zeronights-2013: topgun multi-terabit dpi

TOPGUNmulti terabit DPI

Leo YurievBigBrother Matrix R&D

,)

‛

About me

Leo Yuriev– programming for 20 years– sometimes while hacking

leo@yuriev.ruleonid.yuriev@billing.ru

BigBrother Matrix R&D is…

20 yearssolutions for telecomfull lifecycle≈ products serves 100M clients≈ 1K employees

Agenda

1. ethics and legality

2. why & what for ?

3. how does it work ?

4. use cases

5. let’s HACK ?

WTF DPI?

http://en.wikipedia.org/wiki/Deep_packet_inspection

DPInetwork Internet

1. raw packets, a lot of…

2. inline or on-copy

3. flow ≈ from SYN to FIN

ethics and legality…

1. DPI – is just a method, no bullshit

2. ethics & legality – is completely defined by a task and purpose

3. peeped in the payload – got a DPI

4. 100500+ use cases

topgun – why & what for ?

1. competitors have problems

2. fixed scope, poor scalability

3. depending on a hardware,vendor lock-in, beetles ;)

topgun – how does it work ?

just awesome cool ;)

1. MAC rewrite + L2

2. Swarm Intelligence

3. FSM with replication

skeleton

BLADE

BLADE

BLADE

BLADE

BLADE

DISTRIBUTION

DATA PLANE

CONTROL PLANEBLADE

BLADE

BLADE

BLADE

BLADE

DISTRIBUTION

DATA PLANE

CONTROL PLANE

SUPERVISOR

FUSE

HOT STANDBYACTIVE

1

2

3

4

5

6

7

workload distributionFUSE

BLADE

BLADE

BLADE BLADE

BLADE

DISTRIBUTION

DATA PLANE(Ethernet Switch)

dst-MAC[0,1,2,3] = 0x77dst-MAC[4,5] = Hash(IP)

SEG #

MAC → PORT#

swarm intelligence

BLADE

BLADE

BLADE

BLADE

BLADE

LIST

CONTROL PLANE(Ethernet Switch)

SEG#

LIST

SEG#

LIST

SEG#

LIST

SEG#

LIST

SEG#

DISTRIBUTION

MAC → PORT#DATA PLANEMAC → PORT#

swarm #1: balancingFUSE

DISTRIBUTION

swarm #2: tableauFUSE

BLADE

BLADE

BLADE

BLADE

DATA PLANE

CONTROL PLANE

BLADE

TABLEAUreplica

key1 = value + versionkey2 = value + version

…key# = value + version

DISTRIBUTION

swarm #3: do itFUSE

DATA PLANE

CONTROL PLANEBLADE

BLADE

BLADE

BLADE

WORKER

TABLEAUreplica

WRITEBACKFIFO

BLADE

from=10.0.0.1:4629to=199.32.42.3:80node={A.5, Green}…inbound=200outbound=6346

topgun – where to buy…

oops, offtopic !

1. no product now

2. details

3. currently just talking

topgun dpi will…Monitoring &

Protection

IDS / IPS, Transport / Signalling,

Overload

Control

QoS, Policing,Shaping, Filtering

GSM / UMTS / LTE

PCEF, TDF, …

UsefulProtocol Detection Shaping Deep Filtering

commodity hardware

extend by demandon the fly

wideapplication scope

+100500…

let’s HACK ;)

1. cherry-pick single worker…by known hash-distribution© Alexander Lyamin %)

2. SYN flood

3. IP-fragment flood

4. deceive classification

5. bypass HTTP filtering

6. your turn…

topgun – main benefits

1. elastic: performance scalability, wide application scope

2. expandability: by demand, on the fly, just connect hardware

3. enhancement: by demand, non-intrusive two-step, new soft in a new server