DAG Technology
Encyclopedia
DAG technology is a combination of hardware design (using field-programmable gate array
(FPGA) technology) and software (a software driver layer runs on top of the hardware handling the logic), based on a programmable chip. It uses a uniquely designed memory buffer that allows network packets to be copied into onboard memory at extremely high speeds without dropping any packets. What makes it innovative as a computing hardware design is the way proprietary technology developed by New Zealand company Endace
enables the memory buffer/pool to work.
Copied packets can be retrieved very quickly from the memory buffer for inspection, recording and reporting, so it provides a platform for building applications for network intrusion detection systems (using tools such as Snort
, an open source
IDS toolset), performance monitoring and a range of related networking functions.
DAG is not a protocol and therefore bears little relationship to computing protocols such as NTP
. It is more akin to the technology used in Ethernet
cards.
From 1995 to 2001, DAG Technology was developed as part of the DAG Project at the School of Computing
and Mathematical Sciences
at the University of Waikato
in Hamilton, New Zealand
. Professor Ian Graham, then the school dean
led the project team. The aim of the DAG Project was to develop technology to provide:
In 2001, the above aims were fulfilled and DAG technology was commercialised by the New Zealand company Endace
in a range of Network Monitoring Interface Card
s. DAG technology has continued to be developed and now allows 100 percent packet capture and transfer to host system memory, onboard application
processing
for CPU-intensive tasks, programmable hardware
-based traffic filtering
, and CPU load balancing. DAG technology is today deployed in a range of intrusion
detection and prevention (IDS/IPS), lawful interception
, flow analysis, network monitoring
, and protocol analyzer
systems in over 25 countries.
Field-programmable gate array
A field-programmable gate array is an integrated circuit designed to be configured by the customer or designer after manufacturing—hence "field-programmable"...
(FPGA) technology) and software (a software driver layer runs on top of the hardware handling the logic), based on a programmable chip. It uses a uniquely designed memory buffer that allows network packets to be copied into onboard memory at extremely high speeds without dropping any packets. What makes it innovative as a computing hardware design is the way proprietary technology developed by New Zealand company Endace
Endace
Endace Ltd is a New Zealand-headquartered company specializing in high performance network monitoring and analysis. Started in 2001, in 2005, they became the first company in New Zealand listed on the Alternative Investment Market of the London Stock Exchange...
enables the memory buffer/pool to work.
Copied packets can be retrieved very quickly from the memory buffer for inspection, recording and reporting, so it provides a platform for building applications for network intrusion detection systems (using tools such as Snort
Snort (software)
Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
, an open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
IDS toolset), performance monitoring and a range of related networking functions.
DAG is not a protocol and therefore bears little relationship to computing protocols such as NTP
Network Time Protocol
The Network Time Protocol is a protocol and software implementation for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. Originally designed by David L...
. It is more akin to the technology used in Ethernet
Ethernet
Ethernet is a family of computer networking technologies for local area networks commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies....
cards.
From 1995 to 2001, DAG Technology was developed as part of the DAG Project at the School of Computing
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
and Mathematical Sciences
Mathematical sciences
Mathematical sciences is a broad term that refers to those academic disciplines that are primarily mathematical in nature but may not be universally considered subfields of mathematics proper...
at the University of Waikato
University of Waikato
The University of Waikato is located in Hamilton and Tauranga, New Zealand, and was established in 1964. It has strengths across a broad range of subject areas, particularly its degrees in Computer Science and in Management...
in Hamilton, New Zealand
Hamilton, New Zealand
Hamilton is the centre of New Zealand's fourth largest urban area, and Hamilton City is the country's fourth largest territorial authority. Hamilton is in the Waikato Region of the North Island, approximately south of Auckland...
. Professor Ian Graham, then the school dean
Dean (education)
In academic administration, a dean is a person with significant authority over a specific academic unit, or over a specific area of concern, or both...
led the project team. The aim of the DAG Project was to develop technology to provide:
- Accurate and high-resolution time measurement, locally or globally synchronizedSynchronizationSynchronization is timekeeping which requires the coordination of events to operate a system in unison. The familiar conductor of an orchestra serves to keep the orchestra in time....
(< 1 microsecondMicrosecondA microsecond is an SI unit of time equal to one millionth of a second. Its symbol is µs.A microsecond is equal to 1000 nanoseconds or 1/1000 millisecond...
) - Support for a wide range of protocols and networkComputer networkA computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
speeds - A flexible, programmable design
- A low-cost, open architectureArchitectureArchitecture is both the process and product of planning, designing and construction. Architectural works, in the material form of buildings, are often perceived as cultural and political symbols and as works of art...
- A transmit capability for testing.
In 2001, the above aims were fulfilled and DAG technology was commercialised by the New Zealand company Endace
Endace
Endace Ltd is a New Zealand-headquartered company specializing in high performance network monitoring and analysis. Started in 2001, in 2005, they became the first company in New Zealand listed on the Alternative Investment Market of the London Stock Exchange...
in a range of Network Monitoring Interface Card
Network Monitoring Interface Card
A network monitoring interface card or NMIC is similar to a network card . However, unlike a standard network card, an NMIC is designed to passively listen on a network. At a functional level, an NMIC may differ from a NIC, in that the NMIC may not have a MAC Address, may lack the ability to...
s. DAG technology has continued to be developed and now allows 100 percent packet capture and transfer to host system memory, onboard application
Application software
Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. Many application programs deal principally with...
processing
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
for CPU-intensive tasks, programmable hardware
Hardware
Hardware is a general term for equipment such as keys, locks, hinges, latches, handles, wire, chains, plumbing supplies, tools, utensils, cutlery and machine parts. Household hardware is typically sold in hardware stores....
-based traffic filtering
Filter (software)
A filter is a computer program to process a data stream. Some operating systems such as Unix are rich with filter programs. Even Windows has some simple filters built into its command shell, most of which have significant enhancements relative to the similar filter commands that were available in...
, and CPU load balancing. DAG technology is today deployed in a range of intrusion
Intrusion
An intrusion is liquid rock that forms under Earth's surface. Magma from under the surface is slowly pushed up from deep within the earth into any cracks or spaces it can find, sometimes pushing existing country rock out of the way, a process that can take millions of years. As the rock slowly...
detection and prevention (IDS/IPS), lawful interception
Lawful interception
Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications...
, flow analysis, network monitoring
Network monitoring
The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages...
, and protocol analyzer
Protocol analyzer
A "Protocol analyzer" is a tool used to capture and analyze signals and data traffic over a communication channel. Such a channel differs from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol...
systems in over 25 countries.
Benefits
- Prerequisite for any security system is to have access to all information
- Software applications able to meet line rate speeds
- Single vendor, ubiquitous, network-wide
- User-customised real time analysis
- Focused analysis
- ‘N times’ application performance
- ‘N times’ applications
- Accurate Quality of ServiceQuality of serviceThe quality of service refers to several related aspects of telephony and computer networks that allow the transport of traffic with special requirements...
measurement
External links
- DAG and Data Stream Manager video (link broken)
- DAG Technology white papers (link broken)
- DAG Technology case study (link broken)
- DAG Technology brief (link broken)
- Endace directory entry at Cambridge Networks (link broken)
- The DAG project at the University of Waikato’s Computer Science department
- More information about DAG cards