Deep Packet Inspection primer

This deep packet inspection primer looks at how network operators use DPI for traffic management and analysis, and how net neutrality principles have made its use controversial.

Understanding deep packet inspection

Deep packet inspection is an advanced method of filtering data packets that uses non-header content (often the actual payload) to decide what action to take with the packet. DPI goes beyond shallow packet inspection and uses stateful inspection, which examines the packet header and information down to the application layer. The result is the ability to classify, reroute or block packets.

DPI has been used by service providers for network management since the 1990s, when the dominant networking procotol was moving from IBM's now-legacy Systems Network Architecture (SNA) to IP, which was carrying SNA traffic in tunnels. DPI's original mission was to enable special handling of delay-sensitive protocols over an IP network so they could be handled correctly.

Since the '90s, deep packet inspection has been used for a wide variety of purposes, including priority delivery for different user services (like voice and video), identifying spam, viruses or other defined criteria. In recent years, however, the use of DPI has drawn fire for potential anti-competitive uses that could violate the net neutrality principle that data packets should be moved impartially, without regard to content, destination or source. Beyond its valuable traffic management uses in next-generation IP networking, deep packet inspection can be used for other more controversial purposes, including eavesdropping and censorship.

Why you need to know about deep packet inspection

The controversy over deep packet inspection is not about the technology itself but whether a service provider has the right to examine end-to-end data to look at what the user is doing — a privacy rights issue. DPI has been helping carriers analyze traffic and deliver priority traffic for years, and growing amounts of voice and video traffic over IP accentuates that looking only at the IP header isn't a reliable way to guaranteed packet handling.

Telecom industry analysts expect the use of deep packet inspection to grow substantially in coming years because of its use in bandwidth management and traffic shaping not only in wireline networks but increasingly in wireless networks to target data-overload issues.

Deep packet inspection could be valuable in 4G mobile data traffic analysis because of its ability to look into cells, where a lot of wireless congestion occurs. While wireless operators and industry analysts see a place for DPI's use in wireless networks to enable cost-effective use of limited spectrum resources, optimal 4G practices will take time to evolve.

In terms of public policy, the future of DPI use is unclear because broadband regulation is going through global changes, which could also impact its use in terms of net neutrality and privacy regulations. Broadband wholesale service requirements that are being considered by regulators might prevent operators from spending on complex and expensive technologies like DPI if they are required to offer services to any provider at set rates.

"Balancing net neutrality issues with DPI might work if there's a regulatory shift toward allowing traffic engineering based on application and traffic type under some circumstances," according to telecom consultant Tom Nolle, president of CIMI Corp. "The question is deploying the traffic-handling options at the service or applications level legally."

What you need to know about deep packet inspection?

IP headers have not changed much over time and contain only basic information like source and destination address, which means they are not a reliable way to identify traffic types to assure the proper handling of priority traffic like voice and video. Deep packet inspection, on the other hand, has monitoring and traffic control applications – both of which are controversial due to the fear that carriers will manage Internet traffic to their own advantage.

In choosing how to implement DPI in your network, telecom consultant Tom Nolle, president of CIMI Corp., recommends first trying to use devices you already have that support DPI capabilities at the port level, in accordance with the networking principle of not acquiring more devices that could introduce delay and impact Quality of Service. This "switch-based approach" is adding the DPI feature to the switch as close to the network edge as possible. If adding dedicated DPI devices, operators need to make sure they understand what impact the equipment will have on delay.

In their need to increase average revenue per user (ARPU), mobile and broadband service providers can use deep packet inspection to offer tiered service plans rather than flat-rate services.

Specialized deep packet inspection vendors and a wide variety of equipment vendors market DPI technology as components of hardware and software firewalls. Infonetics Research estimates that deep packet inspection will be a $1.5 billion business by 2013, up from about $207 million in 2008. Aside from specific DPI devices, DPI capabilities can be turned on in existing network equipment that supports edge connections, which means that Deep Packet Inspection technology can exist as hardware, software or both.

As in many markets with standalone vendors vying with larger vendors, the DPI market will go through a period of mergers and acquisitions as larger companies round out their DPI portfolios, according to Infonetics OSS/BSS analyst Shira Levine. She also expects service providers to use a combination of integrated and standalone DPI solutions in their networks.

Deep Packet Inspection vendors: Alcatel-Lucent, Allot Communications, Arbor Networks, Cisco, Compuware Corp., Ericsson, IBM, Juniper, Microsoft, NetScout Systems, Nokia, Sandvine and Symantec.

This was last published in May 2011

Dig Deeper on Telecommunication networking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.