High-speed packet processing: The foundation for advanced Network Intelligence applications

44G network operators are turning to Deep Packet Inspection (DPI) technology to manage the ever-increasing bandwidth requirements of mobile broadband traffic and provide new, revenue-generating services to their subscribers through applications such as Policy and Charging Control. To overcome the increased latency caused by DPI, however, advanced packet processing technology is needed that can increase the processing bandwidth available for these applications. This article examines software solutions used to accelerate overall packet processing performance and thereby enable more advanced intelligence capabilities and improved QoS.

Mobile broadband traffic is forecasted to grow 18-fold over the next five years, representing a compound annual growth rate of 78 percent. In the recent Cisco Visual Networking Index forecast, this growth is attributed to the increasing use of streamed content in mobile cloud applications and the explosion in smartphone and tablet usage, all being driven by faster LTE networks, emerging Machine-to-Machine (M2M) applications, and the growing percentage of video traffic (www.cisco.com/en/US/netsol/ns827/networking_solutions_sub_solution.html). Cisco forecasts that by 2016, 71 percent of all mobile data traffic will be video.

The advent of 4G networks has raised the bar to the point that users expect to have constant access to advanced multimedia services delivered via smartphones, tablets, or laptops, regardless of their location. Subscribers who select premium rate plans rather than “best-effort” options expect to receive an experience commensurate with the higher costs. Streaming video should be a TV-like experience. Operators are required to provide a wide range of enhanced services to a fast-growing subscriber base while delivering more traffic per subscriber, supporting more applications, and offering an ever-expanding range of client devices with advanced capabilities.

The continuing challenge for network operators lies in how they evolve and manage their networks to keep up with the growing demand and create subscriber packages that monetize their services. Critical to both of these tasks is the ability to precisely characterize the application traffic in the network and control and prioritize that traffic according to specific Quality of Service (QoS) policies. Traffic behavior is shaped by provisioning appropriate amounts of bandwidth for each traffic category based on variables such as application type, subscriber profile, time of day, service level, and others. Operators are using advanced Network Intelligence (NI) gained from state-of-the-art Deep Packet Inspection (DPI) technology, particularly as they deploy their LTE networks, to help define differentiated service packages and in traffic management/Policy Enforcement applications.

Network monetization by operators requires DPI technology. Today, operators are shifting from all-you-can-eat mobile data plans to tiered pricing while offering customer-centric service linked to usage and applications. They are also offering bandwidth-on-demand and “freemium” services with premium charges for advanced versions. DPI is a fundamental technology for these types of services, which require policy-driven, real-time charging and content distribution.

Key applications of DPI technology

DPI technology exposes the source, content, and context of packets traversing a network. It provides real-time visibility into the data for a wide range of security and bandwidth management applications such as Policy and Charging Control (PCC), QoS, Subscriber Analytics, and Traffic Optimization.

Market research firm Infonetics forecasts that DPI product revenue will grow from $470 million worldwide in 2011 to $2 billion in 2016, with mobile communications driving much of the growth (www.infonetics.com/pr/2012/2H11-Service-Provider-DPI-Products-Market-Highlights.asp). Initial use of DPI technology focused on security applications such as e-mail spam filtering, antivirus detection, and intrusion detection and prevention, while the move to Unified Threat Management (UTM) systems that integrate multiple security functions will continue to drive DPI growth. Growth is also being propelled by bandwidth management applications; DPI-based protocol and application classification techniques based on pattern matching, behavioral, and statistical analysis of both header and payload information are much more accurate than the header-only techniques of the past.

DPI and network performance in the 40 Gbps era

Within a 4G wireless network, PCC functions provide operators with advanced tools for service-aware QoS and charging control. Within the network, the Policy and Charging Enforcement Function (PCEF) identifies and associates applications and/or users with specific traffic flows, applying policies to individual sessions based on requirements defined by a network element called the Policy and Charging Rules Function (PCRF).

Architecturally, PCEF is part of the PCC function defined in the 3GPP specifications. PCEF interfaces with the Packet Data Network Gateway (PGW) and with the PCRF. Physically, it can be implemented as a dedicated blade or as a co-located but separate appliance or it can be integrated into the PCRF. Regardless of the actual implementation, however, the advanced DPI functions required for PCEF place significant performance stress on the underlying processor platform due to the real-time processing bandwidth required to evaluate and act on sophisticated heuristics or generate advanced billing information. Despite increasingly complex algorithms used for packet inspection, classification, and steering, DPI technology must deliver wirespeed performance in networks, where the demand for data capacity is exploding.

