VAS Experts: SCAT DPI Traffic Control and Analysis System

2025

Compatible with ITPod servers and DSS

ITPOD and VAS Experts continue to increase cooperation through a technology partnership. Cooperation between the two companies will make it possible to create compatible, deeply integrated and effectively complementary solutions that expand the functionality and technological capabilities of both vendors. VAS Experts announced this on February 10, 2025.

DPI traffic control and analysis systems (SCAT) from VAS Experts have been deployed on ITPOD servers from the Network Appliance line: ITPOD-MSR201-S06R-10P and ITPOD-ASR201-S08R. They meet all the requirements of the software and have passed the test tests of sharing.

The ITPOD Storage Full Flash and Hybrid storage systems for the Quality of Experience (DSS) analytics module have also been integrated. The collaboration of vendor solutions made it possible to organize a reliable and import-independent technology stack for storing data when their volumes exceed the storage capabilities on servers, and long-term storage for several years is required.

The strategic partnership with VAS Experts is an important step towards the implementation of time-tested and high-performance hardware and software complexes (PAC). The solutions of both vendors are aimed at import substitution and meet high corporate requirements for reliability, safety and speed of work, "said Ilya Bornyakov, CEO of ITPOD, ITG Corporation.

As technology partners, VAS Experts and ITPOD are working on all forms of cooperation to create a high-quality integrated solution. Traffic control and analysis requires fault-tolerant, high-performance hardware and large amounts of statistical data storage. All this is possessed by domestic solutions from ITPOD, - concluded Artem Tereshchenko, Development Director of VAS Experts.

Testing work in vStack Telco Cloud

VAS Experts has completed testing of the DPI SCAT network traffic control and analysis system in the vStack Telco Cloud virtual infrastructure. The study confirmed the high efficiency of SCAT as a VNF (Virtual Network Function), providing accurate recognition of masked traffic and stable performance in the cloud. The company announced this on February 3, 2025.

During testing, VAS Experts organized the SCAT CG-NAT VNF cluster using the SCAT L3B balancer in Telco Cloud.

The study showed that DPI SCAT retains high fault tolerance rates in a virtual environment. In case of failure of the VM SCAT L3B, traffic is automatically redistributed between the remaining nodes using ECMP (Equal-Cost Multi-Path Routing), minimizing the impact of failures. Similarly, if the CG-NAT SCAT VM fails, the system evenly distributes the load between the remaining nodes without balancing at the subscriber level. This is achieved by using the resilient hashing algorithm taking into account Source IP.

{{quote 'Telecom operators are moving from using physical networks to cloud-based solutions to increase flexibility, sustainability and reduce operating costs. This approach is radically different from the traditional model based on specialized equipment. Operators now need to develop and manage services in data centers that integrate both physical and virtual ecosystems while ensuring compatibility with competitive vendors. That is why we are testing our solution in various infrastructures, - summed up the development director of VAS Experts Artem Tereshchenko. }}

DPI 13.2 SCAT

VAS Experts, a developer of solutions for analyzing and managing network traffic, has presented an updated version of SCAT DPI 13.2, which was released in 2024. The update includes significant functionality improvements aimed at improving the efficiency, safety and flexibility of operators. The company announced this on January 21, 2025.

In this version, BRAS components have been improved: mechanisms have been added to monitor subscriber activity and load balancing on Radius servers, a local DHCP server with IPv4 and IPv6 support has been implemented. These changes help you effectively use your address space and minimize attack threats.

Integration of DNS functionality in SCAT DPI expands the capabilities of traffic management. DNS response substitution has been implemented to optimize load sharing, and mechanisms for detecting illegitimate traffic have been added. In addition, the SNI analysis algorithm has been modernized, which allows you to better adapt to changes in network protocols. Monitoring mechanisms such as SNMP-D and Syslog are implemented in the system, and the VASE-CLI interface provides convenient centralized management of all components. TACACS + support is also implemented for flexible access control for administrators.

When implementing the update, we focused on improving authorization tools, improving system resiliency, integrating new monitoring and security mechanisms. We will continue to develop our solution for analyzing network traffic in order to provide operators with advanced tools for network management, "said Artem Tereshchenko, Development Director of VAS Experts.

2024: Integration with Kaspersky Threat Data Feeds

VAS Experts combines the capabilities of the Kaspersky Threat Data Feeds tool and the Quality of Experience (QoE) traffic analytics module of the SCAT DPI multifunctional platform for monitoring viral activity. As a result of the integration, it was possible to implement a highly effective solution for analyzing and countering cyber threats. VAS Experts announced this on December 27, 2024.

Kaspersky Threat Data Feeds is a structured, constantly updated and voluminous database of various types of cyber threats, such as DDoS attacks, phishing sites, botnet networks, spam and other malicious influences. Using its own crawlers, spam traps and botnet monitoring systems, Kaspersky Threat Data Feeds tests, analyzes and collects data on all known cyber threats into a single reference book.

To implement a joint solution from VAS Experts and Kaspersky Lab, a synchronized copy of the threat database was located on the server with statistics of user behavior. There are 16 types of feeds in it, of which SCAT DPI works with seven main ones: Malicious URL, Phishing URL, Botnet C&C, Mobile Botnet, IP Reputation, Ransomware URL, IoT URL Data.

