IP Fabrics Technology

A Quick Overview of IP Fabrics’ Innovative Technology Used in the DeepSweep™ Network Surveillance Systems

IP Fabrics has developed several key pieces of technology on which the DeepSweep systems are built. the first is a unique approach for developing sophisticated, multi-core-based networking applications. This innovative approach is currently implemented as a virtual machine running on the Intel IXP2800/2850 and IXP2350 multi-core network processors.

The second key innovation is the DeepSweep Surveillance Module(TM) architecture, which enables DeepSweep systems to support complex filtering, to scale, and to be quickly reconfigured for various surveillance uses.

IP Fabrics’ Packet Processing Language

IP Fabrics’ Packet Processing Language (PPL) is a very high-level, functional programming language for describing the types of packet processing found in many of today’s networking applications. PPL is oriented toward layer 3 IP packets, toward specific protocols at layer 4 (e.g., TCP and UDP), and toward “deep” packet processing at layers 5-7. It has many “built-in” algorithms/state machines oriented toward complex packet processing applications such as encryption, authentication, content inspection, state­less and stateful firewall filtering, detection of intrusions and denial-of-service attacks, layer 7 filtering, signature analysis, and content-based load balancing. PPL also has the capability to easily integrate and interoperate with external programs (e.g., user-written microcode, control plane code, protocols stacks) as well as external application processors such as DSPs.

IP Fabrics’ Virtual Machine Approach

Initially, IP Fabrics has implemented PPL as a high-performance virtual machine atop the Intel IXP family of network processors – a truly innovative programming model for NPUs. While PPL could be compiled to machine code which would run directly on an NPU, there are many benefits to the virtual machine approach, such as:

• Portability - because applications can be ported across successive generations of NPU and can also be mapped to physical machines with very different anatomy;
• Scalability - because the VM approach allows the complexity and performance level increase to the physical machine capabilities increase;
• Robustness - because the syntax and semantics of PPL is focused on packet processing and eliminates many of the programming errors associated with low-level, machine-dependent functional languages and because the virtual machine implementation is rich with built-in, runtime error checking

In short, PPL is a very simple yet powerful language that network engineers can use to create networking and communications applications in a blink of the eye. Learn more by reviewing IP Fabrics’ presentation - Creating NPU Applications in a ‘Blink of the Eye', the Brief Overview of PPL and the PPL Virtual Machine technical brief, and the PPL Datasheet.

IP Fabrics’ Surveillance Module Architecture

IP Fabrics’ Surveilance Module Architecture gives the DeepSweep products may unique advantages over "PC-based" surveillance systems or hard-wired ASIC/FPGA-based system. This modular system architecture enables DeepSweep to e used as a stand-alone network surveillance system, or in conjunction with other security/surveillance systems (e.g., as a pre-filter), and even supports hosting user-applications on the system processor. The architecture is also highly scalable, allowing multiple DeepSweeps to be configured in parallel or pipelined configurations.

Surveillance Modules (SMs) can be though of as being 'filter templates', that are easily configured by the DeepSweep user. SMs typically apply specific surveillance applications, such as VoIP intercept or email surveillance. Figure 1 below illustrates SM usage, while Figures 2 and 3 depict some common SMs.

Figure 1: Using DeepSweep

Figure 2: CALEA SMs

 

Figure 3: Other SMs

 

Other Surveillance Modules Architecture advantages include the ability to combine multiple SMs into 'chains' to construct complex surveillance logic. Once the filtering logic is constructed, each SM can be configured to 'act on' traffic of interest in many ways. Figure 4 illustrated the range of actions available to DeepSweep SMs.

Figure 4: Range of Actions

 

For complete specifications on the DeepSweep network surveillance systems, please refer to the DeepSweep for CALEA Datasheet, DeepSweep for CALEA w/CBIS Datasheet, and DeepSweep Secure Buffered Delivery Datasheet,

For more information about Network Surveillance using DeepSweep, please refer to the IP Network Surveillance White paper.

For information on how the DeepSweep achieves is high performance, please refer to the DeepSweep Performance white paper in our White Papers and Briefs page.