DPI
Tailoring Services
DPI
Deep Packet Inspection (DPI) is the technology that refers to devices and technologies that inspect and take action based on the contents of the packet "payload" rather than just the packet header. Once DPI algorithms determine what content is in the payload, traffic information can be logged and actions triggered in network elements as necessary depending on the application. These functions need to happen in real-time in order to evaluate and act on service heuristics or generate billing information.
Market Drivers
DPI equipment was initially deployed to control spiraling volumes of peer-to-peer traffic, but its use has widened because DPI has proven relevant in a number of other contexts, including network security, service packaging, and service management.
Network economics have created a demand for DPI technology since traffic volumes have been growing, forcing fixed line broadband service providers to invest in new network infrastructure. The prices of these services though have remained flat or decreasing forcing service providers to use DPI to best understand network usage in order to build out the right amount of infrastructure at the right time and to prioritize traffic to improve their profitability.
And demand for DPI is no longer limited to the fixed line telecom sector. Mobile operators, with ever increasing data service speeds will face the same need as they roll out advanced multi-media services to increment ARPU in the face of flat rate voice and data plans.
Investment in DPI is a global phenomenon, and demand for DPI capability will grow as carriers upgrade their networks and as customers continue to use more and more bandwidth-hogging applications. Consequently, the market for DPI technology and DPI-based applications is expected to grow substantially over the next few years.
Benefits of the DPI Approach
There are four fundamental benefits for implementing DPI network platforms:
- Maximize service revenue
- Help to identify and define new services
- Minimize network capital expenditures (CapEx) and operating expenditures (OpEx)
- Limit the risk of security threats to the network
Service providers have successfully deployed the first generation of DPI products. These are application-specific point products targeted at solving very specific problems in the network; for example, controlling P2P traffic, preventing network intrusions, or implementing network access control based on identity and policy.
Going forward one of the key drivers for DPI network deployments is maximization of service revenues and profitability. Programmable DPI functionality allows service providers to offer a wide variety of value-added services on top of basic broadband access. Premium services require traffic management, monitoring, and content modification at the application layer. With these capabilities, service providers will be able to monitor and bill for advanced value-added service usage that will contribute to increase subscriber ARPU.
It is equally important that service providers minimize network capital and operating expenses as new services are rolled out without scarificing customer satisfaction. This means that network utilization must be optimized to deliver fair network use based on customer, application, service pricing, and service dynamics.
Technology Requirements
DPI Functions and Use Cases
DPI can be used as a function all several elements in service provider networks including
- 2.5G/3G/3.5G SGSN/GGSN
- LTE Serving and PDN Gateways
- ASN Gateway
- Wireless Security Gateway
- Femtocell Gateway
- Media Servers
- Internet Offload Gateway
DPI functions can be used by service providers for:
- Lawful intercept — DPI enables operators to meet the requirements of the Communications Assistance for Law Enforcement Act (CALEA) and its international equivalents to ensure that security services can use equipment for surveillance, in particular for VoIP traffic.
- Policy definition and enforcement — Service providers obligated by the service level agreement with their customers to provide a certain level of service.
- Targeted advertising — By monitoring Web-browsing habits in a very detailed way, DPI allows service providers to gain information about their customers' interests, which can be used by companies specializing in targeted advertising.
- Traffic Management — DPI enables traffic throttling, blocking at a flow or application level. This has become especially important as bandwidth-hungry, priority-packet multi-media usage has skyrocketed, mainly in the form of Voice over IP (VoIP) and video/audio over IP.
- Quality of service — Monitor peer-to-peer (P2P) application traffic to limit the continuous transfer of very large files, music and videos.
- Tiered services — Mobile and broadband service providers use DPI as a means to implement tiered service plans, to differentiate "walled garden" services from "value-added," "all-you-can-eat" and "one-size-fits-all" data services.
- Revenue generating applications — The next logical step for DPI, once a service provider has it in place, is to use the investment to generate income. This packet-level knowledge can enable tiered QoS offerings, customized pricing and billing, reliable event-based billing, targeted advertising, ad tracking, parental control or enterprise content blocking, and digital rights management.
- Security — DPI is playing a growing role in security applications. It is being used to fight spam, phishing, distributed denial of service (DDoS) attacks, botnets, viruses and other threats.
- Copyright enforcement — DPI can help enforce copyrights for content copyright owners or content protected by courts or official policy.
Key DPI functional requirements:
- Software flexibility — DPI network infrastructure must be flexible, allowing for significant software flexibility, scalability and in service software upgrades.
- Active and Passive Monitoring — DPI products need to monitor how subscribers, services, and applications are using the network, so service providers can utilize this data in network planning and engineering.
- Full Packet Scanning — DPI devices must be able to scan every packet at line speed. Scanning must include all network protocol layers as well as application content.
- Billing Policy and Control —DPI software needs to be customizable to understand different data and usage patterns in order to create appropriate billing information.
- Traffic Classification and Management — Classification of network traffic must be flexible and allow service providers to classify traffic by multiple parameters which include: subscriber, service, application, origin/destination, IP address, and other parameters related to services and protocols.
- Packet Modification and Content Insertion — In some cases it be necessary for DPI functions to modify packet headers or application layer content.
Radisys ATCA DPI Solutions
The commercially proven, ATCA open hardware specification is designed from the ground up to meet the demanding need of evolving networks and video services with service delivery packaging that provides unparalleled scalability, responsiveness, modularity, and flexibility to meet ever increasing mobile video usage.
RadiSys offers the broadest portfolio of ATCA products that includes switching, x86 based, packet processing and media processing boards with latest silicon technologies to deliver optimal configurations for DPI applications. RadiSys ATCA Application ready platform also includes integrated chassis, OS, diagnostics, system manager, and high availability middleware. This platform can be configured for robust performance for both 10G and 40G technologies.
- As a sample configuration, DPI solution can be built using Radisys Promentum 2U/5U/12U ATCA System (includes ATCA-2210 switch), ATCA-7220 Packet Processing Module for Packet Inspection and Model Translation, and ATCA-4500 CPU module for Management, Analysis, Model Translation, State Matching needs. Virtualization SW and tools are available for optimizing performance. ATCA 4.0 evolution to 40G allows this architecture to smoothly scale to higher performance as network demands grow
Learn more about RadiSys' application-ready Promentum ATCA platforms and building blocks for this application at:
