Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
Deep Packet Inspection Test Methodology

Deep Packet Inspection Test Methodology

Ratings: (0)|Views: 36 |Likes:
DPI; Deep Packet inspection; Packets
DPI; Deep Packet inspection; Packets

More info:

Published by: FKN: Fairsport Knowledge Network on Apr 08, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/08/2013

pdf

text

original

 
www.breakingpoint.com
© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.1
Rethink Deep Packet Inspection (DPI) Testing
Rethink Deep Packet Inspection Testing
 A Methodology to measure the performance, security, and stability of deep packet inspection (DPI)devices under realistic conditions
 
www.breakingpoint.com
© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.2
Rethink Deep Packet Inspection (DPI) Testing
Table of Contents
Introduction ....................................................................................................................................................................................................................3Maximum Performance .............................................................................................................................................................................................5Maximum Performance Using Jumbo Frames ...................................................................................................................................................18Maximum TCP Connection Rate ..............................................................................................................................................................................25Maximum Concurrent TCP Connections ..............................................................................................................................................................36Strike Mitigation ............................................................................................................................................................................................................46Strikes Blocking with IP Fragmentation ................................................................................................................................................................54SYN Flood .........................................................................................................................................................................................................................61Inappropriate Content Filtering ...............................................................................................................................................................................70Spam Email Blocking ...................................................................................................................................................................................................84Suspicious Content Detection ..................................................................................................................................................................................100Webmail Phrase Detection ........................................................................................................................................................................................114About BreakingPoint ...................................................................................................................................................................................................129
 
www.breakingpoint.com
© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.3
Rethink Deep Packet Inspection (DPI) Testing
Introduction
Deep Packet Inspection (DPI) functionality enables network devices such as content-aware switches and routers, next generation rewalls,intrusion prevention systems (IPS), and application delivery controllers to inspect and take action based on the content and context of packets as they travel across the network. DPI functionality goes well beyond the protocol header into data protocol structures and theactual payload of the message. This allows DPI-capable devices to identify and classify trac, providing a granular level of packet inspectionto help mitigate buer overow attacks, Denial of Service (DoS) attacks, intrusions, worms and even spam. DPI technology also enablessolutions such as metering to ensure quality of service, lawful intercept of information and data leak prevention.DPI has become a mainstream technology and something that businesses and individuals traversing networks come across, albeitunintentionally, every day. One of the more high prole uses of DPI involves service providers who leverage DPI to ensure quality of serviceto customers in the face of an explosion of peer-to-peer (P2P) trac. Using DPI technology, service providers better manage bandwidthin real time, allowing for non essential services such as P2P le sharing applications while giving priority to essential services during peak times.Since DPI plays such an important role in providing increased network security, tiered Internet services and data loss prevention, the abilityto test DPI functionality is critical. The following BreakingPoint
Deep Pack Inspection Resiliency Methodology demonstrates how to createrealistic global network simulations in order to properly verify the DPI capabilities of your device.Performing these series of tests using the BreakingPoint Storm CTM™ on a DPI device will help determine the device’s actual abilities underdierent circumstances. For example, the DPI device may perform as expected under a light trac load but when under a higher loadperform to a fraction of its stated ability. Performing these tests will help you better understand the impact of dierent scenarios and thereasons behind the results.Realism is key in network simulation; therefore, we recommend that the test environment emulate the deployment environment as closelyas possible. Directly connected devices such as routers, switches and rewalls impact packet loss latency and data integrity. Additionally,the number of advertised host IP and MAC addresses, VLAN Tagging and NAT can also aect the performance of the DPI.If it is not feasible to recreate the deployment environment, we recommend connecting the BreakingPoint Storm CTM directly to the deviceunder test (DUT). Regardless of how your deployment environment is set up, be certain that all DPI devices and builds that are underevaluation use the same test environment to ensure consistent results.Recommended tests included in the methodology:
Maximum Performance
This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect each packet’scontent.
 The overall throughput that the DPI device is able to support will be determined.
Maximum Performance Using Jumbo Frames
This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect the contents of each jumbo frame.
The overall throughput that the DPI device is able to support will be determined.
Maximum TCP Connection Rate
This test will validate DPI device performance by using only good trac without requiring the DPI device to inspect each packet.
 Various TCP metrics will be analyzed to determine how a greater number of TCP connections per second aects the time it takes to establisha new TCP connection.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->