leonid yuriev - topgun
DESCRIPTION
TRANSCRIPT
TOPGUNmulti terabit DPI
Leo Yuriev
BigBrother Matrix R&D;)
About me
Leo Yuriev– programming for 20 years
– sometimes while hacking
BigBrother Matrix R&D is…
Solutions for telecomFull lifecycle≈ products serves 100M clients≈ 1K employeeshttp://www.billing.ru/events/560
Agenda
1. ethics and legality2. why & what for ?3. how does it work ?4. use cases5. let’s HACK ?
WTF DPI?
http://en.wikipedia.org/wiki/Deep_packet_inspection
DPInetwork Internet
1. raw packets, a lot of…
2. inline or on-copy
3. flow ≈ from SYN to FIN
ethics and legality…
DPI – is just a method, no bullshit
ethics & legality – is completely defined by a task and purpose
peeped in the payload – got a DPI
100500+ use cases
TOPGUN – why & what for ?
competitors have problems
fixed scope, poor scalability
depending on a hardware,vendor lock-in, beetles ;)
TOPGUN – how does it work ?
just awesome cool ;)
1. MAC rewrite + L2
2. Swarm Intelligence
3. FSM with replication
skeleton
BL
AD
E
BL
AD
E
BL
AD
E
BL
AD
E
BL
AD
E
DISTRIBUTION
DATA PLANE
CONTROL PLANEB
LA
DE
BL
AD
E
BL
AD
E
BL
AD
E
BL
AD
E
DISTRIBUTION
DATA PLANE
CONTROL PLANE
SUPERVISOR
FUSE
HOT STANDBYACTIVE
1
2
3
4
5
6
7
workload distribution
FUSE
BL
AD
E
BL
AD
E
BLADE BL
AD
E
BL
AD
E
DISTRIBUTION
DATA PLANE(Ethernet Switch)
dst-MAC[0,1,2,3] = 0x77
dst-MAC[4,5] = Hash(IP)
SEG #
MAC → PORT#
swarm intelligence
BL
AD
E
BL
AD
E
BLADE
BL
AD
E
BL
AD
E
LIST
CONTROL PLANE(Ethernet Switch)
SEG#
LIST
SEG#
LIST
SEG#
LIST
SEG#
LIST
SEG#
DISTRIBUTION
MAC → PORT#DATA PLANEMAC → PORT#
swarm #1: balancing
FUSE
DISTRIBUTION
swarm #2: tableau
FUSE
BL
AD
E
BL
AD
E
BL
AD
E
BL
AD
E
DATA PLANE
CONTROL PLANE
BL
AD
E
TABLEAUreplica
key1 = value + versionkey2 = value + version
…key# = value + version
DISTRIBUTION
swarm #3: do it
FUSE
DATA PLANE
CONTROL PLANE
BL
AD
E
BL
AD
E
BL
AD
E
BL
AD
E
WORKER
TABLEAUreplica
WRITEBACKFIFO
BL
AD
E
from=10.0.0.1:4629to=199.32.42.3:80node={A.5, Green}…inbound=200outbound=6346
TOPGUN DPI can…
Monitoring & Protection
IDS / IPS, Transport / Signalling,
Overload
Control
QoS, Policing,Shaping, Filtering
GSM / UMTS / LTE
PCEF, TDF, …
UsefulProtocol Detection
Shaping Deep Filtering
commodity hardware
extend by demandon the fly
wide application scope
+100500…
let’s be HACK us ;)
100 гигабит в один IP (кейс от Лямина)Обмануть детектор протоколовОбход фильтрации HTTPЗавалить фрагментациейЗавалить syn-ами…
Ваши варианты?