Category: Industry
February 28th, 2013 by Cam Cullen; Category: Industry, Technology
Share

    At Mobile World Congress in Barcelona yesterday, Firefox OS was launched, and if it succeeds, it could have a very interesting effect on Mobile applications and policy enforcement needs. Firefox OS is entirely web-based, and Ars Technica put it best – rather than “there’s an app for that”, their answer is “There’s a Web for that!”. Firefox OS is entirely built on HTML5 and other open web standards. It has the support of a number of phone manufacturers and mobile operators, and would love to offer an option to the current duopoly of Apple and Google for both handset manufacturers as well as consumers.

    Why would the success of Firefox OS have an effect on Intelligent Policy Enforcement? Some of the most interesting use cases for Policy Enforcement are in the analytics and charging area, and with Firefox OS – there are no apps anymore.

    There is just the web.

    No “Facebook for Android”. No “Facebook for IOS”. Even no “Flipboard for IOS”.

    So you can recognize one million application signatures? I just need one, thanks.

    What you would need in this type of environment is the ability to understand web traffic better. A value added service plan for the mobile operator would transition from application-based to site and content-based.

    Sounds good to us – a great opportunity for Content Intelligence.

    February 18th, 2013 by Alexander Haväng; Category: Industry, Products, Technology
    Share

      At Procera, we actively seek out challenges. So when you’ve already got the world’s most sophisticated DPI engine and the largest collection of signatures on the planet, where do you go next? We need something cool for our analysts and programmers in the signature group, so we thought we’d go after something really hard and really valuable. We didn’t call it Content Intelligence at the time, and from the very start we were slightly less ambitious and just wanted to add URL classification so that we can do Parental Control and other kinds of simple URL filtering.

      But let’s start there, URL filtering – what is it and how do you implement it at a scale that works for Tier 1 operators? URL filtering is the technology where a networking device can stop traffic to a particular website (let’s say URL) by looking up the categories of URLs inspected in the passing traffic. The categories are provided by a huge database of URLs. You can build such a DB yourself, but it’s a lot of work and frankly for a company like Procera simply not worth it. We chose to source our filtering database from a recognized vendor that is widely deployed throughout the world.

      But while looking at this, the signature team realized that the real value of URL classification for Procera (and network operators) is NOT with URL filtering – it’s with analytics. And no surprise, the databases out there are not written for that, they’re developed just for filtering. And not all categories are used for filtering really, mostly filtering of porn and other high profile targets. So while the databases are large (huge long-tailish data), they lack the kind of detail that we need for really useful analytics – like multi-dimensional analysis of a URL. For example, not only classify a site as “entertainment”, but as “sport”, and not stop there but go further to “baseball” and then we go really crazy and say “News articles”, “Includes Ads”, “Frequently updated content”, “Youthful audience”, “Horrible spelling”, etc.

      Typically URL filtering solutions are racks and racks of equipment for even modest amounts of traffic (barely ten gigs). That’s because the typical URL filtering devices out there are developed for the enterprise (think UTM devices), with very different scalability requirements compared to the space Procera plays in. IPE (Intelligent Policy Enforcement) devices like PacketLogic are built for maximum scalability and performance. What does that really mean? Well, there’s a lot of different ways to solve a problem in software development. They range from the slowest stupid way (think bogosort), to the quick and dirty (bubble sort), to the smart efficient way (qsort, heapsort) to the mind boggling (positronic sort, I just made that up, I think). Most of the code we write at Procera is of that mind boggling kind – the scale is just crazy. We’re handling tens of millions of packets per second per CPU core, while doing a lot more with every packet than pretty much any other networking device. You can only do that by writing the most efficient code possible – and always looking to improve on everything that you did.

      So let’s apply that kind of mentality to URL classification. Say that we have a million or so URL lookups to do per core per second. Know of any databases running a single core that can support that kind of scale? Didn’t think so.

      Even if they existed, getting the packets from the fast path (PLOS) into userspace to do the lookup would suck. In PLOS we like run-to-completion kind of approaches where we optimize something until it’s appropriate to run in the normal packet flow.

      As such, we can afford a very limited cycle budget. There are RX queues that hold a large handful of packets while we process an expensive packet, but if we take too long the RX queue will fill up and we will drop packets. Can’t have that(!), so let’s make sure we’re fast. So we move in the huge URL database into PLOS memory, implement the fastest possible lookup algorithm and BAM – content categorization at huge scale.

      “No, you can’t do that, it’s 45 million URL entries and well, nobody does it like that! You’re supposed to run this SDK from the DB vendor that implements fast lookups with trees and callbacks and ….”

      Yeah, whatever, honeybadger doesn’t really care, our way is faster.

      And we could stop right there, with the most powerful URL classifier in networking, but unfortunately in the world of IPE, ‘It’s never easy’. We also need a super-scalable way of storing analytics on these URL categories, we need hitless updates to our database, we need LiveView extensions to look at URL categories in real time, etc, and so on – at ever increasing performance and scalability requirements for the largest network operators in the world.

