1. Analysis of IP network bandwidth management and application optimization requirements
With the gradual development of the Internet, the number of online users and business traffic is constantly increasing. In addition to traditional data services, new network applications, such as network phones, online videos, and P2P downloads, show a tendency to increase the bandwidth of voice, video, and point-to-point downloads in backbone networks. Few Internet users today have never heard of or used Skype, QQ, MSN, BT, eMule, and PPLIVE applications.
For users, the new types of business and traffic make their online applications more and more diverse. For network operators, the growth of user and business traffic seems to be a good thing on the surface, but the fact is often counterproductive:
At present, the domestic operators at all levels of the network from the convergence link within the network to the core network egress link are different degrees of bandwidth resources shortage. If an operator expands a 2nd-day 90%-day-Level Circuit at the egress of the Chinese Internet, the utilization of the link has reached more;
Only a portion of the increasing network traffic can bring real business benefits to the current backbone network operators. While many "low-value" business traffic encroaches on network bandwidth to the maximum extent, it has a certain impact on the current business of many operators. packet loss rate, network latency, and jitter have greatly increased, network Service Quality deteriorated, and the development of voice, video, and game services with high end-to-end QoS requirements was greatly affected.
For backbone network operators today, appropriate bandwidth management technologies are used to solve the asymmetry between Bandwidth growth and business benefits, network resizing, and user experience, it is particularly important to achieve hierarchical identification and management of users and businesses, and management and billing based on user and user business traffic.
2 Introduction to mainstream bandwidth management technologies
Generally, we can use the "5 tuples" in the IP Address Header, that is, "quintuple", to determine the basic information of the current traffic, such as the source, target address, and protocol type, source and Destination Port numbers. In traditional networks, IP Routers use this series of information to realize traffic identification and QoS. However, with the increasing variety of online application types, only the layer-4 port information cannot determine the application type in the traffic, application types based on open ports, random ports, and even encrypted transmission are everywhere in the current network. In this case, the traditional traffic identification and QoS control technologies are gradually stretched. By increasing the monitoring latitude of network traffic, you can accurately identify the user application types in the traffic to a certain extent. At present, this field can be divided into DPI (Deep Packet detection) and DFI (deep/dynamic stream detection.
· DPI (Deep Packet Inspection) Deep Packet Detection Technology
DPI is an application-layer-based traffic detection and control technology. When IP data packets, TCP data streams, or UDP data streams pass the DPI-based bandwidth management system, the System reads the content of the IP packet load in depth to reorganize the application layer information in the OSI Layer-7 protocol to obtain the content of the entire application, perform Traffic Shaping according to the system-defined management policy.
The DPI-based bandwidth management solution is similar to the well-known anti-virus software system in some aspects, that is, the type of application that can be identified by the system must be known. Take the well-known Bt as an example, the Protocol feature of handshake is ". bitTorrent protocol "; in other words, the background of the anti-virus system must have a large virus feature database. The DPI-based bandwidth management system must also maintain an application feature database. When traffic passes through, compare the unwrapped application information with the background feature database to determine the application type. When a new application appears, only when the background application feature database is updated can it identify and control new applications.
· DFI (deep/dynamic packet inspection) Deep/dynamic stream Detection Technology
DFI is a new application traffic monitoring technology. Unlike DPI for Load Matching at the application layer, DFI uses a traffic behavior-based application recognition technology, that is, different application types are reflected in different statuses on session connections or data streams.
For example, the characteristics of the online IP voice traffic reflected in the stream status are very obvious: the RTP stream package length is relatively fixed, generally between 130 to 220 bytes, the connection speed is low, the session duration between 20 kbps and 84kbps is also relatively long; the Traffic Model Based on P2P download applications features an average packet length of more than 450 bytes, long download time, high connection rate, and the preferred transport layer protocol is TCP; based on the behavior characteristics of this series of traffic, DFI identifies the application type by analyzing the packet length, connection rate, transmission byte volume, and the interval between packets and packets of a session connection stream.
· Technical Comparison
The principles of DPI and DFI bandwidth management technology systems show that there are still some differences in application recognition accuracy, system processing capability, control strength, and maintenance costs.
