Inline DPI and Blacklist Matching: Hardware-based Flow Classification Use Cases
Enable High Performance, Low Latency, Scalability and Precision
Implementing flow classification functions in an FPGA (as opposed to software) enables the highest performance, lowest latency, scalability and precision required in sophisticated, mission critical network monitoring and security applications.
Accolade Technology provides the most technologically advanced 1-100GE FPGA-based, lossless packet capture and acceleration adapters that help accelerate network/cyber security and monitoring applications. Accolade’s advanced ANIC adapters are fully PCIe compliant and seamlessly integrate into standard servers offered by companies such as Cisco, Dell, HP, Super Micro and others.
The following are a few high-level flow classification characteristics offered with ANIC adapters:
- Can track up to 32 million unique IP flows per adapter
- Actions such as forward, drop or redirect can be requested on a per flow basis
- Both directions of a flow are tracked and recorded
- Information such as total packet count, byte count and the last time a packet was seen is maintained for every flow
Use Cases:
Inline Deep Packet Inspection (Inline DPI)
Flow classification can be used as a mechanism to selectively drop unwanted flows in live network traffic. The flows could be dropped for many reasons for instance if they are deemed malicious or if they violate some terms of service.
Blacklist Matching
Flow classification can be used to drop or block known bad IP addresses (IPv4 or IPv6). In this scenario, the host application provides the ANIC adapter (via the API) a list of IP addresses and if the source IP address of a flow matches one of the IP addresses in the blacklist, the flow is immediately dropped or blocked and the payload data is sent to the host application for analysis.