      And that’s just the things we’ve thought of so far.

      February 8th, 2013 by Trevor Failor; Category: Industry, Technology
      Share

        Just got back from a great week at the NTCA/OPASTCO Expo in Orlando where we were thrilled to be an Inner Circle Sponsor this year.   We appreciate the excitement and interest from NTCA/OPASTCO members and are proud to be an NTCA Affiliate vendor member. We are equally fired up about servicing this market and helping rural providers navigate the path to service-enabled networks. Thanks to the many folks who stopped by our booth to learn more about Procera.

        One thing that came through loud and clear is that our recent work with billing vendors is already providing great benefit to our partners, customers and is also resonating well with prospects. Vendor cooperation is critical to your success and our partners and customers all agreed that Procera has established itself as an able, open and willing participant in these integrations. We take our cues from you and realize that no one is served by secretive and proprietary behavior designed to limit customer choice and benefit the few that, frankly, have had a fair number of shots at this apple. Read more [+]

        January 23rd, 2013 by Jon Linden; Category: Industry, Technology
        Share

          Yesterday we introduced Content Intelligence. Did you see that? It’s actually really cool, but I think I might have to add some color to make sure you catch why this matters. This is yet another step in our consistent strategy around Intelligence Everywhere, where we know that you need to see more to do more. But what does Content Intelligence really mean? Well, in short we drill deeper into the HTTP protocol. Why do we do that? Because HTTP is not just a web protocol anymore. Read more [+]

          January 7th, 2013 by Cam Cullen; Category: Industry, Technology, Uncategorized
          Share

            Procera announced something very important today, and it may not be the exact thing you are thinking of. Yes, we did announce the acquisition of Vineyard Networks, but that was an event, and it is the result of that acquisition that signals a big change going forward. We have long believed at Procera that Deep Packet Inspection was simply a technology, and we have consistently communicated that through our use of Intelligent Policy Enforcement (where we use DPI as our core technology). The combination of Vineyard and Procera takes the two technology leaders in the DPI and offers the industry an opportunity to embed, not just DPI, but “Intelligence” into devices all throughout the network.

            Cloud-based services and Software Defined Networking are blurring the line between enterprises and service provider networks. Consumers are increasingly taking advantage of “Bring Your Own Device (BYOD)” policies within enterprises, and are accessing content from multiple devices and networks, both as a consumer and as an enterprise telecommuter. Network operators are expected to deliver consistent services across all access infrastructures, and enterprises are looking for greater visibility and control over the security of their networks. The expectations of consumers for a high quality of experience are sky high, as they have come to depend on these cloud services – whether it is for Social Networking, video streaming, photo sharing, or synchronization of their media libraries with services like iCloud or Dropbox. Network operators are struggling to meet these expectations within their current capital budgets. The growing volume of traffic on both enterprises and ISPs networks require a greater level of network intelligence that can only be provided through solutions that provide context for data for both analytics and control. The growing power of general purpose CPUs has also been a great enabler, as no longer are ASICs or even NPUs required for high performance packet processing.

            Intelligence needs to be spread throughout the network, and many systems are attempting to add “DPI” functionality to their portfolio. However, DPI is a highly specialized function, and evolving constantly to keep up with the changing application and content landscape. Many network equipment vendors and telecom equipment manufacturers are looking for packaged solutions in this area rather than trying to build solutions from scratch, and want a brand name with the largest signature library available. The reason that they are looking for a package is to meet the time-to-market competitive pressures, as more and more vendors are attempting to add the capability to their solutions, and being late to market could be devastating to a product. This need has been what has fueled Vineyard’s growth, and Procera saw an opportunity to create an end-to-end solution for consumers, enterprises, and network operators with the combination of the two technologies. Now Procera can offer OEM technology to consumer and enterprise vendors as well as our PacketLogic Products for network operators.

            Why is this important?

            Software Defined Networking is all about smart networks. The more information available to the network devices, the better the decisions that can be made. Today most policies implemented on routers, switches, and even firewalls are port-based or rudimentary application definitions. “Big Data” gathered from these same devices is based on IPFix or NetFlow, which leverages that same port-based information, and even worse, is normally sampled, missing large amounts of data in a world dominated by Twitter, Facebook, Tumblr, and social gaming. Network operators and enterprise IT professionals need more intelligence to understand network traffic, and then the same intelligence to be able to enforce business policies on the traffic.  It will not be possible for a single device or a single location in the network to control all traffic (although that single location might be able to do a great deal!), and the more intelligence is embedded throughout the network, the better the network will perform. It is also extremely valuable if traffic can be accounted for using the same application definition on the enterprise system as in the service provider. This opens up new service models, gives enterprises better control of traffic on their networks, better quality access into cloud services, and secures BYOD networking.

            With the addition of Vineyard Networks, Procera will accelerate the pace of innovation. We have led the market in the areas of performance, scalability, and visibility in service provider networks for the past five years, and we will now be able to offer our technology to networks of any size. We have big plans, and I invite you to join Procera in defining the network of the future – may it be smarter than the network of the past.