Then, user behavior statistics on SCAT were compared with the threat database, which made it possible to draw conclusions about potential threats within the data center network.

Pros of the solution include:

• Identification of users with viral activity.
• Detection of botnets at an early stage.
• Determine the degree of network infection.
• Create a list of threats and infected users for the network administrator.

The integration of Kaspersky Threat Data Feeds solutions and the SCAT platform from VAS Experts is a powerful tool for monitoring and countering cyber threats in data center networks. Testing made it possible to identify users with viral activity, detect botnets at an early stage, determine the degree of network infection, compile a list of identified threats and infected users for the network administrator. Then the network administrator was able to quickly and effectively solve the problems that arose using SCAT, namely: limiting or blocking users using policies on network devices, uploading data on infected users for development by technical support specialists, "summed up Artem Tereshchenko, VAS Experts Development Director.

2017: DPI 7.0 SCAT

In version 7.0, in addition to improving the main functions, the current IPv6 protocol has been added and the BRAS and CG-NAT capabilities have been expanded.

1. Initial IPv6 support:

• filtration,
• protocol recognition,
• exporting metadata
• Export IPFIX/Netflow v10.

2. L2 BRAS functions:

• VLAN/QinQ termination (automatic removal and tagging of traffic transit through DPI)
• DHCP relay (proxying DHCP requests from private subnets to an external DHCP server and monitoring the issued IP addresses);
• DHCP-Radius gateway (the ability to request DHCP settings via Radius without the DHCP server)
• IP Source Guard.

3. Radius Accounting (a possibility of accounting of subscriber traffic under the Radius protocol).

4. Supports GRE tunneling via built-in NAT (PPTP/GRE ALG).

2016: SCAT DPI 6.0

On December 14, 2016, VAS Experts announced the release of SCAT DPI 6.0 Sevastopol.

The solution combines the accumulated experience in developing previous versions of the product and knowledge in the field of deep traffic analysis.

DPI 6.0 Sevastopol SCAT contains the following functionality:

• The full set of functions for working as L3 BRAS:
• Expanded support for working with Radius servers:
• authorization of subscriber sessions, loading of policies (settings of the tariff plan and services), blocking by balance;
• supports dynamic policy management through CoA and Disconnect events.
• Polishing the subscriber band in accordance with the tariff plan.
• QOS, prioritization of traffic within the subscriber band by protocols and directions.
• Supports subscribers with dynamic IP addresses and arbitrary number of addresses.
• Development of NAT - improved support for full cone mode, added the ability to assign NAT service for users with a mixed set of gray and white addresses.
• Added export to IPFIX and hostname log for HTTPS, QUIC, and resource lock feature.
• Supports the PCRF policy management server (external or integrated).

VAS Experts continues to rapidly expand the capabilities of SCAT DPI, increasing its value to existing and new customers and reducing payback times. Using a general-purpose hardware platform, the possibilities for its further development are almost unlimited, and the licensing policy protects the investments previously made by customers, allowing you to linearly scale the solution and take into account the already purchased licenses in the cost of the upgrade. This makes our DPI platform a unique and most profitable offer on the market, which is confirmed by the number of installations in Russia and abroad. Dmitry Moldavanov, CTO of VAS Experts

The SCAT solution is available under three licenses - Entry, Base, Complete. The L3 BRAS and CG-NAT functions are part of the Complete license.

Basic description of DPI SCAT

SCAT "Traffic Control and Analysis System" - Deep Packet Inspection platform provides packet inspection, performs traffic classification and processing. Opportunities:

• BRAS with DualStack IPv4/IPv6 and L3 (IPoE) and L2 (DHCP, PPPoE, ARP) modes
• Traffic Analysis at L2-L7 Levels by OSI Model with Quality of Experience Visualization
• Filtering of sites according to the register of the ILV and the Ministry of Justice, according to their own white and black lists
• Prioritizing traffic across protocols and applications to ensure high quality of service (QoS)
• CG-NAT and NAT 1:1 with unloading of logs for SORM
• Detection of more than 6000 protocols
• Support for "in-gap" operation patterns, with out-traffic asymmetry, with traffic mirroring
• Management of subscribers with dynamic IP addressing, with multiple IP addresses
• Simultaneous support of several types of Netflow: full, total by classes and subscribers for billing, by protocols and directions (AS)

See also

• Blocking sites in Russia

• Copyright on the Internet
• Internet censorship. World experience
• Censorship (control) on the Internet. China experience
• Censorship (control) on the Internet. Experience of Russia, Roskomnadzor, GRCC
• Runet Regulation Act
• VPN and privacy (anonymity, anonymizers)
• Autonomous Internet in Russia
• SORM (System of operational-search measures)
• State System for Detection, Prevention and Elimination of Consequences of Computer Attacks (State system of detection, prevention and elimination of consequences of computer attacks)
• National Internet Traffic Filtering System (NaSFIT)
• Yastreb M Statistika of telephone conversations
• How to get around internet censorship at home and in the office: 5 easy ways
• Auditor - site blocking control system in Russia