I'm reading the engineering info. Looks like you would almost want to
deploy an ER standalone to do this, as there are a lot of things that
makes DPI not work.
A few things to note:
* This feature is integrated with the offload feature, so unlike
NetFlow (flow accounting), it does not disable offload. Conversely,
stats are not available for traffic that is not offloaded. More
specifically, here are examples of the common cases where traffic
would not show up in traffic analysis:
o In this context "offload" refers to the IPv4 forwarding, VLAN,
PPPoE, and GRE offload. If offload is disabled in the
configuration ("system offload ipv4 ...") then traffic analysis
would not show traffic of course.
o Currently if NetFlow ("system flow-accounting ...") or "modify"
firewall rule ("firewall modify ...") is configured, offload is
disabled completely in which case no traffic is eligible for
traffic analysis. (Exception is if "modify" firewall is only
used for "table" or "lb-group" action then offload is not disabled.)
o Traffic to which QoS policy is applied is not eligible for
offload and therefore will not appear in traffic analysis. This
includes the "traffic-policy" and the new "traffic-control"
(smart queue) settings in the configuration. In such cases
traffic that are not affected by QoS (e.g., traffic on other
interfaces) can still be offloaded and still be displayed in
traffic analysis.
o Traffic going through certain interface types are not offloaded,
for example, bridge, bonding, pseudo-ethernet, VPN interfaces, etc.
o Traffic that needs to be processed by certain firewall rules are
not offloaded, for example, packets going through firewall rules
that involve "limit", "recent", or "time" matching criteria will
not be offloaded.
You can also cannot perform any policy enforcement using the rules, so I
think it is a bit of creative marketing to say compare it directly to
fully fledged DPI systems. That being said, the interface looks pretty
nice and I can see it being useful for diagnosis and monitoring.
On 7/23/2015 7:15 PM, Josh Luthman wrote:
I'll forward you...
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jul 23, 2015 8:13 PM, "Simon Westlake"
<simon.westl...@digitalgunfire.com
<mailto:simon.westl...@digitalgunfire.com>> wrote:
Anyone got any screenshots of it? I couldn't find much info on the
UBNT website.
On 7/23/2015 6:23 PM, Josh Luthman wrote:
I have a feeling it's just a nice l nicely wrapped ntop coming
from Vyatta. I'd love to be surprised.
Josh Luthman
Office: 937-552-2340 <tel:937-552-2340>
Direct: 937-552-2343 <tel:937-552-2343>
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jul 23, 2015 7:13 PM, "Jeremy" <jeremysmi...@gmail.com
<mailto:jeremysmi...@gmail.com>> wrote:
Ok, so now that deep packet inspection has been announced I'd
assume any NDAs have been lifted. Have any of you been using
this? Any idea what type of latency is added? That pricing
model is a whole lot different from any DPI tool that I have
ever seen....
