Packet inspection/traffic management

cPacket Preps for New IP Address Rules

cPacket today expanded its testing and monitoring solution to include what it says is an easier way for Internet service providers to comply with current and expected compliance rules around providing individual user IP addresses to law enforcement. The new cNAT IP Address Resolution Compliance capability provides real-time correlation of traffic on both sides of a carrier network gateway so that an IP address can be discerned even when ISPs are using network address translation (NAT). (See cPacket Offers Real-Time IP Address Resolution.)

So far, only the UK has passed an Internet Protocol Address Resolution or IPAR regulation, according to Jim Berkman, senior director of marketing for cPacket Networks Inc. , but similar rules are expected elsewhere, including the European Union and the US. What these rules do is require an ISP to be able to identify an individual user, even when that user's IP address is hidden behind a NAT gateway.

NAT gateways are a commonly used approach to delivering IP access to many devices without consuming an IP address for each one -- in fact, thousands of individual users can be covered by a NAT gateway. This approach grew very popular with ISPs as IPv4 addresses were reaching extinction, enabling them to put off building dual-stack networks to serve both IPv4 and IPv6 addresses.

Read the latest on issues around network security in our security section here on
Light Reading.

The approach proved to be a problem for law enforcement, which needs the ability track individual users, thus the new requirements for IP Address Resolution. Multiple companies are developing solutions to this problem. What cPacket is doing, Berkman says, is offering a simpler approach that builds on its test and monitoring capabilities.

"We help them avoid over-reach," he comments, and that includes massive storage of records. The cPacket performance monitoring approach takes a fine slice of information, at line-rate speeds, to correlate data simultaneously on either side of the gateway and identify a specific user. That avoids building a separate overlay network, Berkman adds.

That also gives cPacket the ability to see things down to the microsecond level and thus see microbursts of traffic that disrupt the network but aren't discernible at less detailed levels of monitoring. All of this is based on cPacket's Operational Intelligence Fabric, which in turn builds on its custom ASICs.

This latest addition of functionality takes cPacket into a new direction, where the service provider community is concerned. Berkman says the company expects to see growing interest as more compliance rules are passed.

— Carol Wilson, Editor-at-Large, Light Reading

Sign In