DAG Technology

DAG technology is a combination of hardware design (using field-programmable gate array (FPGA) technology) and software (a software driver layer runs on top of the hardware handling the logic), based on a programmable chip. It uses a uniquely designed memory buffer that allows network packets to be copied into onboard memory at extremely high speeds without dropping any packets. What makes it innovative as a computing hardware design is the way proprietary technology developed by New Zealand company Endace enables the memory buffer/pool to work. Copied packets can be retrieved very quickly from the memory buffer for inspection, recording and reporting, so it provides a platform for building applications for network intrusion detection systems (using tools such as Snort, an open source IDS toolset), performance monitoring and a range of related networking functions.

DAG is not a protocol and therefore bears little relationship to computing protocols such as NTP. It is more akin to the technology used in Ethernet cards.

From 1995 to 2001, DAG Technology was developed as part of the DAG Project at the School of Computing and Mathematical Sciences at the University of Waikato in Hamilton, New Zealand. Professor Ian Graham^[1], then the school dean led the project team. The aim of the DAG Project was to develop technology to provide:

• Accurate and high-resolution time measurement, locally or globally synchronized (< 1 microsecond)
• Support for a wide range of protocols and network speeds
• A flexible, programmable design
• A low-cost, open architecture
• A transmit capability for testing.

In 2001, the above aims were fulfilled and DAG technology was commercialised by the New Zealand company Endace in a range of Network Monitoring Interface Cards. DAG technology has continued to be developed and now allows 100 percent packet capture and transfer to host system memory, onboard application processing for CPU-intensive tasks, programmable hardware-based traffic filtering, and CPU load balancing. DAG technology is today deployed^[2] in a range of intrusion detection and prevention (IDS/IPS), lawful interception, flow analysis, network monitoring, and protocol analyzer^{[disambiguation needed ]} systems in over 25 countries.

Benefits

• Prerequisite for any security system is to have access to all information
• Software applications able to meet line rate speeds
• Single vendor, ubiquitous, network-wide
• User-customised real time analysis
• Focused analysis
• ‘N times’ application performance
• ‘N times’ applications
• Accurate Quality of Service measurement

Todo

DAG stands for Data Acquisition and Generation.

References

1. ^ SCMS > Computer Science: Professors
2. ^ http://www.endace.com/shared/media/documents/press/CaseStudyTradingMetrics.pdf

External links

• DAG and Data Stream Manager video (link broken)
• DAG Technology white papers (link broken)
• DAG Technology case study (link broken)
• DAG Technology brief (link broken)
• Endace directory entry at Cambridge Networks (link broken)
• The DAG project at the University of Waikato’s Computer Science department
• More information about DAG cards