ipoque’s deep packet inspection (DPI) technology has been developed largely to provide networking and cybersecurity vendors with highly scalable and reliable traffic filtering and classification capabilities. Our suite of DPI solutions is designed for both telecom and enterprise networks, and cater to all types of environments – traditional, virtualized and cloud-native. Today, our renowned DPI engine R&S®PACE 2 is a key component in many market-leading networking and cybersecurity solutions.
R&S®PACE 2 is essentially a DPI library that can be integrated into a device or appliance, or deployed as a virtualized function on a virtual machine. The DPI software is platform-agnostic which means it runs on any platform.
ipoque reaches an important milestone – DPI engine R&S®PACE 2 is now leaner than ever
As traffic pressures continue to push network managers to dig deeper into their traffic data for real time granular insights, we see solution vendors seeking visibility tools that not only deliver real time application visibility and threat awareness but are also high-performant and have minimal latency implications. More critically, vendors expect additional computing or memory overheads introduced by these tools to be minimal, so that their solutions remain light and efficient.
To ensure that our solutions are aligned with the demands of our customers, we have recently made a major leap in the development of our DPI engine R&S®PACE 2 that paves the way for a leaner and faster engine. We successfully reduced the minimum build configuration of R&S®PACE 2 to 3.5MB, making R&S®PACE 2 the industry’s first fully-fledged DPI engine to achieve this milestone. It also marks a major achievement in lean software development as it reduces the engine configuration by almost a fourth of its original build.
What are the main benefits of reducing the minimum build configuration?
The new 3.5MB minimum build configuration comes with some significant benefits, primary of which is a reduction in the engine’s storage requirements. This reduction in space usage translates to fewer overheads and easier installations, downloads and migrations. For large-scale implementations, this can speed up deployment, as there are fewer components to integrate, test and debug. It also improves the day-to-day performance of the DPI software, with faster startup times, less resource contention, fewer memory bottlenecks, reduction in disk I/O activities and efficient caching. A smaller build of the DPI software also means fewer dependencies and hence, less errors, troubleshooting and fixes. It also requires less monitoring. More importantly, these improvements are achieved without sacrificing speed or incurring additional memory requirements.
This latest innovation also demonstrates the software’s configurability and versatility in meeting emerging use cases. While we have been gradually reducing the build configuration over the years, the strong push from one of our customers who needed a breakthrough improvement to cater to highly-demanding application scenarios resulted in the acceleration of our efforts in this space.
Beefing up performance and security of embedded devices with lean DPI
Given that R&S®PACE 2 comes with multi-architecture support, the reduced minimum build configuration is expected to benefit embedded devices across the board, covering processing architectures such as ARMv7, ARMv8, Cavium, MIPS32/64, x86 and PowerPC. Layer 2/Layer 3 switches and routers that include DPI capabilities can now perform faster while sporting a smaller footprint. When deployed in LAN networks, these improvements enable traffic filtering to be localized, which speeds up policy enforcement at the customer end. Having DPI on the customer premises enables network managers to mete out application-level policies based on QoS and QoE requirements such as prioritization of enterprise applications against regular web browsing traffic by employees.
Various other types of embedded devices benefit from these DPI enhancements in the same way. Mobile gateways and wireless routers can filter and analyze traffic flows locally, and hence can block, quarantine or restrict access as soon as packets hit the device. This has a strong implication on network security, as anomalous and suspicious traffic flows are identified right away before they cross the network border, even if these flows are encrypted, obfuscated or anonymized. Leveraging R&S®PACE 2’s smaller build binaries, embedded devices do not have to forego performance and efficiencies in their bid to keep tabs on potentially malicious traffic.
How lean DPI alleviates AI and GenAI workloads
The smaller build configuration of R&S®PACE 2 is particularly advantageous in handling AI and GenAI use cases. In both, collecting sufficient traffic data points for AI test and training causes a steep increase in the processing loads of analytics engines that mine data throughout the day. Through its reduced minimum build, R&S®PACE 2 allows monitoring and analytics tools that supply this data and AI-driven networking devices to handle increased AI workloads. This is especially important in managing the performance and costs of data center networks where most AI traffic will be processed. According to McKinsey, demand for data centers with the ability to handle advanced-AI workloads will make up 70% of total demand by 2030 .
Gains for edge computing use cases and RAN devices
The smaller DPI build binaries will also bolster edge computing uses cases, especially for low latency applications that rely on superfast computing and filtering speeds. Applications such as autonomous driving, cloud gaming and smart cities require a latency that is consistently less than 10ms. To guarantee this, firewalls, NAT and other embedded devices in edge data centers must process incoming flows at line speed. These devices also require real time traffic awareness to intelligently execute routing and processing rules but must ensure that continuous traffic capture and filtering does not impact traffic latency. With a reduced minimum build, these devices can easily compile our DPI software on their platform and enable efficient data gathering and analysis to support dynamic policies.
In mobile networks, the smaller build binaries can be advantageous for processing RAN traffic, especially in 5G. Our lean DPI software provides real time visibility that enables operators to quickly identify traffic flows, initiate network slicing and steer traffic through relevant edge nodes and pathways. With reduced build configuration, DPI capabilities can be incorporated into next-gen RAN computing devices such as routers, in both centralized and distributed architectures. This enables mobile operators to deliver intelligence to the RAN where accurate and reliable classification of traffic flows allows end-to-end automation and QoS management.
Going above and beyond with lean DPI from ipoque
In times of growing traffic complexities and challenges, this latest enhancement in the build configuration of our next-gen DPI software R&S®PACE 2 could not come at a better time. With a leaner structure and more efficient implementation, R&S®PACE 2 is expected to drive many exciting use cases and spur innovations in networking, while forging more collaborations that will bring today’s networks to the next level.