Network packet throughput acceleration

Compared to a standard network or telecom equipment system that only inspects the very first headers of a packet (Layers 2-4), DPI performs more detailed analysis of the packet to identify application-level flows and content. To perform complex packet analyses such as data extraction, flow correlation, or application-level protocol decoding, DPI requires huge amounts of processing capacity.

As network performance increases, it becomes impossible to perform a standard Layer 2-4 analysis of the packet at wirespeed, much less DPI, in a system based on a standard Operating System (OS) network stack. Three levels of optimization are possible to increase DPI throughput: fast path processing for data plane traffic, DPI load balancing, and DPI offload.

Fast path processing

In a fast path implementation, the networking stack is split into two layers. The lower layer, typically called the fast path, processes the majority of incoming packets on dedicated CPU cores outside the OS environment and without incurring any of the OS overhead that degrades performance (Figure 1). Only those rare packets that require complex processing are forwarded to a Linux networking stack, which performs the necessary management, signaling, and control functions. To increase performance, packet processing can use the services of an executive designed specifically for packet processing. The Intel Data Plane Development Kit (Intel DPDK) provides these kinds of services on Intel Xeon processors.

Figure 1: Fast path processing improves network throughput by bypassing the standard OS networking stack. Performance scales linearly with the number of cores dedicated to fast path processing.

Besides maximizing the system’s networking performance, a key net effect of a fast path architecture is to free up processor cores that would normally be used by the OS networking stack, making more cores available for DPI and other applications (Figure 2).

Figure 2: The number of cores available for DPI applications increases significantly in a fast path architecture as opposed to a standard network stack implementation.

DPI load balancing

In larger configurations that include multiple processors, CPU blades, and possibly racks, packet processing can also be used to load balance traffic to several processors, blades, or systems, each of which can be performing DPI functions. Packet processing software that supports this type of DPI load balancing and that scales across processors, blades, and racks without performance degradation is available today. In addition, such software offers full support for virtualized environments, making it well suited for cloud computing environments.

DPI bypass

The next level of DPI performance improvement can be achieved by externalizing the DPI flow table. By triggering the DPI engine only in the cases of relevant packets or flows while implementing a smarter mechanism for allocating packets and flows to specific cores, the system-level performance is maximized and packets are processed with zero loss. Because full processing in the DPI engine is bypassed in all cases other than those containing relevant packets, overall platform performance can increase up to seven times.

The types of packets that are sent to the DPI engine include:

  • Non-empty packets – for example, a pure signaling ACK does not need DPI processing
  • Packets requiring detailed analysis – for example, SIP or FTP packets
  • The first packets of new flows – sent for classification
  • Packets that may need to be reclassified because of the specifics of the application – for example, security applications where the flows have to be analyzed continually

DPI-aware packet processing

Based upon high-performance data plane fast path technology, 6WINDGate packet processing software typically performs packet processing functions at ten times the Linux Layer 3 forwarding performance of a standard SMP Linux stack.Its performance scales linearly with the number of cores running the fast path, and is scalable across processors, blades, and racks (Figure 3).

Figure 3: DPI-aware packet processing software optimizes network stacks for DPI with fast path, DPI load balancing, and DPI bypass.

6WINDGate is DPI aware and optimizes the interaction between data plane processing and DPI, offloading the DPI engine by sending only relevant packets for full DPI processing. Actions are applied to flows based on DPI analysis, including filtering, QoS, and protocol termination. It also maximizes overall system throughput by implementing packet cloning and a zero-copy architecture.

The intelligent network future

An intelligent network is essential for on-demand distribution and consumption of information – users getting the information they require, safe from the nasty stuff that inhabits the net, the way they want it, and when the need it. DPI technology is the foundation for the intelligent network, and it will become increasingly capable as application, user, and operator needs evolve. The availability of a DPI-aware, high-performance packet processing foundation enables this growth in DPI capability, and is key to the future success of intelligent networks.

Charlie Ashton is the Vice President of Marketing and Business Development for 6WIND. Charlie is responsible for 6WIND’s global marketing IT initiatives and also manages the company’s partnerships with semiconductor, subsystem, and software companies worldwide.

6WIND | charlie.ashton@6wind.com