Global Velocity - Next Generation Content Security, Leak Prevention & Outbound Filtering

Platform

Solutions

Technology
White Papers
Deep Packet Inspection
Bloom Filter
Programmable Logic Devices
TCP Stream Reassembly

TCP STREAM REASSEMBLY

When data is sent across the Internet, it is broken into chunks of data called packets. These packets traverse across a series of links and routers. Along the way, packets will get corrupted, lost, misordered, and interleaved with packets from other users and applications.

TCP Stream

This diagram illustrates packets being transmitted across a network link. In the diagram, packets from a particular flow (colored orange and gray) are interleaved with a variety of packets from other users and applications (colored white). On the way to this particular link, packets 2 and 3 have been misordered, and packet 4 has been lost.

To solve the challenges associated with packet transmissions, most Internet traffic makes use of the Transmission Control Protocol (TCP). A sequence number is attached to each packet so the destination machine can re-assemble the data in order. An error detection mechanism is also implemented so any packets that have become corrupted can be identified. Finally, when uncorrupted packets are received at the destination end, the receiving machine must send an acknowledgement to the sender stating the packets were received. In this way, reliable transmission is ensured.

Devices placed in the middle of a network can encounter challenges in dealing with TCP packets. For example, if a signature spans multiple packets, detecting the signature is complicated by packets which are corrupt, out of order, dropped, or interleaved with packets from other data flows. If usefulness and high throughput are to be maintained, a solution addressing these challenges and not requiring an enormous amount of information on each data flow must be implemented.

This is the solution provided by Global Velocity's patent-pending TCP processor. A small record of each data flow is maintained, and when packets arrive from a data flow, the record is checked to determine the flow's status and order. If the packet is not in order, the application is informed of this; if it is in order, extra flow-specific information can be retrieved to continue processing as before. Corrupted packets are dropped immediately so they do not confuse the application or continue to clog the network.