Tip

Deep packet inspection: Who needs it for network traffic management?

The need for dedicated deep packet inspection (DPI) equipment has arisen out of the constant struggle between network managers and customers who use more than their fair (or authorized) share of network resources.

    Requires Free Membership to View

If DPI is not banned in your jurisdiction, your competitors may surprise you by using it to their advantage.
Ivan Pepelnjak
Chief Technology AdvisorNIL Data Communications
Ideally, applications running over the Internet should be identified by their well-known TCP or UDP port numbers. For example, Web requests are services coming in through TCP port numbers 80 and 443.

Some network managers have started blocking access to services and websites they felt users were not entitled to access (often including social sites or peer-to-peer (P2P) applications accessed via corporate networks, for example). Then the authors of these applications started using all sorts of obfuscating tricks and even payload encryption to get around the filters. The only (somewhat) reliable way to identify these stealthy applications, therefore, is through actual traffic flow analysis (or a thorough inspection of the first packets in the traffic flow). As the analyzing equipment has to look beyond the TCP headers, the technique is called deep packet inspection.

The past controversial uses of deep packet inspection to block P2P applications gave the technology a bad name, and its use might also be legally questionable (or even forbidden) under some regulations or laws. I believe the partisans of deep packet inspection banning did great damage to the majority of Internet users who never tried to squeeze the last drop out of the network. Now, even when they could benefit from deep packet inspection, they're not allowed to use it.

Deep packet inspection resources

Controversial but valuable, a look at deep packet inspection for traffic management

Carriers gain granular mobile data traffic analysis from DPI software

Why service providers should take bandwidth management above-board

Just take a look at what Comcast had to do. After its initial DPI debacle, it chose to implement a much more fair scheme that does not use deep packet inspection. Whenever the network becomes congested, it limits heavy users (those who exceed 70% of their provisioned bandwidth within a 15-minute interval). Those users experience degradation of all services during network congestion, however, including any third-party real-time services they might be using (Skype, for example). As typical households have more than one workstation connected to a cable modem, kids downloading movies could put subscribers into the "heavy users" category and affect third-party voice services.

Carriers might decide to stay on the safe side, avoid the whole deep packet inspection debate and group users exclusively on the amount of traffic they generate. But if deep packet inspection is not banned in your jurisdiction, your competitors may surprise you by using it to their advantage. They may decide to identify P2P traffic and make it low priority, excluding it from traffic caps and thus endearing themselves to anyone using P2P applications. You probably can't afford that, so you should investigate the deep packet inspection technology, try to see how your services can benefit from it, and start equipment evaluation and pilot projects as soon as possible.

Back to part 1: When carriers need dedicated boxes for effective network traffic management.

About the author: Ivan Pepelnjak, CCIE No. 1354, is a 25-year veteran of the networking industry. He has more than 10 years of experience in designing, installing, troubleshooting and operating large service provider and enterprise WAN and LAN networks and is currently chief technology advisor at NIL Data Communications, focusing on advanced IP-based networks and Web technologies. His books include MPLS and VPN Architectures and EIGRP Network Design.Check out his IOS Hints blog.


This was first published in December 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.