Enable Deep Packet Inspection and Policy Control with · PDF filePolicy Control and Deep Packet Inspection QorIQ Data Path Acceleration Architecture (DPAA) accelerates Policy Control
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
►Policy control and management tools, including Deep Packet Inspection (DPI), enable mobile network operators to:
• Provision the network• Charge base on usage and service level
►Policy control is vital for mobile operators to successfully harness next-generation networks and deliver services that meet the growing needs of subscribers and applications
• Must be able to handle and prioritize all traffic types: Voice, VoIP, Video, IPTV, Web surfing, Email, Instant Messenger
►Architectures like 3GPP Evolved Packet Core imply a new role for policy and DPI tools that will place them right at the heart of the wireless network
►Policy Control requires a Policy Management Server and a Policy Reinforcement server
• Optionally, one can implement a Charging Server to track bandwidth consumption
Presenter
Presentation Notes
http://finance.yahoo.com/news/Verizon-Wireless-Deploys-iw-1413547196.html?x=0&.v=1 "Policy control is vital for us to successfully harness LTE and deliver services that meet the growing needs of our subscribers and their applications," said Tony Melone, chief technical officer for Verizon Wireless. "Every day, Camiant is demonstrating their policy control capabilities, and we look forward to having them play an important role in realizing our vision of the nation's best 4G LTE network." "Verizon Wireless is making the promise of LTE a reality," said Susie Kim Riley, Camiant founder and chief technical officer. "We are honored that Verizon Wireless has selected Camiant as a key vendor partner in the building of an unparalleled mobile infrastructure for the delivery of next generation services and applications." Verizon Wireless' LTE rollout plan positions the company to be a global leader in 4G LTE deployment, and it is on track to deliver the nation's first 4G LTE network to customers in 25 to 30 markets, covering roughly 100 million people by year's end.
http://theucguy.wordpress.com/2008/10/13/ocs-2007-audiovideo-bandwidth-calculation/ MediumMinHigh Quality Data56kbps56kbps Voice50kbps80kbps Video50kbps350kbps RoundTable (Conference video phone)50kbps350kbps Note that the requirements are cumulative – Data + Voice + Video = 56 + 50 + 50 = 156kbps (Minimum Quality) or 56 + 80 + 250 = 386kbps (High Quality)” ============================= Wikipedia One hour of video encoded at 300 kbit/s (this is a typical broadband video in 2005 and it is usually encoded in a 320×240 pixels window size) will be: (3,600 s × 300,000 bit/s) / (8×1024×1024) give around 128 MiB of storage. If the file is stored on a server for on-demand streaming and this stream is viewed by 1,000 people at the same time using a Unicast protocol, the requirement is: 300 kbit/s × 1,000 = 300,000 kbit/s = 300 Mbit/s of bandwidth This is equivalent to around 135 GB per hour.
►Pros• Delivery of desirable services• Improved user experience• Compliance• Statistic collection• Application awareness• Intelligence built into the network
911 must go thru the network
►Cons• How is information being used?• Distrust of Service Provider or Mobile Carriers
►3GPP• 3GPP PCC (Policy and Charging Control)• Policy Charging Rules Function (PCRF)• Policy Charging Enforcement Function (PCEF)
►LTE• IP Multimedia Subsystem (IMS)• PCRF, PCEF
►WiMAX• IP Multimedia Subsystem (IMS)• AAA (Authentication, Authorization
and Accounting)►Unified Communication (UF)
Presenter
Presentation Notes
http://www.wimax.com/commentary/spotlight/evolution-of-qos-and-charging-framework-in-wimax/?searchterm=policy%20control 3. POLICY FUNCTION IN 3G (PCC)��The Policy Function was introduced as the Policy Decision Function (PDF) in 3GPP Release 5. Initially, the PDF was limited to determining static charging rules, which were then utilized for postpaid applications. However, today, there are services such as online gaming, which require specialized charging models. However, the Release 5 PDF specification was limited to static charging rules. ��3GPP Release 7 evolved the Policy and Charging Control (PCC) architecture for determining and enforcing dynamic QoS and charging policies to all the network infrastructure elements involved in providing a specific requested service. The Policy and Charging Rules Function (PCRF) is the node designated in real-time for the determination of the policy rules. For example, a set of policy rules can be activated to verify access permission, checking and debiting credit balance etc., all in real-time. The PCRF enforces these policy rules through its interaction with 3GPP Release 7 Policy and Charging Enforcement Function (PCEF), which handles the transport plane.
►A pre-defined policy that controls the network use is based on application types and bandwidth usage• First, it needs to identify the applications running on the network• Second, it must be able to rate limit the bandwidth for the pre-defined application
► Identify Applications using Snort multimedia.rules• # alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MULTIMEDIA
Windows Media download"; flow:from_server,established; content:"Content-Type|3A|"; nocase; pcre:"/^Content-Type\x3a\s*(?=[av])(video\/x\-ms\-(w[vm]x|asf)|a(udio\/x\-ms\-w(m[av]|ax)|pplication\/x\-ms\-wm[zd]))/smi"; classtype:policy-violation; sid:1437; rev:8;)
• Flow from External Network to Internal Network• Multiple Signatures:
►Data path resources are effectively virtualized with software drivers
►Minimal SW overhead for any packet• Queue Manager supports the logical passage of frames between data path
functioning blocksProvides various queue-related functionality such as congestion management (tail drop, RED/WRED)Prioritize scheduling of data from queues
• Buffer Manager manages pools of buffers for storing frame dataManaged on behalf of softwareUsed by hardware
• Pattern Matching Engine search input data against patternsUp to 32K patternsUp to 128B matched length9.6 Gbps raw scanning throughput
Policy Control with Stateful Rule Engine► Condition Operands are: ==, !=, >, >=, <, <=, “IF (CONCLUSIVE)”► If/else
if (<condition>){<action_1><action_2>...}else{<action_1>...}
► While loop• Keywords: break
while (<condition>){action}
If the rule reaction needs to distinguish between conclusive or inconclusive matches, you must specify the compiler option - allow_inconclusive. Otherwise, the compiler assumes that only conclusive matches are desired.
►Sample Snort rule from multimedia.rules:• # alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"MULTIMEDIA Windows Media download"; flow:from_server,established; content:"Content-Type|3A|"; nocase; pcre:"/^Content-Type\x3a\s*(?=[av]) (video\/x\-ms\-(w[vm]x|asf)|a(udio\/x\-ms\-w(m[av]|ax)|pplication\/x\-ms\-wm[zd]))/smi"; classtype:policy-violation; sid:1437; rev:8;)
• The PCRE is scanning for: Content-Type:\s*(video/x-ms-(w[vm]x|asf)) ORContent-Type:\s*(audio/x-ms-w(m[av]|ax) ORContent-Type:\s*(application/x-ms-wm[zd])
The (?=[av]) is an "extended constructs" called lookahead that PME does not support natively. (?=[av]) helps software base regex to be more efficient, but it does not change the accuracy of the pattern. PME does not require software base "lookahead" and remove it will not impact the performance AND matching operation.
►Wireless service providers need to gather application-level intelligence for network planning and provisioning
►QorIQ DPAA accelerated Deep Packet Inspection and offloads policy control decision from the host processor
Presenter
Presentation Notes
The (?=[av]) is an "extended constructs" called lookahead that PME does not support natively. (?=[av]) helps software base regex to be more efficient, but it does not change the accuracy of the pattern. PME does not require software base "lookahead" and remove it will not impact the performance AND matching operation.