Two circuits (mpls/internet or internet/internet). Over each path is built an IPsec tunnel to the backbone of a managed services provider.
Customers want to do performance-aware application-based local breakout.
So have apps either break out locally from the CPE, or go over one of the tunnels to the MSP backbone and exit to the internet there. So for example, send Youtube over whatever the best performing path is - over IPsec1, IPsec2, or Local Breakout.
Problem is that internet-bound traffic will have a different public IP depending over which path it is going - from server perspective.
From first packet, you have to identify the flow as belonging to a specific application - to avoid the possibility of it getting identified say on the 10th packet, have it's path and public IP changed, breaking the session.
I've seen some vendors do some kind of DNS Snooping to do first packet DPI. Others subscribe to some kind of service that helps build a list.
What have you all found to be the best vendor offering this?
Also, for the performance aspect - are there any solutions that inspect performance based on data plane metrics - similar to Cisco's AVC feature - where it calculates deltas between stages of the 3-way handshake and server sending data and client ACK'ing?
Thanks in advance!
No comments:
Post a Comment