VAS Experts DPI
The System of Control and Analysis of Traffic
KEY FEATURES Detection of over 6000 protocols; Filtering by the registry of blacklisted websites (URL, SSL, SNI); restriction, bandwidth), compliance with access rules, Traffic caching; traffic prioritization, network load balancing and statistical information gathering. As more and more software products Protection against DoS and DDoS attacks; go beyond the workstation and corporate resources using Connection «In-line» and «Out-of-line»; cloud technologies, network performance becomes critical for Installation on the available server high productivity. DPI can recognize applications which data platforms. pass through the system and allocate required resources to each of them.
About the Product VAS Experts DPI Features Opportunities of the traffic analysis, classification, and In addition to DPI functions, the product has a number of processing in VAS Experts DPI allow telecom operators to additional integrated features. solve complex tasks of controlling the channel capacity, protection against network attacks, and compliance with The system includes traffic filtering through the registry of regulations. The system is designed taking into account the blacklisted websites in accordance with current legislation and specifics of the Russian communications market and includes meets the requirements of the state regulator with automatic a number of unique features. downloading blocking lists of URL SNI, CN, IP+PORT. The solution supports filtering by Server Name Indication (SNI), VAS Experts DPI is a deep traffic analysis platform designed blocking of HTTPS traffic on Common Name certificates and for the purposes of inspection and classification of packets blocking by «*.domain.com» mask. For greater flexibility, it is with subsequent processing according to the task facing the possible to use own black and white lists. company. VAS Experts DPI has a full set of functions for working as L3 This software solution does not depend on a particular BRAS (authorization of IPoE sessions on the RADIUS, users provider of the server hardware and it can be flexibly adapted identification by IP or by Q-in-Q label), and can also act as CG- to the business requirements. Unlike the competing solutions, NAT with support Hairpinning, Paired IP address pooling and VAS Experts DPI guarantees high performance at the very Full Cone. attractive price. The system allows to pass messages to the subscriber About Deep Packet Inspection technology (DPI) while working on the Internet or redirect to the start page. DPI is a hardware-software complex that controls the The system has built-in protection against DoS and DDoS flow of network data, identifies protocols and applications, attacks, realizes fight against TCP SYN Flood, fragmented filters by URL, prevent intrusion attempts and spread UDP Flood and supports the Turing test. Dynamic bandwidth malicious software by deep packet inspection data. DPI management with protocol priorities is supported. performs important safety functions by checking incoming packets, analyzing the code and transmitted data after VAS Experts DPI provides up to 30% savings on the uplink their disassembly and decompression, for compliance with channels and fast delivery of audio and video content through applications and services. If a malicious URL or code snippet is the caching system. Thus, caching of rutube content and other detected, the system is able to completely block it. services, popular video, pictures, Windows updates is fully available. And it also possible to control the torrents by hash DPI can also be used by service providers to provide value, which significantly reduces the torrent traffic on the subscribers different levels of access (type of use, data uplink channels. boundary of channel strip («shelf») and prioritize traffic along MAIN FUNCTIONS OF DPI protocols and directions so that low-priority traffic is forced out of the band in favor of a high priority. VAS Experts DPI or the system of control and analysis of traffic allows performing the main functions of deep packet URL Filtering filtering technology. URL filtering is the basic security function that is necessary to block unauthorized and forbidden URLs (for example, Protocol analysis and identification of applications according to Roskomnadzor lists). DPI system must be very In order to determine a belonging of data passing productive and handle millions of addresses in real time. To through the network, DPI system must be able to distinguish achieve such speeds, it is necessary to support literal strings protocols. VAS Experts DPI identifies thousands of protocols and wildcard characters. To reduce the complexity of rules that covering almost every type of application or service. It control this process, the filtering system must support URL is able to define the difference between mail protocols, normalization. including IMAP, POP3 and SMTP. Web protocols (HTTP, FTP and TCP), multimedia data types (Flash, QuickTime, Real Collection of statistical information and Windows Media), games, and others are also being VAS Experts DPI system, collecting statistical data and identified. A complex but necessary task is to define a wide generating reports, provides an opportunity to analyze user range of «web 2.0» services, tunnels, sessions, peer-to-peer traffic data by application, protocols, tariff plans, regions, types networks (p2p), messengers, VoIP for further processing of subscriber devices