 Introduction to DPI technology

 Introduction to Sandvine DPI

 Sandvine DPI solution
 Policy traffic switch (PTS)
 Sandvine Policy Broker (SPB)
 Service Delivery Engine (SDE)
 Control Center
 MCIT solution overview
 Introduction to san script
 Sample of node configuration
Introduction to DPI technology

 Deep packet inspection is a method of analysis that dissects network

data to extract useful metadata.
 Deep packet inspection illuminates network trends, helps ISPs optimize
bandwidth and throughput, and can reveal user behavior.
 Deep packet inspection has been a useful IT tool for nearly two decades.
As the internet evolves to include mobile and IoT devices, deep packet
inspection is being used more and more frequently.
Introduction to DPI technology

• Shaping & priority – queue management

• Filtering – accept/drop/reject/redirect
• Traffic steering – divert, ADC
• Packet header manipulation – 802.1q, IP, MAC
• HTTP header manipulation/enreachment
Introduction to Sandvine DPI

 Sandvine is the global leader in network policy control solutions that

empower fixed,mobile, and converged access Communication Service
Providers (CSPs) to create intelligent networks that provide:
 Business intelligence
 Revenue growth
 Traffic optimization
 Network security
Sandvine DPI solution

How Sandvine improve network functionality

 Traffic Management
 Fair share Traffic Management
 TCP Accelerator
Policy traffic switch (PTS)

 Traffic Detection:
identification and measurement of Internet data traffic, including over-the-top
(OTT) services
 Policy Enforcement:
applying direct and indirect management policies to ensure optimal traffic flow
 Charging Enforcement:
ensuring billing and charging is applied correctly by reporting usage to online and
offline charging systems
Policy traffic switch (PTS)
Policy traffic switch (PTS)
Sandvine Policy Broker (SPB)

SPB Roles Segment SPB Functions :

 statistics storage
 subscriber session management
 subscriber profile management
 performance optimizations based on network needs
Sandvine Policy Broker (SPB)

SPB Features

 Top Talkers
 Web Services API
 Subscriber Attributes
 Inactive Subscriber Management
Sandvine Policy Broker (SPB)
Sandvine Policy Broker (SPB)

The Subscriber Policy Broker (SPB) is a central point of configuration for subscriber
provisioning and policy configuration. The SPB provides services that enable communication
and data access for Sandvine elements and third-party APIs.
Policy Traffic Switch (PTS)
• Data plane policy
• Real-time traffic policy enforcement
• Traffic and subscriber measurements
Service Delivery Engine (SDE)
• Control plane policy
• Enforcement via interface to Sandvine and non-Sandvine elements
SPB SERVICES

 SPB consist of 8 services :

1. Statistics collection services
2. Reporting services
3. Subscriber services
4. Network topology services
5. Information services
6. Administration service
7. Deployment services
8. Policy services
SPB ROLES

The SPB con configured to preform A single role or a combinations of roles

The primary functions of the SPB are statistics processing, subscriber
provisioning, and
reporting. With role based access, these functions are provided by the
subscriber and
statistics database servers.

1. state: the SPB processes statistics published by the network elements

(Top-talkers,summarizers)
2. Subscriber-session: the SPB processes subscriber session(IP mapping
session attributes)
3. Subscriber-profile: the SPB acts as a repository for subscriber and
subscriber attributes
SERVICE DELIVERY ENGINE (SDE)

SDE Main Block Function

 Subscriber Database
 Billing
 Rating
 Charging
 SERVICE DELIVERY ENGINE (SDE)

SDE Traffic Flow

SERVICE DELIVERY ENGINE (SDE)
CONTROL CENTER

Control Center Main Functions

 Operational Insight
 Real-Time Visibility
 Policy Libraries
 Rule Builder
 Service Designer
 Easy Software Updates
 Subscriber Mapping Configuration
CONTROL CENTER
Subscriber Mapping
Enough Talking
MCIT SOLUTION OVERVIEW

Sample of PTS configuration

PTS# set config interface 1-1 function subscriber
PTS# set config interface 1-2 function internet
PTS# set config interface 1-3 function subscriber
PTS# set config interface 1-4 function internet

PTS# set config interface 1-1 enabled true

PTS# set config interface 1-2 enabled true
PTS# set config interface 1-3 enabled true
PTS# set config interface 1-4 enabled true

