TOPGUNmulti terabit DPI

Leo Yuriev

BigBrother Matrix R&D

,)

‛

About me

Leo Yuriev– programming for 20 years

– sometimes while hacking

leo@yuriev.ru

leonid.yuriev@billing.ru

BigBrother Matrix R&D is…

20 yearssolutions for telecomfull lifecycle≈ products serves 100M clients≈ 1K employees

Agenda

1. ethics and legality

2. why & what for ?

3. how does it work ?

4. use cases

5. let’s HACK ?

WTF DPI?

http://en.wikipedia.org/wiki/Deep_packet_inspection

DPInetwork Internet

1. raw packets, a lot of…

2. inline or on-copy

3. flow ≈ from SYN to FIN

ethics and legality…

1. DPI – is just a method, no bullshit

2. ethics & legality – is completelydefined by a task and purpose

3. peeped in the payload – got a DPI

4. 100500+ use cases

topgun – why & what for ?

1. competitors have problems

2. fixed scope, poor scalability

3. depending on a hardware,vendor lock-in, beetles ;)

topgun – how does it work ?

just awesome cool ;)

1. MAC rewrite + L2

2. Swarm Intelligence

3. FSM with replication

skeleton

BL

AD

E

BL

AD

E

BL

AD

E

BL

AD

E

BL

AD

E

DISTRIBUTION

DATA PLANE

CONTROL PLANEB

LA

DE

BL

AD

E

BL

AD

E

BL

AD

E

BL

AD

E

DISTRIBUTION

DATA PLANE

CONTROL PLANE

SUPERVISOR

FUSE

HOT STANDBYACTIVE

1

2

3

4

5

6

7

workload distribution

FUSE

BL

AD

E

BL

AD

E

BLADE BL

AD

E

BL

AD

E

DISTRIBUTION

DATA PLANE(Ethernet Switch)

dst-MAC[0,1,2,3] = 0x77

dst-MAC[4,5] = Hash(IP)

SEG #

MAC → PORT#

swarm intelligence

BL

AD

E

BL

AD

E

BLADE

BL

AD

E

BL

AD

E

LIST

CONTROL PLANE(Ethernet Switch)

SEG#

LIST

SEG#

LIST

SEG#

LIST

SEG#

LIST

SEG#

DISTRIBUTION

MAC → PORT#DATA PLANEMAC → PORT#

swarm #1: balancing

FUSE

DISTRIBUTION

swarm #2: tableau

FUSE

BL

AD

E

BL

AD

E

BL

AD

E

BL

AD

E

DATA PLANE

CONTROL PLANE

BL

AD

E

TABLEAUreplica

key1 = value + versionkey2 = value + version

…key# = value + version

DISTRIBUTION

swarm #3: do it

FUSE

DATA PLANE

CONTROL PLANE

BL

AD

E

BL

AD

E

BL

AD

E

BL

AD

E

WORKER

TABLEAUreplica

WRITEBACKFIFO

BL

AD

E

from=10.0.0.1:4629to=199.32.42.3:80node={A.5, Green}…inbound=200outbound=6346

topgun – where to buy…

oops, offtopic !

1. no product now

2. details

3. currently just talking

topgun dpi will…

Monitoring &Protection

IDS / IPS, Transport / Signalling,

Overload

Control

QoS, Policing,Shaping, Filtering

GSM / UMTS / LTE

PCEF, TDF, …

UsefulProtocol Detection

Shaping Deep Filtering

commodity hardware

extend by demandon the fly

wide

application scope

+100500…

let’s HACK ;)

1. cherry-pick single worker…by known hash-distribution© Alexander Lyamin %)

2. SYN flood

3. IP-fragment flood

4. deceive classification

5. bypass HTTP filtering

6. your turn…

topgun – main benefits

1. elastic: performance scalability, wide application scope

2. expandability: by demand, on the fly, just connect hardware

3. enhancement: by demand, non-intrusive two-step, new soft in a new server