The rise of intelligent networks, where network rules are contextualized to real-time traffic attributes, has made deep packet inspection (DPI) indispensable. Advanced DPI tools deliver fine-grained insights into applications, protocols and service types, and form the basis for application-based networking and security policies. However, DPI requires at least three packets in a flow before the underlying application or service can be identified, creating a miniscule delay which can build up high enough to have an impact on latency-critical networking use cases.
First packet classification (FPC), an enhancement to DPI, identifies a flow from the first packet itself and eliminates additional latencies. FPC is offered by ipoque, a Rohde & Schwarz company and leading provider of next-gen DPI software for networking and cybersecurity vendors. The feature is available as part of the ipoque OEM DPI engine, R&S®PACE 2, and its VPP-native counterpart, R&S®vPACE. FPC by ipoque leverages the following techniques to ensure immediate policy execution and flow-wide consistency:
FPC-IP: Compares IP addresses in packet headers with public and professionally extended IP lists / port numbers
FPC-DECA: Uses non-encrypted DNS information like domain names
FPC-SECA: Analyzes DPI cache for instant classification of previously identified applications and services
First packet classification gives telco networks a performance edge
The telecom sector has become increasingly saturated, yet ripe with potential, amid paradigm shifts like user-centric services, 5G and URLLC use cases. To power these, 4G and 5G networks require visibility into traffic flows in order to apply application-specific traffic management techniques, such as compression algorithms, TCP/IP optimization, and QoS policies that shape routing and resource allocation decisions. Delays in policy execution can result in certain data packets being routed across sub-optimal paths, causing performance lags and network bottlenecks. Once the connection has been established, altering the path mid-stream can introduce interruptions and delays, causing disruptions in real-time applications like video conferencing and online gaming.
FPC-enriched DPI ensures real-time, reliable application awareness down to the service type — audio or video data — from the outset, allowing optimal routing and resource allocation that is based on the application and user’s bandwidth, latency, and QoS demands. For telcos, this critical capability ensures that initial packets from priority customers are not randomly routed to standard paths. It enables them to guarantee a differentiated performance for premium subscriptions and tiered QoS plans. Instant classification and adequate routing from the get-go also ensure that bandwidth-intensive plans for activities like AR-/VR-based immersive applications do not clog the network for other subscribers.
How first packet classification benefits latency-sensitive applications
One of the techniques of ipoque for first packet classification is FPC-SECA, where, once traffic flows are classified, the routes and flow types can be saved in the cache, allowing subsequent flows to be steered similarly. In combination with DPI, this reduces the required processing resources, resulting in performance and cost gains for telcos. The FPC-DPI combo also enables them to extend their services to high-consequence, mission-critical sectors and applications, such as remote and AR-assisted surgeries, intelligent transportation, and industrial automation. FPC-SECA in combination with IP information-based FPC-IP enables network administrators to classify URLLC traffic immediately, allowing NPBs and routers in the network core to allocate appropriate network segments from the start.
Security concerns also loom large in telecoms, with bottom lines being increasingly dictated by user experience and telcos’ ability to expand their B2B and B2B2X offerings to critical sectors, such as healthcare, manufacturing plants and municipal authorities. Cyberattacks like DDoS, session hijacking and other types of MiTM attacks can go unnoticed due to the time taken by firewalls and IPS/IDS to extract sufficient information from each flow, allowing the first few malicious packets to escape. FPC alongside DPI can identify anomalies such as unverifiable source or destination IP addresses or inconsistencies in DNS information for early intervention and threat containment, proactively mitigating the consequences.
Optimizing enterprise networks with first packet classification
Across enterprise networks, the use of first packet classification in combination with DPI can greatly enhance performance and security. With more workloads being digitalized, minute degradations in network quality can impact business operations. Enterprises are also adopting application-based policies to optimize bandwidth and improve the performance of selected applications, such as critical applications. In enterprise settings, FPC ensures no packets run loose into other data streams due to delayed classification and processing. This capability is much needed for real-time, business-critical applications, such as video conferencing and CRM, because rerouting mid-stream can result in disruptions, causing broken video and audio streams which can reflect poorly on a business.
First packet classification’s light weight and fast visibility is also useful for enterprises grappling with hundreds of remote machines and IoT devices such as smart meters, sensors, actuators, and CCTV cameras that keep pinging the network, creating too many sessions, flows, and devices for full-scale DPI. FPC can allow the network to begin processing and routing the flow even as it waits for more granular DPI insights, relieving congestion and improving the overall network performance.
First packet classification speeds up connectivity for remote workers and cloud workloads
The inversion of traditional networks also presents various challenges for enterprise networks. Managing and monitoring remote workers, for example, can lead to strict and lengthy authentication processes that can cause significant productivity losses. With first packet classification, access requests can be pre-validated instantaneously, enabling faster connections on VPN and ZTNA. Similarly, application architectures and resources are distributed across different clouds and branches. FPC leverages readily observable information (destination address) and cached data to pre-classify these data flows. When deployed alongside DPI, FPC enables enterprises to expedite traffic processing and deliver a smoother user experience across all resource types – on-premises, cloud and SaaS.
Security-wise, the use of FPC-enhanced DPI allows enterprise security solutions, like next-gen firewalls and IPS/IDS, to block malicious traffic before a connection between the enterprise network and malicious C&C servers or unauthenticated devices is even formed. Techniques such as FPC can contribute significantly to cyberattack prevention. According to the Ponemon Institute, organizations can save anywhere from USD 396,675 to USD 1,366,365 per attack by preventing it in the first place1.
No packet left unaccounted for
As traffic loads increase, the need to optimize processing while ensuring higher performance requires first packet insights. Embedding ipoque FPC-enabled DPI technology into networking and cybersecurity solutions empowers telecoms and network admins to achieve the best of both worlds — instant insights for faster policy enforcement and deeper insights for highly intelligent and advanced networking and security decisions.
Download the data sheet to learn more about the first packet classification technology by ipoque.
To see the first packet classification technology of ipoque in action, watch this product demo and learn how you can execute network policies instantly and optimize network performance.
1Preventing Cyberattack Penetration Can Save Enterprises Up To $1.4 Million Per Incident: https://www.businesswire.com/news/home/20200407005031/en/Study-Preventing-Cyberattack-Penetration-Save-Enterprises-1.4