Talking with many analysts and reviewing reports in the past weeks regarding our latest announcement of Director Pro and its unique capabilities, I found myself in a strange situation: Explaining what DPI (Deep Packet Inspection) is and what a makes a DPI-able solution like Director Pro different from other platforms that might have the ability to search for some data within portions of the packet.Let's make it clear. The Net Optics Director product has the ability to filter content (or do pattern matching) within portions of the packet that can go all the way to Layer 7 in some cases. It can even go "deep" there, but it doesn't include DPI. Director Pro, on the other hand, has the DPI capabilities.
So what's the difference and why is it that almost a decade since DPI was introduced to the market, people still do not use the term correctly?
Trying to answer my own question I found that there aren't too many good resources explaining what DPI is and how it works. Many sites would reference security solutions, Proxy vs. Stateful Inspection (the memories….).
So read and copy:
Deep Packet Inspection is the ability to apply filters to a packet or multiple packets at any location, regardless of packet length (or how "deep" the packet is) or the location of the data to be matched within this packet. A DPI system does not care about header, payload and its size. A DPI system does not care about the offset of the filter. A DPI system is totally independent of the packet.
DPI is a function. Security solutions like IPSs, Application Firewalls and DLP devices use DPI. Content delivery platforms use DPI. Director Pro offers DPI.
In short, DPI can be used for different purposes. Director Pro is using DPI to provide better pre-filtering. The Dynamic Load Balancing engine can perform a better balancing job based on content.
-- Sharon
(Image source)
No comments:
Post a Comment