In the dynamic world of network traffic management, the concept of Deep Packet Inspection (DPI) has been a subject of intense debate in recent years. As concerns around data privacy and cybercrime have grown, the use of encryption technologies to secure data across public and private networks has become commonplace, leading many to argue that DPI is a dying technology or a “dead piece of investment”. There is some logic to this argument, but there’s more to this debate than meets the eye.
It isn’t that DPI has become antiquated or obsolete in a modern network environment, but rather our use of it in a modern context. If we allow our application of DPI to evolve, its place in analyzing and securing traffic in a contemporary network environment becomes clear.
First, let’s look at DPI in more detail. What is it, why does it exist and how has it changed over the years?
The evolution and importance of deep packet inspection (DPI)
DPI has long been a cornerstone of network management. It’s a sophisticated method of examining and managing network traffic and has been a key enabler of complex network analytics. Unlike traditional packet filtering — which only checks the packet header — DPI uses a combination of heuristics and flow analysis, in effect not just looking at a single packet of bytes, allowing it to spot, identify and control applications that use dynamic ports or hide behind standard protocols.
This is an important distinction, because the genius of DPI lies in its ability to provide granular control over network traffic, enhancing security, fraud protection but also providing regulatory enforcement and monetization options. The approach here is to stop the threat from penetrating too far into the network for too long – i.e., stop it at the edge. This area is evolving exponentially combined with more distributed systems necessitates a software-based DPI solution that can be flexibly integrated and used at core and edge.
Internet Service (ISPs) use DPI to classify and manage network flows and understand consumption patterns – e.g., manage tethering plans. Another example is in corporate networks, where DPI is used to enforce acceptable use policies. It can identify non-work-related traffic, such as social media or video streaming and limit or block such traffic to ensure network resources are used effectively. In that regard, DPI still plays a crucial role in maintaining network security and efficiency – it’s an invaluable tool in the network management toolkit.
In recent years, DPI has continued to evolve from merely monitoring traffic to providing key quality of experience (QoE) metrics that measure and affect network quality. It’s extended its capabilities to include traffic prioritization, traffic routing and additional monetization capabilities such as URL filtering and parental control.
The limitations of legacy hardware
Despite the usefulness of DPI, the advent of 5G and the subsequent expansion of mobile traffic has rendered it difficult to scale. Physical boxes, once the mainstay of DPI, have struggled to scale as network footprints have expanded. The cost and logistics involved in the installation of fixed boxes to facilitate DPI have simply become too prohibitive, leading to the “dead piece of investment” argument.
That doesn’t mean DPI is no longer useful, but that the mechanisms behind delivering DPI-based monitoring and optimization solutions must evolve. It is about the way DPI is implemented and used as it has an extremely valuable and important role to play in network functionality. Put simply, DPI needs to transition from a hardware-based solution to a cloud-native solution. An investment in fixed physical box is sunk cost rather than strategic thinking.
DPI is dead, long live vDPI
Our position is that it’s time to reassess the role of DPI in the modern network landscape. We advocate for a shift away from the traditional, hardware-based approach to a more flexible, scalable and cost-effective cloud-based solution. When considering the future of DPI, three core points should be considered:
Does it cover the use cases required, and in the right way?
The core use cases of traffic classification, marking and routing are fundamental to any network DPI capability. These are measured on coverage and accuracy. As the internet and apps are changing constantly, it can’t be 100% – but 97/98% coverage is good.
Does it add value?
DPI should not just be about monitoring and enforcement. It should also provide value in terms of improving network quality, enhancing user experience and enabling new monetization opportunities.
Does it scale?
With the rapid growth of network traffic, especially with the advent of 5G, DPI solutions must be able to scale efficiently. This is where cloud-native solutions have a distinct advantage over traditional hardware-based solutions.
Software-based DPI use cases in a modern network environment
In the face of mobile traffic expansion, it’s time to assess where and how this once-physical component should evolve or whether it should be replaced by a cloud-native solution. The opportunity is also there to consider the role of packet classification, how it keeps up with the fast-changing app space and future use cases that DPI might be needed for.
1. Quality of Experience (QoE) and Traffic Reporting
Enea DPI measures essential parameters like packet loss, jitter and round-trip time for every user data transaction. Coupled with real-time application and flow classification, Enea provides a detailed breakdown of connection, application and user data for crucial quality metrics. This data is vital for network management, allowing for the classification and enhancement of the quality of service monitoring for mobile data and applications.
2. Monetization of Mobile Services
With the intelligent application of software-based DPI, businesses can identify which applications are in use on mobile devices. This capability is especially beneficial in remote work settings or roles where employees typically use personal devices to connect. Differentiating services like tethering, Peer to Peer streaming, VOIP access and gaming can be identified. Depending on the regulator, these can be considered as add-ons to data plans.
3. Regulatory Monitoring and Fraud Detection
Enea’s DPI technology ensures secure access, detects potential misuse and enforces local regulations. It plays a pivotal role in mirroring, preventing zero-rating fraud and other regulatory requirements. The content of applications remains encrypted, allowing for distinct classification of messaging/chat from voice calls. This differentiation ensures that VOIP calls can be permitted or blocked based on usage policies, ensuring compliance with local regulations.
4. Network Management and QoS
Through the adept use of software-based DPI, businesses can detect applications being used on mobile devices. This is especially useful in remote work contexts or roles where employees typically use their devices when connecting through specific access points. Furthermore, software-based DPI can detect when mobile device applications initiate VOIP calls, ensuring that the application content remains encrypted. Messaging/chat can be classified separately from voice calls, allowing VOIP calls to be allowed or blocked based on usage policies.