Deep Packet Inspection - Is Big Brother here to help?

Deep packet inspection (DPI) is a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non-protocol compliance or predefined criteria to decide if the packet can pass. This is in contrast to shallow packet inspection, which is usually called just packet inspection, just checks the header portion of a packet. This form of filtering is enormously powerful and will enable a huge range of new value added services such as the Barefruit http error solution I mentioned in a previous articles and will enable significant new revenue streams.

From a technical perspective, DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures. The DPI will identify and classify the traffic based on a signature database and will allow the user to perform many things.

A classified packet can be redirected, marked/tagged, blocked, rate limited, and of course, reported to a reporting agent in the network. In this way, HTTP errors of different classifications may be identified and forwarded to Barefruit for analysis. Many DPI devices also perform the ability to identify flows rather than a packet by packet analysis.

DPI allows ISPs and cable companies to "readily know the packets of information you are receiving online ranging from e-mail, to websites, to sharing of music, video and software downloads" in the same way as a network analysis tool. This is the approach that Cable Operators and ISPs use to dynamically allocate bandwidth according to traffic that is passing through their networks. Thus a higher priority can be allocated to a VoIP call versus web browsing.

DPI is also increasingly being used in security devices to analyze flows, compare them against policy, and then treat the traffic appropriately (i.e., block, allow, rate limit, tag for priority, mirror to another device for more analysis or reporting). Since the DPI device looks at each individual packed, it can be used by ISPs to provide or block services on a user by user basis.

The continued growth in peer-to-peer (P2P) traffic presents increasing problems for broadband service providers. Internet service providers (ISPs) do not generate any revenue from delivering P2P traffic to their subscribers, and smaller ISPs face considerable peering costs when P2P traffic goes off-net. Even for ISPs large enough to cover these costs, P2P drives increasing traffic loads, requiring additional capex for no additional revenue. Moreover, a minority of users generating large quantities of P2P traffic can degrade performance for the majority of broadband subscribers using less-intensive applications such as email or Web browsing. Poor network performance increases customer churn, leading to a decline in service revenues.

Deep packet inspection (DPI) technology has emerged from the enterprise world into service provider networks to help mitigate the impact of P2P. According to most vendors, initial uptake of DPI was fastest in Asia, where problems with P2P traffic and high off-net traffic had been most severe. European broadband providers were also early adopters of DPI, but for another reason: Due to high levels of competition from digital subscriber line (DSL) broadband operators in many countries, service providers used DPI as a means to implement tiered service plans, to differentiate them from standard “all-you-can-eat" or "one-size-fits-all” data services.

In the U.S. market, multiple system operators (MSOs) such as Cable Operators were early adopters of the technology. This is because Cable Operators faced greater challenges than DSL providers in the last mile. For a Cable Operator, the last-mile bandwidth is shared among users, whereas in a DSL network a dedicated link is established for each subscriber. Smaller DSL operators were generally early adopters of DPI, as they suffered most from P2P-generated off-net traffic and peering costs. Recently, vendors note an increase in the level of request for proposal activity from large wireline and wireless operators in the U.S. It appears that several operators are looking to deploy DPI alongside their IPTV deployments in 2007.

Worldwide, network operators spent US$96.8 million (£48.4 million) on DPI in 2005, but the DPI sector grew by more than 75% in 2006, to about $170 million (£85 million) , and is forecast to exceed $586 million (£293 million) in 2010.

This may be one case where "Big Brother" really is here to help!