1 / 9

Content Aware Networks

Content Aware Networks. Sailesh Kumar Cisco Research. Two Important Applications. Security IDS, IPS, AV, SPAM, App-firewall etc Content Based Forwarding Application Identification Protocol Analysis Field extraction (subscriber, URL, email address, etc). Two Important Applications.

constance
Télécharger la présentation

Content Aware Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Content Aware Networks Sailesh Kumar Cisco Research

  2. Two Important Applications • Security • IDS, IPS, AV, SPAM, App-firewall etc • Content Based Forwarding • Application Identification • Protocol Analysis • Field extraction (subscriber, URL, email address, etc)

  3. Two Important Applications • Security • IDS, IPS, AV, SPAM, etc • Content Based Forwarding • Application Identification • Protocol Analysis • Field extraction (subscriber, URL, email address, etc) Multi-billion $ Market Can become much bigger market

  4. Trends • Security - regex is popular • Old, outdated approach • New techniques such as machine learning (IronPort), anomaly detection, data mining etc are gaining popularity • Content Based Forwarding • Application Identification (p2p, skype, video over http) • Content based admission control (firewall) • Protocol analyzer (requires more than pattern matching) • Subscriber, content based statistics, billing

  5. Industry Trends • Vanilla regex acceleration • Vihana (Cisco supported) • Netlogic (ASIC) • LSI (Tarari acquisition) • Sensory (Software regex) • Most of these target security market • Niche markets – Xambala, GV, Nevis, Exegy, Allot, Tigerme • What about content based forwarding? • Few startups (P-Cube, Cisco acquired), Cisco products (NBAR, PISA), Juniper has some < few 100 million $

  6. Why Content based Forwarding is not Gaining Traction? • Based on discussion with real customers (BT 21CN, Savis, Telecom Italia) 1. Customer friendliness • Regular languages are not easy to use by end customers 2. Performance 3. Cost

  7. Customer Friendliness • Regex is cumbersome • Customers want ability to recognize applications • regex is not sufficient • Customers want to use important attributes of applications • URL, port, MIME mail contents, etc • Want a simple interface to specify content classification rules • Block facebook.com from all users except marketing • Block SMTP if MIME subject contains xyz keyword

  8. Challenges • We are developing a 100 Gig system for content based forwarding • A number of important issues • Create efficient rules for application recognition, data analysis • We strongly believe that vanilla regex is not the right approach • Rules should be composed of grammar, and efficient logic around it • Easy to use by customers • Extraction of critical attributes of communication • TCP normalization • Character encoding issues • Buffering issues • System architecture • Co-software, hardware design, interface, etc • Unfortunately academia has focused too much on regex

  9. For Discussion • Can we develop better mechanisms to inspect packet content? • Customer friendliness is critical • What should be do in face of encryption? • What about net-neutrality? • Cisco is interested to support content based networking research; academia can show us the right way? • University participation through www.cisco.com/web/about/ac50/ac207/crc_new/ciscoarea/content.html

More Related