Filtering with packet payload scanning

 

Message filters are placed in the middle of a TCP / TLS session to scan application data, and discard unwanted messages and security-issue packets, reducing unnecessary traffic without increasing CPU load or latency.

 

Features

Unlike filters by IP address or port, which scan the data content and discard or pass through packets, DPI (Deep Packet Inspection) and other methods tend to cause CPU processing load and packet processing delays. However, Message Filter IP avoids CPU load and processing delays by using a hardware logic pipeline to process packets, maintain sessions, and encrypt and decrypt data.

Use case

When packets collected from the external network are processed at the data center, it is placed between the external network and each server to remove traffic that would overwhelm server processing or packets with security problems, protecting traffic and terminals.

Challenges and Technologies

In stateless communication such as UDP, unnecessary packets can be simply removed by dropping, but in communication such as TCP, which maintains session state, and in encrypted communication such as SSL/TLS and DTLS, it is not simple to remove unnecessary packets.
TCP uses sequence numbers for data exchange and has a mechanism to retransmit packets lost in the network. Therefore, if you simply remove the packets and do not return an ACK, the sender will try to retransmit the packets forever, and the receiver will wait forever for the packets that are missing teeth. In encrypted secure protocols, there are further packet counting and encryption key issues.
Message Filter IP allows this session identification while maintaining full hardware session state maintenance. This technique reduces traffic without increasing latency and without impacting the network.

Specification

Protocol

TCP
TLS 1.3

Performance in TCP

Throughput: Max 100Gbps
Latency: typical 100 nano-sec

Performance in TLS 1.3

Throughput: 50-100Gbps
Latency: typical 1 micro-sec