PTS# set config interface 1-1 link-group 1

PTS# set config interface 1-2 link-group 1
PTS# set config interface 1-3 link-group 2
PTS# set config interface 1-4 link-group 2

PTS# set config interface 1-7 function cluster

PTS# set config interface 1-8 function cluster

PTS# set config interface 1-8 link-aggregation-group 1

PTS# set config interface 1-7 link-aggregation-group 1

PTS# set config service spb servers 10.210.207.21

PTS# set config interface link-group 1 enabled true

PTS# set config interface link-group 2 enabled true
PTS# set config interface link-group 3 enabled true
MCIT SOLUTION OVERVIEW

SPB#set config cluster name MCIT_SPB

SPB#commit
SPB#show config cluster name
SPB#show config cluster
SPB#show service message-broker status
SPB#set config default-user enabled true
Then install Control Center Server on SPB machine
MCIT SOLUTION OVERVIEW

root@sde#svcli
SDE>configure
SDE#set config service spb servers
SDE#commit
SDE#show config service spb servers
SDE#show service spb connections
SDE#set config cluster name MCIT_SPB
INTRODUCTION TO SAND SCRIPT

PTS configuration files

Rc.conf
Define HW properties , traffic shunting , physical topology
Policy.conf
Define policy enforcement rules
Subnets.txt
Define text-based ip map of the network
INTRODUCTION TO SAND SCRIPT

 All rules depend on if <condition> then <action>

 Example : if protocol “HTTPS” then shape to xxxxx
 Line start with # is a comment
 All white spaces are neglected
 Rules are case sensitive
 We can use logic operators (OR ,AND ,NOT)
INTRODUCTION TO SAND SCRIPT

 Every rule is evaluated for every flow being inspected

 Rules are vetted in the order the appear in Policy.conf
 If the flow satisfied the condition for more than one rule it will executed
the corresponding actions in order if possible
 If an action is incompatible with an earlier action ,then only the
compatible actions are applied in the order they appear
INTRODUCTION TO SAND SCRIPT

 Grouping set of rules together

 Enhancement inspection performance
 Reduce coding

Example:
INTRODUCTION TO SAND SCRIPT

 Client / Server
 Subscriber / Internet
INTRODUCTION TO SAND SCRIPT

Attribute

Class

Expr()

Ip_address

Layer4proto
col

The list of Valid

Protocol
Conditions

Provider

Tcp_port

Time

True

Udp_port
INTRODUCTION TO SAND SCRIPT

Valid actions

allow
block
captive_portal
count
divert
mark
set_attribute
shape
tcp_reset
tee
INTRODUCTION TO SAND SCRIPT

PolicyGroup
{

if (expr(OneOf(NetworkName(Flow.Internet.IPAddress),"Web-Zone_Server"))) \
then shape to subscriber shaper "Web_Zone_Shaper"

if (expr(OneOf(NetworkName(Flow.Subscriber.IpAddress),"MCIT-NOC-Servers")))\
then shape to subscriber shaper "MCIT_NOC_Shaper"

if (expr(OneOf(NetworkName(Flow.Subscriber.IpAddress),"MCIT-B1-Wired","MCIT-B1- Wireless-VIP", \
"MCIT-Wireless-MO")))\
then shape to subscriber shaper "MCIT_B1_Shaper" priority "Normal“
}
INTRODUCTION TO SAND SCRIPT

User Shaper
PolicyGroup (time wday Monday,Tuesday,Wednesday,Thursday,Sunday hours 0830-1530)
{
if (expr(OneOf(NetworkName(Flow.Internet.IPAddress),"Web-Zone_Server"))) \
then shape to subscriber shaper "User_2M_Shaper" unique by (Flow.Subscriber.IpAddress)

if (expr(OneOf(NetworkName(Flow.Subscriber.IpAddress),"MCIT-NOC-Servers"))) \
then shape to subscriber shaper "User_2M_Shaper" unique by (Flow.Subscriber.IpAddress)

if (expr(OneOf(NetworkName(Flow.Subscriber.IpAddress),"ITIDA-B121-Wired","ITIDA-Wireless-User",
\
"ITIDA-Wireless-IT","ITIDA-Wireless-VIP","ITIDA-Wireless-Guest","ITIDA-Wireless-Mobile")))\
then shape to subscriber shaper "User_512K_Shaper" unique by (Flow.Subscriber.IpAddress)
}