The internet has been in development for about 40 years, and there have been 275 million internet users in China only by the end of year 2008, which has exceeded the USA and taken the first place in the world. Services and various applications of the internet have already become necessary in work and life, especially of the youths. While the internet has expanded quickly in its network scale and makes far-reaching influences on a plenty of aspects such as human social activities, many inherent problems have also been exposed which mainly include unguaranteed on safety and credibility, poor controllability and manageability, unguaranteed on quality of service, poor expandability and so on.
The safety problem and incredibility of the current internet are especially prominent, and have already become one of bottlenecks for the development thereof. Internet safety events that frequently occurred on design, construction, operation administration and maintenance are particular demonstration of internet frangibility, and although events such as numerous leakage of sensitive information, address frauds, junk email flooding and network deception are common, it is impossible to track breakers for most of safety events. Using junk email flooding for example, according to a statistics result of the safety companies, the sending amount of junk emails (spam) increases to 30 to 50 billions every day in year of 2008 worldwide compared to that in 2007. In 2008, the average sending amount of junk emails (spam) reaches to 170 to 180 billions every day. Most of these safety events are related to incredibility of the network. In addition, according to data accumulated by the Websense, 51% of websites that propagated vicious software were legal ones broken down by hackers. One result by the incredibility of the internet is that countries and commons feel worried about the perspective of applying the internet. On one hand, they are worried about placing completely key applications (such as e-government and e-business) on the internet. On the other hand, they do not dare to use key applications (such as internet banking and paying) on the internet. Meanwhile, the safety problems of the internet also influence the healthy development of national economies and even threaten national safety.
In the current internet protocol architecture, the guarantee on peer-to-peer quality of service (QoS) is one issue. The internet provides essentially a connectionless service with “best effort”, whose function is merely to send packets to a destination as possible as it can rather than providing any guarantee on quality of service such as bandwidth guarantee, time delay jitter and so on. In a case of data services such as FTP, Email or Web services, the internet may satisfy demands of users substantially. However, for services having relatively higher requirements for network quality of service, such as demands of peer-to-peer voice, real-time stream media transfer and so on, it is difficult for the existing internet to guarantee on quality of service. With a further consideration of dramatic increase of network traffic, problems will be more significant. In the beginning of 1990s, most citizens send text emails each occupying only several bytes, and at that time, the total amount of data transmission each month is just several TB (1 TB=1000 G) in the USA. Nowadays, data traffic in the biggest global video sharing website YouTube is equivalent to 75 billions of emails per day. The traffic of an American video website in one month is currently equivalent to the sum of all traffic from the internet worldwide in year of 2000. Additionally, it is estimated by the American Internet Innovation Alliance that the traffic of the internet will double every 12 months, faster than the result predicted by the Moore's Law.
Capacities for identifying different users and various applications of an existing DPI (deep packet inspection) node device are weakened, but functions such as safety filtering and so on are highlighted greatly. With the importance of the internet getting more and more prominent, demands for identifying different users and various applications by a network device increase gradually, and expectations of monitoring and scheduling network traffic according to the identification result become stronger. It is one of characteristics of the present disclosure that different users and applications are identified by deep packet inspection to achieve functions of node-level control and network-level scheduling.
The problems mentioned above not only constrain the development of the internet itself, but also prevent the promotion of internet deep packet inspection, identification, control and scheduling techniques. Most of these problems are caused by the internet architecture. How to solve these problems is an issue that governments of respective countries are considering and wishing to solve. If significant adjustment and innovation for the internet protocol architecture are made, at least problems of network compatibility and how to protect original huge invest are need to be solved. Another approach is to evolve smoothly and develop gradually, based on which the present disclosure is proposed.
In recent years, internet device providers and safety device manufacturers are researching and developing this kind of products. For example, ARBOR Networks released the Arbor Ellacoya E100, which provides a carrier-class platform and two 10 Gbps DPI modules, supports 20 Gbps capacity and 5000 users, and offers analysis and reports based on streams, bandwidth management, services panning management, allocation management and so on.
