Elastic Deep Packet Inspection

Deep packet inspection (DPI) systems are required to perform at or near network line-rate speeds, matching thousands of rules against the network traffi c. The engineering performance and price trade-offs are such that DPI is diffi cult to virtualize, either because of very high memory consumption or the use of custom hardware; similarly, a running DPI instance is diffi cult to ‘move’ cheaply to another part of the network. Algorithmic constraints make it costly to update the set of rules, even with minor edits. In this paper, we present Elastic DPI. Thanks to new algorithms and data-structures, all of these performance and fl exibility constraints can be overcome – an important development in an increasingly virtualized network environment. The ability to incrementally update rule sets is also a potentially interesting use-case in next generation fi rewall appliances that rapidly update their rule sets.