Flow Actions Plugin

Netify DPI - Flow Actions Processor

In some cases, it is desirable to take real-time action on the network metadata provided by the Netify DPI Agent. This makes it possible to integrate DPI-aware solutions for:

• QoS and QoE
• firewalling
• routing
• and more

The Flow Actions Processor uses a powerful expression engine to match traffic based on DPI attributes of a network flow. These expressions are used to create datasets accessible to standard Linux network tools.

Flow Actions Examples

Here are just a few examples of the Flow Actions plugin in action:

• Blocking evasive VPN protocols
• Shaping the BitTorrent protocol with a QoS engine
• Implementing a MultiWAN routing policy based on application latency requirements
• Optimizing bandwidth by applications, protocols, and dozens of other fields
• Analyzing network performance at the application and protocol level

How It Works

Flow datasets are immediately available to standard Linux tools when flow criteria are matched against user-defined expressions in the plugin. For example, the plugin can be configured to create an IP Set for all streaming media applications (YouTube, Netflix, etc.). These datasets can then be used to block, shape, mark, or perform other actions on network traffic using off-the-shell tools:

• nftables - firewalling, audit trails, and QoS
• iptables - firewalling and marking traffic
• conntrack - connection tracking for managing connections and route changes
• ip rule - multiWAN routing policies
• tc - QoS engines
• dscp - DSCP flag control
• and more

The plugin supports three different integrations:

• IP Sets Integration
• nftables Integration
• Connection Tracking (CT) Labels Integration