IoT INNOVATIONS

Virtual Customer Premise Equipment (vCPE) provides an opportunity for service providers to offer new value-added services. Examples include next generation firewalls, application-specific QoS, or service chaining with a web-like delivery model and a high degree of personalization. To enable these opportunities, vCPE solutions need to offer visibility into application-level network activity – that is, Layer 7 visibility.

Qosmos solution. The company offers a Layer 7 classification engine designed to enable vCPE solutions to utilize real-time application and subscriber information (Figure 1). In this post we explore the features and benefits of the Qosmos ixEngine. We then look at the optimal hardware engine and open software for delivering the required performance in enhanced packet processing and forwarding capabilities.

Figure 1. The Oosmos ixEngine is a Layer 7 classification engine designed to enable vCPE solutions to use real-time application and subscriber information.

The Opportunity and the Challenge

vCPE is a lead application for Network Function Virtualization (NFV). It provides an alternative way of delivering broadband services where most of the CPE functions are delivered by the service provider’s network and located near the service edge.

With vCPE, service providers can simplify CPE and increase service agility by hosting all virtualized CPE functionality in the network at a point of presence (PoP) or in another type of data center (Figure 2). Services such as DHCP, firewall, NAT, routing, VPN, and more, are delivered by virtual network functions (VNFs) running on generic, high-volume virtual machine (VM) instances configured for each broadband subscriber.

Figure 2. With vCPE, service providers can simplify CPE and increase service agility by hosting all virtualized CPE functionality in the network at a point of presence (PoP) or in another type of data center.

vCPE delivers capex and opex savings because it doesn’t need proprietary hardware and reduces service truck rolls to remote offices by operating at the PoP. It also enables an app store model for VNFs. Operators can create a catalog of software-based services that can be deployed on demand using self-service portals.

To offer such tailored vCPE services through service function chaining (SFC) and optimize use of bandwidth and computing resources, vCPE solutions need embedded service classification based on Layer 7 information. However, vCPE solution providers may face restrictions in their product offerings due to traffic visibility limited to Layers 1-4. The value of firewalls, QoS, service chaining, and reporting could be greatly improved by leveraging the complete spectrum of Layer 1 to 7 information. This information is key in understanding which application is generating which flow on the network and applying the right service chain.

The Qosmos Layer 7 Classification Engine

Qosmos treats the network as a real-time database, and is able to identify, query and extract specific data with unparalleled precision and detail. The Qosmos ixEngine is a software development kit (SDK) that uses deep packet inspection (DPI) to provide IP classification and metadata extraction up to Layer 7 based on real-time application and subscriber information. It is easily integrated into vCPE solutions to offer stronger security, QoS, and reporting.

While some technologies are limited to identifying the application behind an IP flow, the Qosmos ixEngine goes further. It also extracts protocol and application metadata. This metadata enables developers to inject application-level insight into their solutions for complete visibility into network traffic in real time and a detailed understanding of network transactions and user behavior. Metadata extraction includes volume, application usage, application performance, identifiers, content, and file metadata. The Qosmos ixEngine also provides extension modules for aggregated and computed metadata.

Advantages of the Qosmos solution include the following:

• Delivers high recognition rate: ability to identify all layers from Layer 2 to 7 in the OSI model
• Includes 2500 classified and continuously updated protocols and 4300 application metadata extracted
• Identifies protocols and applications based on flow pattern matching, session correlation, heuristics, and statistical analysis
• Provides a modular architecture (flow management, regular expression engine, http parsing, etc.)
• Allows users to develop their own signature plugins
• Enables up to 10 Gbps (depending on traffic patterns and networking environment) per core on Intel^® processors

Layer 7 visibility can be deployed in vSwitch, service functions, or VNFs, to perform traffic classification and metadata extraction. For future proofing, Qosmos ixEngine can also be configured using reference implementations such as OpenDaylight SFC.

Designed by Qosmos with developers in mind, the Qosmos ixEngine accelerates product development cycles. Its ready-to-use software libraries make it easy to embed IP classification and metadata extraction information into existing solutions, plus offer an additional toolkit for developing customized protocol plugins. The solution includes fully documented APIs, tutorials, and a large array of code samples and reference designs to facilitate integration into your solution.

Optimized for Intel^® Xeon^® Processors

The Qosmos ixEngine is optimized for Intel^® technology to deliver the performance required for vCPE applications. The Qosmos ixEngine features built-in multi-core support capabilities such as optimized multi-thread support for scalability up to 96 cores and optimized code for high performance multicore processors and hardware acceleration.

To avoid latency from the Linux kernel when extracting metadata and content from packets flowing through the network, Qosmos uses the Data Plane Development Kit (DPDK). This set of software libraries and drivers developed by Intel is now available as open source software. DPDK provides enhanced packet processing and forwarding capabilities, enabling Intel^® Xeon^® processor-based servers to deliver very high packet throughput rates.

Suppliers of equipment, platforms, middleware, and software can use this Qosmos and Intel technology synergy to rapidly build application-aware solutions for service providers. The Qosmos ixEngine is especially well suited to enable intelligent, dynamic service chaining for cloud-based vCPE environments (Figure 3).

Figure 3. Reference architecture for an L7-based service chaining solution based on the Qosmos ixEngine.

Advantages of the Latest Intel^® Xeon^® Processors

An ideal processor family for running the Qosmos ixEngine is the Intel^® Xeon^® processor D product family. With up to 16 cores, this advanced processor brings the performance and advanced intelligence of Intel Xeon processors into a dense, low-power-consumption system on a chip (SoC).

With enhanced reliability, availability, and serviceability features; platform storage extensions; and built-in hardware virtualization; the Intel Xeon processor D-1500 product family offers new options for optimizing a variety of communications workloads. It runs the same instruction set as the most powerful Intel Xeon processors to provide software consistency from the data center to the edge.

Make Layer 7 Visibility a Competitive Advantage

Learn more about the Qosmos ixEngine and how it delivers Layer 7 visibility with market-leading IP flow parsing technology to accelerate the delivery of application-aware solutions. And visit the Solutions Directory for a selection of boards and systems featuring the latest Intel Xeon processors.