The Graphiant Edge supports application classification for network flows by using deep packet inspection. The Graphiant Edge inspects every network flow to identify the application related to that flow. The user can create traffic and security policies to match these applications and apply policy rules to the corresponding network flows.
The Graphiant Edge DPI supports three main mechanisms for application identifications:
First Packet Classification
First packet classification is a mechanism to identify a flow's application using the first packet of the flow. The Graphiant Edge supports first packet identification by using DNS inspection. The Graphiant Edge parses DNS responses for any clients behind it and uses the responses to create mappings for applications to destination IPs. Any subsequent flows to those destination IPs can be classified based on the first packet.
First packet classification does not work in all scenarios. The use of DNSSEC, proxy servers or content delivery networks (CDNs) can cause first packet classification to fail. In these scenarios the Edge relies on the Advanced DPI mechanism to identify the application.
Advanced DPI
Traffic that cannot be classified using First Packet Classification is processed using advanced DPI techniques. The Graphiant Edge uses advanced DPI technologies, including pattern matching, complex heuristics and behavioral analysis to classify applications even supporting classification of encrypted traffic. Unlike First Packet Classification the advanced DPI techniques may require multiple packets to be inspected before the flow is classified.
Custom Application Classification
While the above mentioned DPI techniques work for classifying public well known applications they do not work for custom enterprise applications. To identify such applications you can define a custom application using the Graphiant Portal. The custom application definition allows the Edge to identify flows belonging to the enterprise application (learn how to define customer applications in the Graphiant Portal).