Wednesday, October 27, 2010

How to Build DPI Products? (Part IV - Performance Testing)

After we have seen some recommendations regarding the architecture of modern DPI systems (CPU, System, 100G support), we need also to verify (and benchmark) the performance of DPI devices in a modern network environment, taking into account the DPI aspects.

Benchmarking Methodology for Content-Aware Network Devices (here), is a new draft for an IETF document with the following purpose:

"define a set of test scenarios which may be used to create a series of statistics that will help to better understand the performance of network devices.  More specifically, these scenarios are designed to most accurately predict performance of these devices when subjected to modern traffic patterns .. Content-aware devices take many forms, shapes and architectures. These devices are advanced network interconnect devices that inspect deep into the application payload of network data packets to do classification.  While a list of devices that fall under this category will quickly become obsolete, an initial list of devices that would be well served by utilizing this type of methodology should prove useful.  Devices such as firewalls, intrusion detection and prevention devices, application delivery controllers, deep packet inspection devices, and unified threat management systems generally fall into the content-aware category."

1 comment: