Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Busting the DPI Myth: Deep Packet Inspection Provides Benefits to

advertisement

Busting the DPI Myth: Deep Packet Inspection Provides Benefits to End Users and Operators

Alike

Long suspect as a means of invading privacy by shadowy governmental and non-governmental forces, deep packet inspection has become a vital tool in network security and efficiently allocating the ever growing demand for bandwidth. by: Karl Wale , Radisys

In recent years, exploding data usage, particularly mobile video traffic, has led to a substantial increase in the demand for bandwidth. Video data usage, including over-the-top (OTT) service, will continue to increase exponentially during the next few years with video projected to be the leading bandwidth drain by a factor of two or more over its nearest bandwidth rival (Figure 1).

Combined with the prevalence of smartphones, almost everyone could potentially be considered a “disproportionate” user, leading operators to turn to Deep Packet Inspection (DPI) as a technique for enhancing network efficiency, prioritizing traffic and helping differentiate levels of service.

DPI, defined broadly as the ability to collect and utilize network information, provides a sophisticated tool for maximizing broadband service providers’ return on investment (ROI), while also ensuring higher-quality service for users.

In its early days, myths perpetuated about DPI as a mode for operators to violate users’ privacy, as well as to penalize individual applications (and their respective companies or services), leading to a wider debate about privacy and net neutrality. Changes in the implementation of DPI ensued. From shifting target advertising from “opt out” to “opt in,” to a change in approach toward anonymous data collection, DPI evolved to a much less controversial state. Now, DPI use is very widespread, being used to identify, segment, re-direct and police traffic for the greater good. Rather than being an invasion of privacy, this must-have network technology benefits end users by enhancing their Quality of Service (QoS) and Quality of Experience (QoE). This also helps operators mitigate churn due to poor QoS or QoE.

DPI Applications and User Scenarios

The current outlook for DPI is promising as a solution for the growing number of applications and users competing for bandwidth. Operators can leverage DPI for a variety of applications, including:

Network offloading

Video gateways

Policy enforcement

Network security

Network and subscriber analytics

Lawful Intercept

Content optimization and security

Billing and metering

Local content caching

Application distribution and load balancing

DPI can address the common threads among these applications that are competing for bandwidth. DPI’s role is to sort through all of this traffic and apply the appropriate policies. The stand-alone market for policy solutions, Policy and Charging Rule Function (PCRF) and Policy and Charging Enforcement Function (PCEF), is projected to grow to about $1.5B by 2015/2016 according to multiple research reports. PCRF determines policy and charging rules for controlling service data flows and IP bearer resources, as well as generates Policy and Charging

Control (PCC) rules. PCEF enforces PCRF policies and charging decisions by performing functions such as traffic shaping, DPI, flow marking, and Quality of Service (QoS) control

(Figure 2).

Policy enforcement is changing from its roots in network protection to focusing on delivering

QoS and QoE. This evolution includes PCEF/PCRF solutions becoming more aware of the specific needs of the mobile network such as location awareness for better policy application and more aware of tiered services that reflect the needs of individual subscribers. However, operators need to ensure that any revenue generating services are viewed as being fairly applied and that specific packages don’t favor one application over another to stay within net neutrality rules – which are well understood, but mustn’t be forgotten in the future.

With regard to user data experience—a key factor in network churn—DPI is facilitating numerous modes of network optimization by aiding the improvement of quality of experience and delivering dependable and reliable service. Without DPI, service levels would suffer and perhaps even reach halting levels of bandwidth saturation. For example, though the 3G network was never designed for the bandwidth demands of a smartphone, most smartphones still frequently connect to this network (Figure 3). This creates a need for DPI to optimize 3G networks and reallocate bandwidth during the rollout of LTE. While LTE is still in the works, it will not provide the coverage requirements soon enough to ensure continuity of service. Once again, DPI is coming to the rescue and is a significant part of the solution. This need for DPI and policy solutions remains relevant in the LTE era, although there is a wider debate regarding standalone DPI vs. integrated solutions with Security and Packet Gateways.

In addition to wireless network policy, growing video data delivery requirements also call for the use of DPI’s unique technology to optimize bandwidth use. In fact, during the next few years, video data is projected to become the primary consumer of bandwidth use on smartphones. DPI helps streamline the delivery of video content by analyzing specific HTTP and URL requests to determine their origin, along with the user’s handset capability. By understanding these elements, traffic can, if necessary, be redirected to a video optimization gateway, where it is then compressed before being sent to the handset. Using DPI to identify sessions and then optimize video streams can significantly reduce bandwidth use. Being able to identify and compress certain high-bandwidth applications is crucial to running an efficient network, as well as to ensuring a quality user experience, whether it is streaming video through YouTube or making a video call on Skype or FaceTime.