Sable Networks released S80 and S240 service controllers as well as the relevant SableOS R2.0 software on January, 2008, which have DPI processing capacity with linear speed in seven levels (layers), are expandable from 10 Gbps to 220 Gpbs and support the Ethernet and the SDH/SONET interfaces. SONICWALL adds DPI functions on the basis of original firewall products, supporting video stream and audio stream management and utilizing functions such as bandwidth priority, P2P low control, anti-virus, anti-intrusion detection, content filtering, partial anti-junk emails (countering spam) and so on. Blade Networks Technologies released a 10 billion-level traffic management solution on the basis of the IBM BladeCenter server platform, and the solution has 60 Gbps processing capacity, can deal with 4.2 million packets per second, 2.4 million concurrent streams and 12 million users, holds capacities of loads balance and bandwidth management based on users and applications as well as seven-level (layer) DPI packet inspection, and has carrier-class credibility and warm backup as well as low time delay jitter for a real-time VOIP service and so on. Allot Communications issued a paper on deeply exploring DPI on April, 2007. The paper considers that the DPI technique may allow service providers to improve performances of IP multimedia services, prevent unnecessary resource consumption and the traffic causing congestion, and also play a role on alleviating network attacks, analyzing behaviors of network traffic, solving network bandwidth bottlenecks, guaranteeing quality of service and so on, which is a new benefit source of operators and ISPs. AdvancedIO Systems issued the V3020, Real-time 10 GbE Packet Processing Expertise Power Intelligent Solutions, based on the MicroTCA platform on June, 2008, to satisfy the market demand for DPI. Freescale Semiconductor released the multi-core communication platform chip E500 by using its original existing network processor technology. Compared with a simple CPU, the E500 is more effective on executing complicated DPI codes, and has certain capacities of anti-virus and anti-hostile attacks. German OpenPR (Worldwide Public Relations) released the PRX-1 and the PRX-5G traffic managers, which may realize the following functions: allowing network operators to monitor and control network traffic according to each application, detecting each kind of applications by combining the seven-level deep packet inspection and behavior-level traffic analysis and supporting bandwidth management based on VLAN, P2P, instant communication IM, VOIP, tunnel, stream media and so on. Performances of the PRX-5G can reach to 6 Mbit/s throughput, process 750 thousand packets per second and support 1 million users. Performances of the PRX-1G can reach to 3.4 Mbit/s throughput, process 550 thousand packets per second and support 250 thousand users.
From the prior art described above, there are some common disadvantages as follows:
1. DPI operates mainly on a unidirectional data stream, and has no operations in the opposite direction. Actually, for a kind of applications like Email (countering spam), the unidirectional DPI is enough. However, for services such as Web, VOIP, games, search engines, real-time multimedia, instant communications (instant messaging), and the like, their operations are bidirectional. Although the traffics caused by operations in both of directions are not symmetric, the forward and the backward directions are highly related which means a relationship of operating and operated, also a relationship of cause and effect, neither of which can be lacked.
2. There lacks interaction, interconnection and interworking mechanisms for network operations among users, network operation maintenance (or ISP) and DPI node. The DPI node is added and controlled by the network operation maintenance (or ISP). The DPI user may set the DPI node at any time to obtain its required identification and control capacities for terminal users and various applications. Such identification and control capacities are demonstrated by value-added services and serve for the user of the DPI node. If the DPI user does not know the existence of DPI, or the DPI user cannot set service functions of the DPI node correspondingly through the network, then the significance and dispensability of the existence of DPI are less.
3. For the in-band mode, the control and management information channel has serious limitations in both of the forward and the backward directions. If the direction forward to the DPI node is deemed as direct, then the direction coming backward has to be a bypass. This leads to inconvenience of control and management of the node device. Otherwise, if the out-band mode is used, the cost will increase.
4. Capacities for identifying different users and various applications of an existing DPI node device are weakened, but functions such as safety filtering and so on are highlighted greatly. With the importance of the internet getting more and more prominent, demands for identifying different users and various applications by a network device increase gradually, and expectations of monitoring and scheduling network traffic according to the identification result become stronger. It is one of characteristics of the present disclosure that different users and applications are identified by deep packet inspection to achieve functions of node-level control and network-level scheduling.
5. One of the purposes of adding a DPI node is to solve or partially solve the problem of “peer-to-peer quality of service (QoS) guarantee” for services. Specifically, (1) an VIP user is given a high priority when a specific packet is waiting in a queue at the present DPI node; (2) an associated real-time service is given a high priority when a specific packet is waiting in a queue at the present node; (3) before a packet leaves the present node to be sent to a next node, the TOS field of an IP header is modified according to the importance of the service type and the user, to have a higher priority or lower priority; (4) give a specific route for a specific route, which needs a DPI node to negotiate and consist with other router nodes on the path from end to end, wherein other router nodes should consider the DPI node as a similar router node from the perspective of data delivery and control signaling, that is, this kind of DPI node also has a function of the router node or a DPI function is added to the existing router node; (5) for a specific real-time service, in order to ensure the consistence of time delay jitter, modification is performed on an output-queue before a packet leaves an DPI node, to make the time delay when this kind of packets pass through the present DPI node be an approximately constant value.
From the existing solutions above, it is difficult for the architecture thereof to support (3), (4) and (5), so this is a deficiency of the design.