Network Security

Although, organizations have been using deep packet inspection (DPI) technology to analyze network usage and performance, there is no common method to test and validate DPI throughput for network security products like next generation firewalls and unified threat management appliances. Plus, there are still some other challenges confronting DPI, which is a method of packet filtering that examines the content in the packet header and payload. 

And they need to be addressed.

To address some of these issues, the Embedded Microprocessor Benchmarking Consortium (EEMBC (News - Alert)) has formed a working group comprising network processor vendors and communications systems manufacturers. To effectively measure the performance of DPI on network processors, the EEMBC group has readied a benchmark draft called DPIbench.

Besides reporting a system’s throughput in bits per second, the benchmark will also look for viruses and malware programs, according to EEMBC. In addition, EEMBC plans to standardize the setup and certification methodology, as well as the standardized run and reporting rules. EEMBC officials believe that the standard methodologies will eliminate confusion for IT professionals, office managers, and consumers who are evaluating the DPI products for purchase.

Traditionally, embedded processors for communications systems were structured to just read a few bits on the headers of packets, such as its source and destination addresses. But, the latest processors scan every bit in a packet to determine the nature of its content, a job that can slow network throughput depending on how it is implemented in silicon and systems.

In a statement issued by EEMBC, Jeff Caldwell, R&D director at SonicWall and chairman of the DPIbench working group, said “We have seen a desperate need for well-constructed, industry-accepted DPI benchmarks to equitably evaluate the throughput of platforms while handling various network-security threat vectors.” Plus, he added, “We strongly encourage all industry leaders to participate in the creation of these EEMBC DPI benchmarks, which will help meet this urgent need. Upon completion, we plan to proceed to Internet Engineering Task Force (IETF) formalization of this benchmarking methodology.”

Likewise, commented EEMBC president Markus Levy (News - Alert), “Most DPI product vendors use proprietary methods for measuring and specifying their products’ performance, which makes it very challenging for their customers to do an accurate competitive analysis.” “In the customer’s interest, we are encouraging all relevant companies, including the system manufacturers, network processor vendors, and networking and security application developers, to join us in this effort to ensure a meaningful and fair representation,” Levy said.

Currently, the DPI working group includes representatives from companies like Cavium Networks, Intel, LSI and NetLogic (News - Alert), as well as SonicWALL and three other communications systems vendors.