Powering network edge ‘as-a-service’ with DPI-driven traffic intelligence
By Tobias Roeder
Published on: 01.02.2023
The network edge processes terabytes of data every day as traffic from users and machines transits these nodes to access enterprise data, applications and services hosted on an array of on-premise and cloud infrastructure. It plays an important role in simplifying and accelerating traffic processing and access control, for seamless movement of information across the enterprise.
In recent years, there has been an increase in public/hybrid cloud migrations and rising business demands for enabling remote and hybrid workforces and providing the best digital experience for end users — both employees and customers. This combination has practically shifted the network edge to wherever the enterprise users, applications and data are. Enterprises are challenged with managing complicated connectivity between network edges, enterprise WAN, hybrid clouds, multi clouds, partners and customer sites.
Network edge provisioned “as-a-service” by external providers is fast becoming the preferred approach to managing highly distributed and agile networks. Such platforms and services eliminate the need for organizations to build bespoke networks between internal resources, cloud environments, customers and partners. However, organizations must choose edge services carefully, ensuring they have complete visibility and control over the traffic traversing their private networks and assets. Traffic visibility is, in fact, paramount to monitoring performance, fulfilling expectations and mitigating risks associated with today’s blurred network edge.
For example, providing the ultimate digital experience to all users, including workers, partners, customers and even smart devices, is a crucial network concern. Performance glitches, latency and jitter can ruin these experiences. In order to achieve superior network performance, organizations need deep packet visibility to designate IP traffic to optimal routes in complex networks that are based on disparate connectivity technologies such as MPLS, SD-WAN and mobile networking.
Most enterprise operations and transactions leverage some form of cloud service. Visibility into north-south traffic flows is essential for assessing the quality of cloud services; and identifying and resolving issues arising at the cloud edge in real time. At the same time, network intelligence generated by edge traffic visibility tools are imperative in evaluating existing workloads and determining if edge networks are capable of handling the surge in applications processed and delivered closer to the user.
Last November, ipoque announced its collaboration with Graphiant, a Silicon Valley-based provider of next-generation edge services. Graphiant Network Edge is a highly scalable and flexible as-a-service edge networking solution. It requires all the capabilities discussed above to deliver MPLS-like performance and security along with SD WAN-like agility and last-mile flexibility. Graphiant has chosen ipoque’s VPP-based deep packet inspection (DPI) software R&S®vPACE to equip its Graphiant Network Edge with granular visibility across all edge traffic, including the cloud edge.
R&S®vPACE combines statistical, heuristic and behavioral analyses with ML-enabled encrypted traffic intelligence (ETI) for highly accurate classification of applications, services and protocols, even for encrypted, obfuscated and anonymized IP traffic. Leveraging real-time application-awareness by R&S®vPACE, Graphiant Network Edge service converts application-specific policies into Graphiant policy metadata at the Graphiant Edge closest to the data source. This DPI-enabled metadata is then inserted into the encrypted traffic headers, eliminating the need for repeatedly examining data packets at intermediate points. This way, R&S®vPACE provides a single point of inspection for Graphiant to deliver application-aware traffic prioritization, steering and policy control at performance levels for the modern edge.
Additionally, R&S®vPACE is designed for vector packet processing (VPP) frameworks such as FD.io or DPDK Graph, which provides substantial performance and speed benefits for the dynamic distributed hybrid environments that Graphiant supports. Compared to scalar packet processing, R&S®vPACE's's powerful, VPP-based engine delivers up to 3 times speedup, enabling Graphiant to meet the high-performance needs of latency-sensitive, real-time applications in cloud and edge computing environments.
The deployment of R&S®vPACE in the Graphiant cloud edge enables Graphiant to segregate traffic flows based on applications and services and apply appropriate network policies in real time. Application-aware traffic management, such as the allocation of priority lanes for latency-sensitive applications, enables its enterprise customers to ensure quality of service (QoS) for key services.
Accurate classification of applications also supports flexible access control and security policies. Graphiant’s enterprise customers, for example, can implement a zero-trust security framework by using application classification information to turn on granular access control at all levels – cloud, application and file, where users are granted access based on their privileges and authority. Invocation of security policies for risky and vulnerable applications in the network edge is also simplified with deep insights from R&S®vPACE as the engine is highly capable of singling out malicious and anomalous flows. Compromised traffic flows as well as traffic from susceptible sources and applications can then be routed through additional security inspection or blocked outright.
Traffic awareness provided by R&S®vPACE greatly speeds up traffic analysis, allowing application performance and responsiveness to be established in real time. Combining extracted metadata with application classification information, network administrators are able to derive a wide range of performance metrics such as latency, speeds, jitter and round-trip times for any number of flows and types of applications. With performance analytics available for any given node in the network edge, Graphiant can swiftly identify cloud, application and network issues as soon as they emerge and speed up their diagnosis and resolution. This grants Graphiant just-in-time situational awareness for proactive mitigation that can greatly bolster their credibility and ability to deliver upon SLAs.
High-speed traffic filtering provided by R&S®vPACE enables edge service providers such as Graphiant to monitor traffic traversing their data centers, branches, cloud infrastructure and home offices at scale. Armed with historical and real-time insights provided by R&S®vPACE, Graphiant and its customers can remain aware of resource utilization and the impact of traffic behavior on network outcomes. Using predictive analytics, they can identify new capacity, security and networking requirements in the network edge, spanning enterprise, cloud and SaaS applications. Enterprises can use this information to integrate new network functionalities, build new services and drive digital innovations.
As more and more enterprises embrace distributed and hybrid digital environments, the onus falls on network service providers to fully understand all enterprise traffic flows. They need visibility and traffic intelligence across all edge points, including cloud and partners’ networks, to deliver the expected performance, policy control and service levels for all organizational traffic. Real-time analysis by tools such as R&S®vPACE enables service providers like Graphiant to build optimized, secure, responsive and reliable edge networks that are sustainable in the long run.