Outside of the video content realm, DPI, via the PCEF, helps core networks manage the

amount of data entering from the Internet on the Gi interface. Further down in the mobile core on the Internet User Profile Survey IUPS interface, DPI also facilitates the offloading process and helps ensure that non-essential data traffic enters or exits the network further downstream, allowing it to bypass certain core network and backhaul restrictions that may be present. With alternative network data entry points, network operators can set up connections to enter closer to the Radio Access Network (RAN), overcoming some of the backhaul limitations. In this case,

DPI acts as part of the solution that allows operators to look at network access requests and determine whether to carry traffic via the core network to the user, or to route the traffic through an offload gateway.

We also need to consider the role of network probes. In the core network, network probes are used extensively to monitor data bandwidth, latency and signaling plane performance. Due to the massive increase in applications used by smartphones, today’s network probes must become application aware. This means that they must understand which applications are consuming bandwidth, how they behave within the network, and how this behavior affects other running applications. This level of awareness is critical to running an efficient network. DPI adds this application awareness and allows network probes to identify and mitigate issues.

Finally, DPI is a critical component in enabling network security. Whether it is DDOS, anti-X, firewall or access control, DPI provides the tools necessary to keep subscribers and the networks safe.

DPI Devices

Considering that network operators have both an obligation and a vested interest in providing increasingly robust DPI solutions, devices that work alongside low- to high-density platforms and support a wide array of bandwidth optimization and security services are very useful for fulfilling DPI. What is important is that operators can scale their DPI solutions to fit their network needs as network capacity grows. For DPI in particular, the challenge is how to scale at a rate beyond Moore’s Law, growing from 100Gbit/s in a system to 1Terabit and above within the next few years.

DPI can be deployed across many devices from network appliances to rackmount servers to high-capacity bladed platforms such as AdvancedTCA (ATCA), allowing operators to scale as appropriate to their networks. Today, ATCA provides a highly scalable solution with promise to deliver 1Tbit or greater in the near future. Being a bladed environment with a hub-spoke (switch to payload) architecture, ATCA is suitable for centralized IO that connects to the network. This centralized approach makes it a good fit for implementing centralized load balancing across the system (Figure 4). Load balancing and DPI often go hand in hand, whether it be L4 IP based, L7 application aware, and stateful or stateless. Different applications have different needs, but

Radisys’ ATCA platforms have been able to address almost all of the needs seen to date across all of the applications highlighted above. This is in part due in part to having the application knowledge and intimate understanding of the CPUs and switching silicon.

Alternatively, some applications may only need to scale to 10-20-40Gbps in some locations.

However, these applications still need the same serviceability and carrier-grade capabilities associated with larger ATCA systems. In these scenarios, devices such as the RMS-220,

Radisys’ 20-inch deep, carrier-grade network appliance platform, are well-suited. The RMS-220 and similar products from other vendors aim to combine the benefits of an Intel-based rack mount server, with the IO capacity of a custom network appliance, and the field replaceable unit

(FRU) serviceability of ATCA. This allows craft technicians to repair without removal from the equipment frame, leading to significantly reduced mean time to repair (MTTR) – a critical influence on system availability and uptime calculations.

Amid the increasing relevance of network monetization, bandwidth optimization and security,

DPI-based solutions such as network monitoring, policy enforcement, lawful intercept and security remain in high demand. A proven tool with a growing range of applications, DPI provides our network operators with the tools to keep us and our networks safe and ensures bandwidth is allocated fairly to promote the optimal experience for all users.

From a technical standpoint, many opportunities exist for DPI to play a role in future applications. This is good news for innovation within the industry—as well as for the start-up culture of many regions—as it promotes companies, jobs and economic growth. Companies like

Radisys are well-equipped to meet the growing need for accommodating much larger data, as well as translating the value and power of DPI technology to the non-expert.

Radisys, Hillsboro, OR. (503) 615-1100. [www.radisys.com]

Related documents
Sample Online Application~PowerPoint
Sample Online Application~PowerPoint
How to Read a Book
How to Read a Book
Ch. 26 The Magnetic Field
Ch. 26 The Magnetic Field
WI Common Core Stds ppt - Reedsville Public Schools
WI Common Core Stds ppt - Reedsville Public Schools
Artifact 3A Needs Assessment
Artifact 3A Needs Assessment
Journal-ready Graphs
Journal-ready Graphs
ArtyomChurilinSlides
ArtyomChurilinSlides
Maps, photographs, and figures for e-theses.
Maps, photographs, and figures for e-theses.
PRESS RELEASE Rome, 29 July 2014. The Board of
PRESS RELEASE Rome, 29 July 2014. The Board of
Download
advertisement