Application recognition: If the bandwidth management system to be deployed is compared to a post office, the post office using DPI technology will open an envelope for every past email (that is, packet, after reading the letter content, the mail is sent out again. The post office using DFI technology only determines the approximate content of the letter Based on the status information such as the envelope size, size, weight, and thickness. We can see that DPI can be used to accurately identify specific application types in traffic, for example, for P2P download traffic, you can read the package content to find out which specific type of application is BT, eDonkey, Thunder, etc. The DFI method can only roughly classify the application, for example, applications that meet the preceding traffic model are identified as P2P Traffic, and applications that meet the IP voice traffic model are classified as VoIP traffic, however, it cannot be determined whether the voice traffic is based on different protocols such as sip or H.323. However, if the application traffic is encrypted and transmitted on the Internet, the DPI-based traffic control technology is powerless. The principle is simple: Return to the Post Office example, if a letter is written in ciphertext, if there is no decryption algorithm, only a bunch of garbled characters are displayed after opening the envelope, while the DFI traffic control technology is not affected, the status features of an application stream are not encrypted or not.
System processing capability: under the same hardware conditions, systems with more detection tasks certainly consume more resources and time than systems with fewer detection tasks, the DPI technology requires a high level of system processing capability because it needs to be split and matched with the background database one by one; using DFI Technology for traffic analysis can achieve high processing capabilities. At present, most DPI-based bandwidth management systems can achieve the processing capability of about 1 GB online, while DFI-based systems can achieve the traffic monitoring capability of 10 Gb.
Control Effect: The bandwidth management system using DPI and DFI technology uses TCP sliding window mechanism or queue control technology to control the bandwidth of specific applications, can achieve the maximum, minimum bandwidth protection or blocking of application traffic and other control effects.
Maintenance Cost: The bandwidth management system based on DPI technology needs to upgrade the background application database to support identification of new applications. Therefore, it is necessary to regularly upgrade the background application feature database; DFI-based systems require less workload than DPI in management and maintenance, because the traffic models of the same type of applications are relatively fixed, such as P2P download traffic, even if a new application appears, its traffic characteristics will not change significantly.
3. Application Analysis of bandwidth management technology
According to the previous technical analysis, DPI and DFI have their own advantages and disadvantages. At present, the carrier's specific requirements for bandwidth management vary with the locations of control points, only when appropriate control technologies are selected can the desired bandwidth control effect be achieved.
The carrier's IP backbone network can be divided into three levels: core layer, traffic aggregation layer, and service access layer. 1 (Analysis of carrier's network bandwidth management requirements:
Different types of user services, such as Internet data, VPN, and IP voice, are connected to the service access layer through DSL, Metro broadband, and other methods, A traffic aggregation layer is a node router that aggregates multiple service switches or routers in the Metropolitan Area Network (location 3 shown in Figure 1) to a local node. The traffic aggregation layer is generally province-based, the aggregation routers of each city are connected to the provincial network aggregation core node routers through double star or mesh links; in Figure 1, the provincial network Aggregation Router aggregates traffic to the backbone network router at the core layer of the network through a back-to-back connection. Generally, the backbone network is interconnected with the backbone networks of other carriers through several centralized pop points to exchange routing and user business traffic.
Figure 1: operators' network bandwidth management requirements
Most carriers first select the egress node of the entire network, that is, location 1 shown in Figure 1, implement bandwidth management and traffic optimization at the first stage of the egress link connecting the entire network with other operators or NAP points, the primary purpose of traffic optimization at this location is to reduce the occupation of "low-value" business traffic on the egress bandwidth in the network, ease the congestion of the egress circuit, and reduce the network expansion pressure.
Next, further bandwidth management measures can be implemented at the network aggregation layer and service access layer. In addition to optimizing the traffic composition, the concept of "management" of bandwidth should be further emphasized at locations 2 and 3 in the figure below, that is to say, not only does the bandwidth management system limit the bandwidth of a certain type of applications, but it should also use the bandwidth protection function of the system, provides quality assurance for "high-value" traffic such as real-time interaction services and major customer business traffic that users are concerned about in the network, and guarantees QoS and SLA throughout the network.
In combination with the link types of different bandwidth management requirements in Table 1, you can first deploy a DFI-based bandwidth management system in the network core and aggregation link at the initial stage of bandwidth management in the whole network, with support for high-speed link environments and sound system processing capabilities, an efficient application identification and bandwidth allocation mechanism is provided at the core of the backbone network to ensure effective traffic control; subsequently, the DPI-based bandwidth management system is deployed on the user's business access side. On the one hand, it can provide more precise identification and control for application traffic, and on the other hand, it can analyze and collect user business traffic, master users' first-hand information on business needs, develop new business applications that more users are concerned about while preserving different service QoS of the network, and truly turn network bandwidth into resources that can be used organically and allocated on demand.