and other categories. Analyzing statistics and management. DPI can also extract metadata from the of bandwidth usage improves the efficiency of its use and the payload package including the attachment format, file names, quality of services provided to subscribers. phone numbers, and more. VAS Experts DPI provides several types of analytical The ability to quickly and easily update detection policies information on the Netflow protocol : without modifying VAS Experts DPI system is important for • Allocation of the band by application protocols and data centers and telecom operators. The kernel of the system autonomous systems (AS); which is responsible for analysis and identification, can be • Download of the summary information in billing by configured without rebooting the entire system. Such a reliable classes for each subscriber; DPI system, like VAS Experts DPI, should be able to detect • Download of the full Netflow according to subscribers. protocols and applications in all possible ways: The results of user traffic research can be used by the • Port detection; operator to determine the interests and preferences of • Signature detection; users which based on data of visited resources, marketing • Heuristic detection. campaigns and improving the efficiency of communication Data flow analysis (for TCP, UDP and WAP), IPv4 and IPv6 with the subscriber. Using the summary information for billing support, replacement of headers and contents of TCP/IP by classes for each subscriber allows setting separately tariffs packets based on specified rules are other features of highly upon SIP, Skype, Torrent and other traffic. efficient VAS Experts DPI system Detection of uncoordinated usage of the Internet channel by the subscriber for reselling Internet access services allows Subscriber Traffic Management to control the channel and prevent its subsidence. VAS Experts DPI system provides a high quality of service provision due to subscriber traffic management. Users receive High speed and efficiency a service that should be provided ideally: without stammering Previously DPI systems could not support the speed of or slowing down the video, with instant download of websites modern multi-gigabit networks. Delays and poor quality of and a high speed of downloading files. QoS function realized in service were serious problems. But implementation of multi- DPI system helps to provide high QoE (Quality of Experience). core processors and hardware acceleration of many important QoS function of VAS Experts DPI solves several tasks: functions made usage of DPI more practical and affordable for • Prioritization and differentiation of network traffic; mass distribution. • Ensuring an even flow of traffic; VAS Experts DPI is 1U carrier-class device capable of • Assurance of quality and speed of access to the Internet; processing tens billions of bits information in real time. • Prevention of network overloads. Without advantages of modern hardware platform, DPI To ensure that users do not notice a drop in the quality system can become a bottleneck in the operator’s transport of the connection or a decrease in the speed during peak network. hours (evening time), background applications (torrents, A powerful modern server provides a high speed of traffic file downloads, updates, etc.) by configuring prioritization in processing, but the modern VAS Experts DPI system can VAS Experts DPI get a low priority, when online-video, web- efficiently work on less expensive equipment and even be browsing, online games get higher priority. Users do not integrated into other more large network computing system. notice problems with access and remain satisfied with the What does it mean for the end customer? It does not need provided service, so telecom operator does not need to invest to understand and buy high-tech platforms. To implement all in increasing UPLINK speed. DPI functions is enough standard x86-server from corporate VAS Experts DPI allows to control approaching to the high segment. Inviolability of private life or application identification, there is no need to examine the Technology of deep traffic analysis like DPI has a great payload of the data packet. potential for abuse. Since it allows to scan all Internet traffic, Deep traffic analysis technology allows to intercept traffic, including e-mail, HTTP requests, instant messaging, some performing behavioral analysis, and to recognize applications users are concerned that citizens’ rights to inviolability that are not valuable for IS SORM-3. Information is collected of private life will be violated. For example, DPI system according to the criteria that are defined in the request. can perform traffic analysis to search and record specific Collected data can be visualized and prepared for further keywords, identification characteristics of the user and the analysis. history of using the Internet. Companies installing VAS Experts DPI on their network However, such activities are possible only in compliance must strictly follow the rules and regulations for the with the legislation, regulated by authorities and international processing of information containing personal data of users, standardization institute (ETSI, CALEA, SORM), is carried as well as their transfer to law enforcement authorities. And out only by law enforcement agencies with the permission do not violate privacy, that can have serious consequences for of the court. In addition, to obtain metadata from user traffic reputation and profit.
