LAS VEGAS -- At Interop 2012, one interesting topic is getting buried under all the hype of software-defined networking...
and bring your own device (BYOD) solutions: application-aware networking is slowly becoming a reality in local area networks (LANs).
This week, merchant silicon vendor Broadcom Corp. is showcasing the new StrataXGS BCM56545 network chip, designed for installation in access layer, stackable switches. The chip features wire-speed application-inspection capabilities based on Broadcom's new AppIQ technology. With the technology, engineers can perform stateful packet inspection within a stackable switch and correlate that inspection to application signatures, in order to apply policies within the LAN.
"This chip allows for classification of static flows of [apps] such as Facebook chat and YouTube video. All of these are HTTP apps," said Sujal Das, senior director of product marketing for Broadcom. “With this new feature you can identify the application as an HTTP app, but you have additional intelligence. You can see that this is a Facebook chat application, or you can see that a video is coming from a domain name like CNN.com."
More on application-aware networking
Where is the real session-based, application-aware routing?
Understanding the value of an application-aware firewall
The technology is not necessarily a security play, Das said. "What we're looking at is more analytics. IT managers want to know how much of their office bandwidth is being used by Facebook chat sessions." This way, engineers can decide whether to slow down applications or block them in order to prioritize others.
In fact, the granular quality of service ( QoS) capabilities will give network managers extremely fine control over bandwidth use in the access layer. That could even have implications in a BYOD environment. In that scenario, network managers could control hundreds of users on iPads and smartphones streaming video across the wireless LAN. They could provide more bandwidth for business-relevant videos while throttling the users who are watching sitcoms and baseball games. At this point, they can achieve some of this application intelligence at the network edge with a next-generation firewall, but not every packet flow passes through the edge.
Enterasys Networks has a similar capability in its product roadmap, according Chris Crowell, CEO of Enterasys Networks. Enterasys' Coreflow2 ASIC, which is deployed within the company's higher-end switches, is capable of inspecting packets all the way up the OSI stack to Layer 7. Today Enterasys has only implemented software in its architecture that inspects up to Layer 4, allowing enterprises to set policies by TCP port. But the company is working on creating a system of signatures that will allow its switches to identify and apply policy based on a Layer 7 view.
"We will release this in less than a year," he said. "Our engineers were already working on building this from an intrusion prevention perspective for our Dragon IPS. However, we can take that packet stream and do something from a control and visibility perspective."
Once implemented, Enterasys could allow enterprises to set policies based not just on the type of application running over the network but for a deeper level of transaction.
Let us know what you think about the story; email: Shamus McGillicuddy, News Director