Spectre DPI Platform
- • Detection of over 6000 protocols:
- • VoIP and Media: SIP, RTP, RTSP, MPEG;
- • Torrents and P2P;
- • Messengers: WhatsApp, Telegram, Viber, Skype;
- • VPN’s: openVPN, L2TP, PPPTP;
- • Encrypted protocols like SOCKS5, HTTPS, MTproto;
- • BRAS with CG-NAT and DPI functions;
- • VAS for ISP: IoT Security and Parental controls;
- • Protection against DoS and DDoS attacks;
- • Installation on the available server platforms;
- • Throughput over 100Gbps per RU;
- • Connection «In-line» and «Mirror».
About Deep Packet Inspection technology (DPI)
DPI is a hardware-software complex that controls the flow of network data, identifies protocols and applications, filters by URL, prevent intrusion attempts and spread malicious software by deep packet inspection data. DPI performs important safety functions by checking incoming packets, analyzing the code and transmitted data after their disassembly and decompression, for compliance with applications and services. If a malicious URL or code snippet is detected, the system is able to completely block it. DPI can also be used by service providers to provide subscribers different levels of access (type of use, data restriction, bandwidth), compliance with access rules, traffic prioritization, network load balancing and statistical information gathering.
As more and more software products go beyond the workstation and corporate resources using cloud technologies, network performance becomes critical for high productivity. DPI can recognize applications, which data pass through the system and allocate required resources to each of them.
Spectre DPI features
IIn addition to DPI functions, the product has a number of additional integrated features. The system includes traffic filtering through the registry of blacklisted websites in accordance with current legislation and meets the requirements of the state regulator with automatic downloading blocking lists of URL SNI, CN, IP+PORT.
Basic work schemes
The solution supports filtering by Server Name Indication (SNI), blocking of HTTPS traffic on Common Name certificates and blocking by «*.domain.com» mask. For greater flexibility, it is possible to use own black and white lists. Spectre DPI has a full set of functions for working as L3 and L2 BRAS functionality and can also act as CGNAT with support Hairpinning, Paired IP address pooling and Full Cone. Simple integrate by Radius protocol with most populate billing systems.
BRAS with DPI allows using prioritizationin subscriber tariff plan. Spectre DPI have some level of prioritization: by protocols/applications and by directions (AS number). It is available for subscriber, Vlan or pair physicals ports and common channel. The system allows to pass messages to the subscriber while working on the Internet or redirect to the start page. DPI gives ISP channel to communicate with customers. Marketing programs allow to delivery news, promo or information about network failures.
The system has built-in protection against DoS and DDoS attacks, realizes fight against TCP SYN Flood, fragmented UDP Flood and supports the Turing test. Dynamic bandwidth management with protocol priorities is supported. Spectre DPI provides up to 15% savings on the uplink channels and fast delivery of audio and video content through the caching system. Thus, caching of Windows and iTunes updates is fully available.And it also possible to control the torrents by hash value, which significantly reduces the torrent traffic on the uplink channels.
IntegrationDifferent Spectre DPI connectivity schemes are supported:
- «Out-of-line» A scheme of traffic mirroring is performed through SPAN ports or optical splitters.PBR function is used to implement web traffic filtering relying on policy based routing.
- Asymmetric connection PBR function is used to implement web traffic filtering relying on policy based routing.
- «In-line» DPI connects between the Edge Router and the Termination Device (BRAS). Fault tolerance is provided by using the bypass function in Silicom cards.
BRASThis solution allows broadband operator to control subscribers access to the Internet and apply the policies of tariff plans and additional tariff options. Spectre DPI directly interacts with RADIUS server to obtain information about the authorized user, compares IP addresses with the tariff plan and additional services that are defined on the billing server.
- Authorization of IPoE and PPPoE sessions on RADIUS;
- Identification of users by IP, Q-in-Q label, MAC address;
- Assignment and modifying policies (tariff plans and additional services) through VSA (Vendor Specific Atribute) in the process of authorization on RADIUS and through CoA (Change of Authorization;
- Redirecting users to Captive Portal (blocking);
- Working at L3 and L2 levels;
- Performance of Spectre DPI system can reach 160 Gbit and process simultaneously up to 128 M user sessions.
CG-NATNetwork Address Translation function allows the telecom operator to share one public IPv4 address with multiple subscribers, extend usage of the restricted IPv4 address space, and simplify passing to IPv6 addressing. Since DPI platform is designed for huge loads with deep traffic analysis, it can easily realize network address translation function (Carrier-Grade NAT), in addition to which the customer receives a full set of standard DPI tools.
- Effectively uses the limited IPv4 address space;
- Complies with industry standards specified in RFC 6888, RFC 4787;
- Provides transparent operation of peer-to-peer protocols (torrents, games);
- Allows to limit the number of TCP and UDP ports for the subscriber (DDoS protection);
- Supports functions of Hairpinning, Paired IP address pooling and Full Cone.
QoESpectre DPI QoE — this is a software product created for collecting statistics and assessing the quality of service perception (Quality of Experience - QoE). The resulting statistics is superimposed on specific metrics to determine user experience and take actions aimed at improving the quality of communication services.
- Round Delay (RTT) Performance
- Number of retries
- Number of sessions, devices, agents, IP addresses per subscriber
- Traffic distribution by application and transport protocols
- Traffic distribution by directions and AS
- Clickstream for each subscriber+