<<   <   Page 5 / 5
multithreaded 12/5/2012 | 1:15:52 AM
re: Caspian Adds P2P Punch Hi Tony,

Enjoy discussing with you. At least we agree that there are different ways to address the P2P identification problem :-)

It seems to me that there are at least two ways to identify a P2P applications:

1. Based on the statistics of flows such as bytes-sent per second, the number of packets per flow, time duration per flow, etc.

2. Based on application signatures by analyzing the payload. I.e, applying deep-content analysis (L4-L7) on the first few of packets belong to a flow.

Any other approach?
clueless 12/5/2012 | 1:15:51 AM
re: Caspian Adds P2P Punch Hi all,

What is the number of simultaneous flows/packets handled by such boxes?

The reason I ask is that I have seen with some flow based architectures (both hardware and software based) with a smallish user base utilising under 100Mbit/s causing such boxes to have "issues". I admit these solutions were not and will never be leading in this technology and at the time of testing there were a number of worms and viruses floating around on the Internet. In my case approxiamtely 5000 (active) users the number of flows was in the order of ~100k.

Under a much larger user base, with many infected computers this could easily increase by an order of magnitude - will these techniques handle these type of flows?

If they inspect every packet, then it will depend on the packet processing, but if you are basing a throughput on flow based statistics (i.e. 1 packet in x on average) you might have customer calls next time a big worm/virus hits.

jcurranz 12/5/2012 | 1:15:40 AM
re: Caspian Adds P2P Punch With respect to software updates in major ISP's, Tony Li is right on target: two major software updates per year is about the norm for the industry. When you consider the implications of a failed upgrade, it's easy to appreciate the caution in this area.

Given the rapid evolution of P2P applications, the network core is likely to be relegated to detecting well-known P2P applications, as opposed to helping with the file sharing program "du jour"...

<<   <   Page 5 / 5
Sign In