One of the design goals of the Internet Protocol was easy routing. The router only had to look at address information in the packet header to determine what to do with the packet. The whole process was designed to be payload-independent: The routing device did not even need to know what type of content the packet carried, or how it was encoded.
My, how times have changed.
Network managers now want to make all kinds of decisions"many of them Draconian"based not on the source or destination addresses of a packet, but on its content. Spam must be recognized accurately and filtered out, or the growing impact on knowledge-worker productivity will be so large that it will have to be discussed in the annual report. Not to mention that some types of spam could expose the enterprise to legal liability.
Viruses, worms, Trojan horses and many other types of executable code are to be excluded. Some types of technically harmless but emotionally objectionable content are to be shut out as well. And, increasingly, there are institutional policies to be followed, about not only what may come into a network but also what may leave it.
The only answer is to inspect the content of individual packets-even if they are compressed, camouflaged or encrypted-and to make decisions based on what is found there. But to impose this task high in the network, at an access point, an enterprise gateway or even on the backbone itself, is to accept crippling performance demands. Vendors are now responding with innovative hardware accelerations to meet the challenge, claiming wire-speed deep-packet inspection is not only an achievable goal, but a reality.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
