About us Solutions Services Clients Blog Contacts  
 
 
 

 

DEEP PACKET INSPECTION


NatSys DPI is a lightweight high performance software solution for low-end standard x86-64 servers to analyze and modify network traffic. The total cost of the solution is very low. This is achieved by high-performance software architecture, such that it's capable to handle multi-gigabit traffic with millions packets per second on low-end standard hardware. The system works in very restricted environment, but still accurately assembles TCP stream and provides access to all network layers for analyzing and altering logic.

We offer the solution customization and performance optimizations for special client needs.


Business Challenges

  • Behavioral targeting - "Know your customer" is the key for any business: it's better to show your site content or advertisement to a user depending on their interests. DPI gathers and prepares data about user behavior which provides valuable information about your clients' preferences. While Web-server logs also provides data which can be used to generate user profiles, the data is incomplete because it's limited by only one server. Meantime DPI gives knowledge about real user activity among many Web-resources. Complete user profile and their browsing history are invaluable for on-line market research, building advertising networks and feeding to Sell Side Platform (SSP) and Data Management Platform (DMP) of full Real-Time Bidding (RTB) system. User profile data can be stored on back-end server (collector) or sent to any remote peer for further analysing.

  • On-line advertising - sometimes a user can make a mistake in typing resource name in his or her browser, a server can return error code due to overloading or internal issue. In all the cases the user can get your advertisement instead of looking at annoying "Server is temporary unavailable" page. This can be done using DPI interstitials redirects.

  • Software-defined networking (SDN) - DPI technology is widely used to build SDNs. Our DPI solution can be used to build control or data planes of SDN. Also Flow control module provides Quality of service (QoS) functionality driven by fine-grained rules.

  • Security - DPI is common platform to build data leakage protection (DLP), intelligent Web-content filtering, intrusion detection (IDS) or prevention (IPS) systems.


Inline Operation Mode

In inline mode DPI works as common Linux router which can actively filter and perform deep modifications of traffic on all layers. One of the possible case for the mode is user flow control, depicted on the image below.

Inline Operation Mode (user flow control case)

DPI inline mode achieves fault tolerance using bypass network adapters or standard Linux router failover.


Active Sniffer Operation Mode

In active sniffer operation mode the system can analyze and log traffic and it's still able to make DNS and HTTP redirects. DPI in active sniffer mode can be used as shown on the picture below to perform Web analytics:

Active Sniffer Operation Mode (Web analytics case)


Interstitial Redirects

Interstitial redirects are useful to confirm the user's age prior to showing age-restricted material, to notify the user about service limitations or to display advertisements. DPI can redirect user requests depending on:

  • user settings (once per N seconds or requests)
  • matching request URI to set of regular expressions
  • 400 or 500 HTTP errors
  • absence of corresponding DNS record
  • custom policy loaded in run-time from Policy Server

Example of interstitial redirect in inline mode:

Redirect in Inline Mode

In sniffing mode redirects still can be made:

Redirect in Active Sniffer Mode


Flow Control

DPI works as a common Linux router with traffic control option. It limits traffic by TCP/UDP ports and/or IPv4/IPv6 addresses and sub-networks. Control policy can be updated by Policy Server in run-time.


Clickstream

DPI can send (in proxy mode) or store (in configurable representation) extract of user traffic (clickstream) depending on custom rules. In proxy mode Cisco RDRv1 or BER ASN.1 formats are supported. The rules can specify values of particular HTTP headers or user addresses, i.e. only traffic which matches the rules are captured. DPI provides very flexible and easy to use configuration for traffic extraction rules. Also clicksream can be compressed and/or encrypted on-the-fly.


Please contact with us for details.

 

 
     
    Copyright © 2008-2016 NatSys Lab. All rights reserved.