value-added new products is greatly simplified by its "bump in the wire" integration model. It is supported by a simple but powerful template-based application An application that is programmed by filling in predefined fields and/or answering questions. Template-based applications provide a fast way to develop an application, but are not as flexible as custom programming. programming interface (API). Deep packet inspection is the network equivalent of United Parcel Service United Parcel Service, Inc. (NYSE: UPS), commonly referred to as UPS, is the world's largest package delivery company, delivering more than 15 million packages[1] a day to 6.1 million customers in over 200 countries and territories around the world. opening and inspecting the contents of every package entering any of their facilities, and then differentially handling each package based on its contents. For example, perishable goods PERISHABLE GOODS, Goods which are lessened in value and become worse by being kept. Vide Bona Peritura. might be identified, hazardous materials redirected, and terrorist threats contained, with accompanying alarms. Clearly such 'deep' package inspection would be a massive, complex, and expensive undertaking for UPS that could have unpredictable effects on throughput. "In the network context, it is no different," said Rony Kay, cPacket founder and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. . "Today, only applications that have tremendous financial or strategic impact - to the end users or to the service providers - can justify the cost of the capability of inspecting, analyzing and reacting to every bit in every data packet." What cPacket has done is invent a way to inspect and classify packets based on both the payload and the header, simultaneously, at "wire speed" of 20 gigabits per second and beyond. Packets that match profiles provisioned to the chip by the simple provisioning software can be counted, tagged, redirected, replicated or dropped. The patent pending architecture of the chip is such that the processing throughput is completely deterministic - that is, independent of the data - making exact throughput guarantees possible, a feature that designers and product managers will appreciate. In addition, the unique algorithm allows the throughput to scale linearly with the chip area to 40 and 100 gigabits per second (Gbps). The chip being announced today is designed for 20 Gbps aggregated bandwidth, or 10 Gbps full duplex (Computers) arranged so that the information may be transmitted in both directions simultaneously; - of communications channels between computers; contrasted with Complete Packet Inspection cPacket's complete packet inspection chip combines programmable general purpose header classification and payload pattern searching - including native support of wildcards, don't-cares, ignore-case, non anchored searches, etc. - without using any external memories or other components. With the explosion of bandwidth-hungry and performance-sensitive applications such as video, or IP telephony The two-way transmission of voice over a packet-switched IP network, which is part of the TCP/IP protocol suite. The terms "IP telephony" and "voice over IP" (VoIP) are synonymous. , and the simultaneous growth of network security threats such as worms or targeted attacks, network architects and administrators require much finer-grained control of their networks. Ultimately, they seek an infrastructure that will allow the network to monitor itself, and react to issues dynamically, like the human body's immune system immune system Cells, cell products, organs, and structures of the body involved in the detection and destruction of foreign invaders, such as bacteria, viruses, and cancer cells. Immunity is based on the system's ability to launch a defense against such invaders. reacts to changing environment or infections. Today, solutions for such "behavioral traffic analysis" and deep packet inspection in so-called "intelligent" networking equipment rely upon multiple components and parallel architectures that consume large amounts of power, and those solutions can be 10x more costly than the underlying packet switching A network technology that breaks up a message into small packets for transmission. Unlike circuit switching, which requires the establishment of a dedicated point-to-point connection, each packet in a packet-switched network contains a destination address. infrastructure. This goes counter to all other trends in the network: 1 gigabit per second ports are becoming commoditized, and a 24-port managed gigabit switch with two 10 gigabit uplinks will probably cost under $2,000 within 12 months. Clearly, adding deep packet inspection and analysis for $50,000 to $150,000 - today's price for 20 Gbps capability - is grossly out of sync with such trends. What is really needed is a pervasive solution that not only performs complete packet inspection at commodity prices in every range of equipment, but also allows active control of the traffic by that equipment. This is what cPacket has accomplished. cPacket's unique algorithms and chip architecture support on-the-fly inspection of every bit in every packet at full line rate, including worst-case conditions like minimum size packets. The fully pipelined architecture is comprised of a two-dimensional array of proprietary VLIW (Very Long Instruction Word) A CPU architecture that reads a group of instructions and executes them at the same time. For example, the group (word) might contain four instructions, and the compiler ensures that those four instructions are not dependent on each processing elements that provide predictable throughput under any traffic conditions. It is different from existing solutions that address some average "normal" behavior, but do not cope well with traffic conditions that happen in actual worst case scenarios
Worst Case Scenario is a reality show aired on TBS in 2002 in the U.S.. . For example, the cPacket chip makes it possible to analyze spikes and micro bursts that can cause intermittent network congestion In data networking and queueing theory, network congestion occurs when a link or node is carrying so much data that its quality of service deteriorates. Typical effects include queueing delay, packet loss or the blocking of new connections. and temporal TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. back-off that negatively impact end users. It can also be used for monitoring events like failed login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. attempts and for taking mitigating actions by dropping or rate-limiting specific traffic profiles. Simple template based provisioning allows users to specify complex traffic profiles without worrying about low level protocol details like chained VLANs, IP options, or non-anchored case insensitive case insensitive - case sensitivity pattern searches. Complete packet inspection enables integration of traffic monitoring, network security, test, and lawful intercept into intelligent switches and network devices. cPacket will provide the chip, software application programming interface (API), and reference designs with different physical interfaces as a complete package. Original equipment manufacturers interested in sampling the chip, or discussing subsystems based on the chip, should contact cPacket directly. About cPacket cPacket Networks is an emerging leader in chips and technologies Chips and Technologies (C&T) was the first fabless semiconductor company, a model developed by its founder Gordon Campbell. Its first product was an EGA IBM compatible graphics chip. This was followed by chipsets for PC motherboards and other computer graphics chips. that offers breakthrough, "complete" packet inspection, at a fraction of the complexity, power, or cost of preexisting pre·ex·ist or pre-ex·ist v. pre·ex·ist·ed, pre·ex·ist·ing, pre·ex·ists v.tr. To exist before (something); precede: Dinosaurs preexisted humans. v.intr. approaches. It provides manufacturers of routers, switches and other network appliances a low-impact means to easily drop game-changing, wire-speed active network traffic analysis and response directly into their existing or planned designs - whether targeted at the service providers, the enterprise, or the small office. The exploding use of networks for media-centric applications makes the availability of truly pervasive deep packet inspection timely and crucial. cPacket was founded in 2003 and is located in Mountain View, CA. For more information, visit www.cpacket.com. Editors, note: All trademarks and registered trademarks are those of their respective companies. Additional background information is available at www.roeder-johnson.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion