ntop 2015 Roadmap

Posted · Add Comment

Like every year, we have made a short-term plan for the first half 2015. As we are a research-oriented company, we plan to tackle open issues or provide better answer to existing ones. This is our short list of activities we are carrying on:

  1. 40 Gbit
    We are in the process of supporting the new Intel X710 and XL710 network adapters. They are able to operate at 10 and 40 Gbit (1 x 40 Gbit or 4 x 10 Gbit). The PF_RING ZC drivers are under development and on the PF_RING SVN you can already find a prerelease version. All our existing applications such as n2disk and nProbe will be optimised to scale to 40 Gbit.
  2. ntopng
    We have received many requests from companies that are willing to deploy ntopng but that need some extra features used in the enterprise such as ability to do traffic drill-down, advanced reporting, ability to integrate with third party apps such as Nagios, ability to perform simple active monitoring tests to be combined with existing passive monitoring facilities. In addition to this we have decided to turn ntopng into a traffic policer application that can both monitor and enforce traffic policies. For instance it can block Facebook for host Y or Skype for subnet Z, only during the afternoon. In essence we want to move ntopng to the next level similar to what happened years ago when IDSs moved towards IPSs. We have not yet decided how these features will be distributed, or if we will create a few ntopng versions. The poll is open.
  3. DDoS Mitigation
    We are working in this area since more than 6 months with a couple of selected partners. We believe that it is now time for ntop to leverage on our PF_RING ZC framework and create a software-based 1/10/40 Gbit DDoS traffic mitigator. We have a prototype working since some time, and we are refining it. It will be an open component available both as SDK (so you can embed it onto your existing application) and stand-alone application. Like many years ago we have demonstrated that commodity hardware network adapters could operate at line rate, we now want to show that it is possible to create cheap, open and simple DDoS mitigator boxes able to operate at line rate, similar to what commercial products do for a lot of bucks.
  4. Layer-7 Traffic Filtering (DPI)
    We are developing a product conceptually similar to the above DDoS mitigator, that it is able to filter application-level traffic leveraging on nDPI. It will be available both as SDK and stand-alone application and it can be used for many purposes including using it as versatile policy enforcer or as a component to be used on a pipeline. For instance you can instrument PF_RING ZC to send traffic to this component that will be put in front of n2disk. This way you can optimise n2disk disk usage by dumping only the initial bytes of selected protocols (e.g. YouTube or Netflix) that that a lot of space, or discarding encrypted traffic. These are just a few use cases.

We have many more things to tell you, but we prefer to wait until we have something you can test. Stay tuned!