BASIC SCAT WORK SCHEMES INTEGRATION Different VAS Experts DPI connectivity schemes are supported: In-line: «In-line» internet DPI connects between the Edge Router and the Termination VAS Experts DPI Device (BRAS). Fault tolerance is provided by using the bypass function in Silicom cards. Asymmetric: • Asymmetric connection internet PBR function is used to implement web traffic filtering relying VAS Experts DPI on policy based routing. • «Out-of-line» A scheme of traffic mirroring is performed through SPAN ports Out-of-line: or optical splitters. VAS Experts DPI internet The system supports integration with billing and RADIUS server. BUILT-IN FUNCTIONS
BRAS CG-NAT BRAS service gateway is a new function of the system Network Address Translation function allows the telecom of control and analysis of traffic like VAS Experts DPI. This operator to share one public IPv4 address with multiple solution allows broadband operator to control subscribers subscribers, extend usage of the restricted IPv4 address access to the Internet and apply the policies of tariff plans and space, and simplify passing to IPv6 addressing. Since DPI additional tariff options. platform is designed for huge loads with deep traffic analysis, VAS Experts DPI directly interacts with RADIUS server to it can easily realize network address translation function obtain information about the authorized user, compares IP (Carrier-Grade NAT), in addition to which the customer addresses with the tariff plan and additional services that are receives a full set of standard DPI tools. defined on the billing server. • Effectively uses the limited IPv4 address space; • Authorization of IPoE sessions on RADIUS; • Complies with industry standards specified in RFC 6888, • Identification of users by IP or Q-in-Q label; RFC 4787; • Assignment and modifying policies (tariff plans and • Provides transparent operation of peer-to-peer protocols additional services) through VSA (Vendor Specific Atribute) (torrents, games); in the process of authorization on RADIUS and through CoA • Allows to limit the number of TCP and UDP ports for the (Change of Authorization; subscriber (DDoS protection); • Redirecting users to Captive Portal (blocking); • Supports functions of Hairpinning, Paired IP address • Working at L3 level; pooling and Full Cone. • Performance of VAS Experts DPI system can reach 160 To implement CG-NAT function, it is required to enable Gbit and process simultaneously up to 128 M user sessions. VAS Experts DPI in «out-of-line» scheme. To implement fault tolerance, it is recommended to install a backup platform. TECHNICAL CHARACTERISTICS OF VAS EXPERTS DPI PLATFORM
Name Measurement VAS Experts VAS Experts VAS Experts VAS Experts VAS Experts VAS Experts DPI 6 DPI 10 DPI 20 DPI 40 DPI 80 DPI 160 Performance Gbit 6 10 20 40 80 160
Ports Pcs.хGbit 6x1/2x10 2x10 2x10 4x10 8x10 4x40/2x100
Interfaces- RJ-45/SFP+ SFP+ SFP+ SFP+ SFP+ FP+/100
Dimension RU 1 1 1 1 2 3
Subscribers - 400К 1М 2М 4М 8М 16М
Maximum number of sessions 4М 8М 16М 32М 64М 128М
New sessions sessions/sec 100К 250К 250К 350К 400К 400К
VAS Experts DPI options in different variants of delivery
Cache server RADIUS event monitor Statistics and reports viewer Caches video, software updates, It is intended for transfer to the DPI Netflow collector for gathering other software and frequently system of information about assigned and displaying statistics. repeating files. The connection and released IP addresses to subscribers Supports the collection of scheme is similar to the web- in networks with their dynamic delivery. information from the DPI cluster service and does not require The component supports management of and on-line display mode. Can inclusion «in-line» and the a cluster of DPI-servers and designed to build charts and reports in provision of a proxy mode. handle traffic to 100 million subscribers. directions and protocols.
VAS Experts DPI options in different variants of delivery
Entry Base Complete
Bypass support + + +
Filtering by the register of blacklisted websites + + +
Collecting and analysis of statistics according to protocols and destinations - + +
Marking the traffic priority in accordance with the protocol - + +
Optimization of the use of external access channels - + +
Notification of subscribers - + +
Lawful interception - + +
Distribution of the access channel between subscribers - - +
Advertising blocking and replacement - - +
White list and Captive Portal - - +
Protection against DOS and DDOS attacks - - +
Network address translation – CGNAT и BRAS - - +
Caching Licensed separately
Russia, St. Petersburg, Liteiny prospect, 26, building A, office 5-23 +7 (812) 313-8815 [email protected]