With the recent focus around SDN and its interactions with layers 4-7 technology, plus Jerome’s recent post, it seemed most apropos to sit down with Jerome Tollet, CTO and Founder at Qosmos, to get a deeper dive on layers 4-7 and their relevancy to SDN.
SDNCentral: Who is Qosmos and who are your main customers?
Jerome: “Qosmos specializes in Layer 4-7 Deep Packet Inspection (DPI) technology which recognizes thousands of communication protocols and metadata attributes for the most accurate picture of real-time data activity on networks. Our software is embedded by equipment makers, specialized vendors and cloud service providers into their offering sold to telcos and enterprises. They leverage our ready-to-use DPI software and probes to accelerate time to market and get continuous signature updates. Qosmos is embedded inside all next-generation solutions where real-time L4-7 intelligence is critical, such as traffic optimization, policy management, Quality of Service, analytics, firewalls, cyber defense, and more. Qosmos can be used in all environments: physical, virtualized and in SDN architectures.”
SDNCentral: Can you explain what your DPI and metadata technology are?
Jerome: “At Qosmos, we treat network traffic as a real-time database from which we extract information. We create deep L4-7 network intelligence with a combination of techniques such as DPI and statistical traffic analysis. A first level of intelligence is provided by recognizing a protocol: this is what we call application identification, in the form of a unique “App ID”. Examples of common App ID include SIP, SMTP, YouTube, Facebook, BitTorrent, and Skype. Once an application has been identified, we go deeper and extract additional information in the form of metadata.Examples of extracted metadata: URL, file name, browser type, cookies, DNS queries, video codec, IMSI, SIP caller/callee, user ID, login, etc. In addition, we can also deliver computed metadata such as delay, jitter, application response time, etc.”
SDNCentral: What’s your view of SDN, given the numerous implementations and definitions we’ve seen?
Jerome: “I think OpenFlow is a strong industry standard and I also believe in healthy competition between several alternative switches and controllers. As a supplier of embedded L4-7 technology, Qosmos’ policy is to support all types of implementations. This is what we already do in non-SDN environments.
My key concern is that potential of SDN could be limited by the lack of traffic intelligence. With visibility restricted to L2-4, it’s not possible to design efficient traffic steering for service insertion or to make smart controller decisions. There is clearly a need to extend traffic intelligence to layer 7, which is the basis for effective use of network resources and smarter service implementations.
So, whatever the implementation, L4-7 intelligence will play a key role in the future of SDN.”
SDNCentral: How do you see L4-7 interacting with OpenFlow?
Jerome: “As I mentioned before, I don’t think SDN can be effective without L4-7. The question is therefore to find the best way to expose L4-7 intelligence to all SDN layers. My suggestion is to enrich OpenFlow to carry extracted and computed metadata per flow between switch and controller. This additional L4-7 intelligence would take the form of extensions to the existing OpenFlow protocol. These new “L4-7 DPI” fields would become common format, used by all switches, controllers and applications, and would even work in non-SDN environments before it is officially standardized as part of OpenFlow. In addition, some changes in the behavior of the OpenFlow protocol would be required.”
SDNCentral:What kind of deployment topology makes sense for DPI technology within an SDN?
Jerome: “An obvious approach is to embed L4-7 DPI inside switches, whether they are virtual or physical. The network intelligence can be used directly by the switch to steer traffic and enable service insertion as a foundation for service-aware networks. In addition, App ID and metadata can be forwarded to controller and applications to make them smarter. I also think that some applications will keep their own custom L4-7 DPI for very specific service processing.
L4-7 DPI can also be embedded in the controller, either for smarter decisions or to feed deeper network intelligence to applications through the north-bound API.”
SDNCentral: What business problems would you see this solving?
Jerome: “One of the key challenges is that there is currently no application awareness in controller or in vSwitches, which prevents them from making smart decisions. L4-7 DPI & metadata provides the much needed application awareness.
Another limitation is that SDN limited to L2-4 visibility cannot be used for efficient service insertion, since switches cannot differentiate traffic between various types of L7 applications. This means that each specialized system, for example video optimization, has to analyze the entire traffic in order to pick out the relevant flows and process them. With L4-7 intelligence, a switch can redirect each application flow to each specialized service processing. This not only enables efficient service insertion but also facilitates hybrid approaches by making “SDN compatible” physical and proprietary equipment (non-OpenFlow).
Finally, there is a tendency to duplicate DPI processing inside numerous applications, each consuming compute resources. In an SDN environment, L4-7 DPI and metadata can become a shared resource used by controller and applications to save on resources.”
SDNCentral: How do you see this evolving in the future?
Jerome: “A number of SDN use cases require the same L4-7 technology: video optimization, policy control, firewalling, network monitoring, and more. I think that future SDN implementations will use L4-7 as a common-format, shared resource, translating into numerous benefits: more efficient use of compute power, more flexible service insertion, and smarter applications.
L4-7 intelligence is really the catalyst to unleash SDN’s full potential!”
SDNCentral: Thank you very much for your time!