Traffic Filtering on per Session Basis: Success Story of Netcope Session Filter in Picomass’ IPS200

25/08/16

Picomass uses Netcope Session Filter in IPS200 solution for Deep Packet Inspection, the main reason being that NSF is the only commercially available NIC capable of traffic filtering on per session basis.

> Read the full Success Story <

With 100G networks slowly becoming the standard, security solution providers are facing a great challenge of how to handle the deluge of data. 100 Gbps is simply too much data for a software-based solution. Dedicated hardware might leverage the performance, but it is often expensive and inflexible. Luckily, it is possible to build a DPI solution around commodity servers and programmable NICs that offers real time protection.

We can roughly predict network traffic composition at peak period. We know that the majority of traffic is real-time entertainment, streaming services like YouTube and Netflix. When sent to the DPI software, these services load up the CPU and a valuable processing power is wasted completely. If only there was a way of offloading this deluge of video packets and sending only the traffic of interest to the DPI software…

...and there is and it’s called session filtering! What Netcope Session Filter does is that it can drop, crop or send to software each session according to commands obtained via NSF API. A session is a sequence of packets with the same source and destination IPv4/6 address, L4 protocol, TCP/UDP ports, and optionally other fields (input network interface, type & code for ICMP packets).

In short, NSF offers a way of building a solution capable of real-time DPI on 100G networks around commodity server, DPI software and smart and programmable Netcope NIC.

Feel free to contact us to learn more.