Benefits
The Protocol Analysis toolkit detects and identifies a wide range of protocols and applications within the traffic that passes through your device. The toolkit is optimized to provide high detection rates and high performance, and it is designed to be easily integrated into other applications. Rule updates are straightforward and convenient.

Key benefits include:

• Highly efficient code provides better performance
• Wide coverage (detects hundreds of protocols)
• More accurate detection
• IPv6-ready
• Detects different types of applications
• Increased intelligence capabilities
• Uninterrupted in-network service
• Intelligent analysis tools – signature recognition
• Real-time monitoring
• Faster development time (easily integrated into larger systems)

Block Diagram

Applications
The protocol detection system supports a variety of protocols and applications. In addition, the system provides an easy way to add new protocols. In most cases, adding a new protocol involves writing a new rule in the rule definition file, followed by offline compilation and run-time loading. In rare cases, a new plug-in (C code) may be necessary, which requires source code compilation and system reboot. Examples of supported protocols include the following:

• Email (IMAP, POP3, SMTP, etc.)
• Web (Facebook, MySpace, etc.)
• Internet (HTTP, FTP, TCP, WAP, etc.)
• Multimedia (Flash, Quicktime, Real, WinMedia, YouTube, etc.)
• Peer-to-Peer (BitTorrent, eDonkey, Gnutella, etc)
• Networking (DHCP, DNS, LDAP, SNMP, etc.)
• Tunneling (GRE, IPSec, L2TP, SSH, SSL, etc.)
• Session (rlogin, rsh, telnet, etc.)
• Messaging and VoIP (Skype, AOL, GoogleTalk, Yahoo, MSN, etc.)

Technical Specifications
Each of the designated cores runs the entire system in parallel. The OCTEON hardware is configured so that packets of the same flow are scheduled to the same core, allowing multiple cores to process different flows’ packets simultaneously without using any locks or conflicts.

Three different schemes (port-based detection, signature-based detection and heuristics-based detection) work together to achieve high detection levels. The chip's DFA hardware accelerates pattern matching in the packet payload. We've provided a convenient interface for external analysis applications (such as charging, voice minutes revenue protection, application aware QoS handling and application aware SLAs).

Features include:

• In-line protocol detection (detects hundreds of protocols)
• Detecting tunnels, sessions, VOIP and video conference applications
• Includes IP reassembly
• Supports IPv6
• Includes TCP reassembly
• Flow/session based detection to reduce overhead
• Flow association to increase detection effectiveness
• Comprehensive schemes working on packet metadata, packet payload and flow behavior (port-based, signature-based and heuristics-based)
• Content extraction based on keywords
• Real-time update of protocol signatures without causing service interruption
• Real-time analysis and signature development of undetectable flows
• Real-time statistics
• Fully optimized on OCTEON hardware with DFA/HFA acceleration
• Flexible application integration
• Professional services including customer application integration and rule update

Performance
By taking advantage of acceleration and software optimization, the protocol detection system achieves high performance in typical uses.

• 10Gbps on 10 cores is typical
• Up to millions of simultaneous flows
• Scalable with more detection rules

Ordering Information
CN3000-APP_PROTAN

Reference Materials
Coming soon.

Call us
To learn more about our Protocol Analysis Toolkit, call us today: 650-623-7000