Procera Reloaded

The company fires most of its staff, hires new people, and introduces what it claims is the most accurate Deep Packet Inspection (DPI) available today.

by Alex Goldman ISP-Planet Managing Editor [May 12, 2008]

It takes a lot to fire the entire sales staff and replace the CEO. Los Gatos, Calif-based (and also Varberg, Sweden-based) Procera Networks has revamped its product line and changed its sales pitch since we last wrote about the company.

Last year, the company was selling CALEA compliance equipment (see CALEA: The Equipment Makers). Now it's selling Deep Packet Inspection.

Service providers, says James Brear, know that customers are using bandwidth hungry applications: IP telephony, video social networking, rich media news, peer to peer networking, and new internet connected devices. The result is ever more demands on the network.

At the same time, says Brear, broadband providers are finding it difficult to differentiate their product.

The solution, he claims, is Procera Networks' "evolved DPI", a more accurate deep packet inspection product.

Jon Linden, from Procera Networks' Swedish office, where the development happens, shows us a demo. Linden is Procera's vice president of product management and marketing.

The evolved DPI can dig deep, showing, for example, the exact URL of a YouTube video that a user is watching.

In theory, the system could block any particular YouTube video if it were deemed offensive.

Major ILECs, Brear claims, are still using MRTG and don't trust the DPI systems they have in place.

How it works
"This solution is purpose built from the bottom up for DPI," says Linden. He adds that many DPI vendors cannot maintain quality in their larger boxes. As a result, smaller appliances have features that the larger boxes cannot support. That's not the case with Procera Networks.

Procera's system is based on what it calles Data Recognition Definition Language (DRDL). Its purpose is similar to the DNA that anti-virus vendors use to build virus signtures, except that Procera builds signatures for data traffic. Linden says that Procera Networks has more signatures than anyone else. Brear adds that the company has 100 signatures that are specifically for applications used in South Korea. He says the company built a signature for the BBC iPlayer the day after it was released.

The company uses packet capture (Pcap) files from ISPs, who send it any traffic the system cannot identify, similar to the way that anti-virus vendors receive copies of new viruses in order to build signatures.

"We relase new signatures every week," says Linden.

But the system is even more adaptable: it can change the parts of the e-mail it examines. It currently looks at many things, including: handshakes, headers, packet size, and packet transmission frequency. Linden says that the system can sometimes identify an application sending encrypted traffic if it recognizes the handshake. It won't be able to look at the payload, but it will be able to say what the application is.

The box at the core
These are powerful boxes. They range in size from a 1 RU appliance capable of handling 500 simultaneous traffic flows and 2 Gbps throughput up to a 12 RU blade server capable of handling 80 Gbps and 48 million traffic flows.

Linden says that most telcos place a big box at the center of the network, but may find uses for boxes in other locations. Some place smaller boxes at peering points and telco hotels. Others, especially MSOs, may have a network that's not contiguous, and therefore place one box in each region.

Once all of this monitoring is in place, service providers can deliver new services. They can prioiritize voice or video traffic (or, theoretically, a specific video feed such as the Superbowl or the Oscars).

Some, Linden says, are looking at providing an ultra powerful parental control application, giving parents more control than they've ever had before.

The possibilities seem endless.

Pricing and availabilty
The modular system is available now, in the chassis described above. Linden says that depending on the capabilities needed (just monitoring, or control, or control plus service creation), pricing can vary from $1 to $6 per customer, so prices range from the entry-level PL5600 at $7,000 up to $800,000 for a fully loaded 12U PL10000

— End