Deep Packet Inspection

This is where content networking really comes into its own. Content switches can typically function extremely well when using Layer 4 information in order to make load balancing decisions. The reason for this is that the Layer 4 information is at a known point within the data packet and will never change. The source IP address, destination IP address, and source and destination TCP ports will always be x bits from the front of the Ethernet packet as they are resident in the IP and TCP headers and will never move ”just the values will be different. It is therefore easy to develop ASICs to inspect those headers by counting x bits and scanning 4 bytes, in the case of an IP address. Once the necessary information is found, the switch can then make a load balancing decision. This is why Layer 4 switching is becoming readily available, as this functionality can be done in hardware because the data that is required is constant.

As networks move more into application awareness, the need to look past the TCP port becomes a requirement. Deep packet inspection allows this to happen. By being able to look at varying values within the content of the request, switches can make decisions based on the application type, user request, unique user ID such as cookie, and so forth. One major issue here is that this information might not live within the first frame inspected; it might traverse multiple frames . How content switches handle this is unique to each manufacturer, but essentially , it is this ability that differentiates one content switch from another.

Some manufacturers will use software to perform this function, while others will use ASIC-based hardware with software assist for deep packet inspection.