Application Deployment Featured Article

Perform Deep Packet Inspection at Gigabit Speeds without Specialized NPUs

January 09, 2013


With rapidly increasing data plane load from mobile devices, cloud storage, and cloud computing on network servers, the need for deep packet inspection (DPI) also increases as a means of providing encrypted data security for all information passing across a network. In fact, according to appliance deployment expert NEI’s (News - Alert) director of Field Engineering Austin Hipes, “Data encryption is now an important part of people’s everyday lives at home and at work, whether it’s a family member backing up information from a personal laptop to a cloud tablet.” 

In part two of a five part series on DPI, the author says that DPI and data  encryption are typically linked together in the encryption-driven network services. As per the explanation, DPI is used to encrypt and decrypt data in real-time on the network to analyze packet contents and determine the appropriate routing based on intelligent traffic and security rules. 

According to Hipes, in the past the only way to perform high-performance DPI and encryption was to use network processing units (NPUs) that were specifically designed for this application. The explanation indicates that NPUs are commonly found in network devices ranging from network monitoring systems and session border controllers to intrusion detection and prevention systems (IDPS).  Besides using one or more NPUs, many platforms also provide complete system-level functionality for the control plane by incorporating CPU-based server hardware.

Although NPUs offer some advantages when performing DPI and encryption, they also have several key disadvantages. For instance, Hipes wrote that NPUs incorporate proprietary architecture that makes programming these devices difficult, requiring specialized skills. In addition, the code required for NPU programming is not compatible with the networking hardware code. Aside from dramatically decreasing system flexibility, it also means that two separate programming teams –one for NPU software and the other for CPU—are required any time these systems must be commissioned or modified.

“Coordinating these two unique teams can pose a real challenge to system owners and operators,” adds Hipes.

Furthermore, the NPUs complicate the design of hardware systems and significantly increase the cost. In part one of this series, the author shows that OEMs can overcome the challenges presented by NPUs with an optimized server platform from Intel (News - Alert). The communications infrastructure offers network security performance at multi-gigabit speeds without the need for NPUs.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.

Edited by Jamie Epstein
  • Featured Podcast
    UNICOM Engineering Podcast Featuring Austin Hipes, vice president of technology at UNICOM Engineering

Featured Case Study

UNICOM Engineering Helps Bandura®, a TechGuard Security® Company, Expand Globally
Bandura® is a wholly owned subsidiary of Techguard Security®, which provides technologies and services that protect critical networks from cyber attack. Its flagship product, developed by TechGuard, is the PoliWall® appliance, a hardware device that sits between firewalls and edge routers to stop threats at the network edge by blockingmalicious traffic...

Featured Webinars

Featured Datasheets

S-1600 R3 High Reliability, Single CPU Systems
UNICOM Engineering’s S-1600 R3 offers high-reliability in a single CPU package...

E-1800 R3 - High-Reliability, Medium-Density Communications Systemss
UNICOM Engineering’s E-1800 R3 communications appliance delivers the industry’s best combination of high-performance and high-reliability for medium density applications...

N-2500 R5 - Next Generation Carrier-Class Application Platform
UNICOM Engineering’s N-2500 R5 Carrier Grade Server combines performance, ruggedness, reliability, and long life in a NEBS-3 and ETSI-compliant 2U chassis...

Popular Articles