Skip to content

Industry Blog

DPI – Evolve or Die

Deep flow inspection should be a driver for monetization…not a dead investment

This article first appeared on SDxCentral in December 2 2016. Read the article here

There is one sure-fire certainty in the mobile data environment – it is constant and rapid change. Consider, for example, the growing demand for video traffic, the diversity of the internet of things (IoT), the transition to encrypted traffic and the virtualization of infrastructure. Moreover, the business need to monetize mobile data traffic is a key parameter when assessing how the demands of the infrastructure can be used not just to adapt to mobile data profiles – but to drive change.

If we look at traditional foundation components in the data path, such as deep packet inspection (DPI), the important consideration is how this ‘bump in the wire’ will evolve and change. DPI usually is used for network protection, analytics and enforcement. Can it be used to drive new service-oriented use cases that appeal to end-users, driving revenue uptake, or is it a dead piece of investment?

The question and challenge for DPI vendors is how to evolve in this marketplace and add value. The move to virtualization provides the opportunity to assess each functional component in the value chain of internet access; it is not a matter of a new API on a pre-existing fixed component.

The question on the business value of packet and flow classification is now combined with how quickly it can adapt to a rapidly changing protocol environment. Can it effectively classify traffic travelling via the next generation of virtualized infrastructure?

A large proportion of network traffic now travels over mobile. As such, DPI’s detection capability for mobile needs to keep pace with the changes in applications, application popularity and the long tail of internet activity. In addition, the efficiency of DPI is also challenged by the changes in protocol and regulatory landscape in which the telecom industry operates.

This in particular can be neatly summarized as the rise of encrypted traffic flows for all activities, as well as the changes to protocols themselves:

  • Social: Encryption easily justifiable for privacy protection
  • IETF: TLS 1.3, HTTP2 – security and abbreviated handshake by default
  • Google: UDP based traffic secure flows for streaming
  • Regulatory: Net neutrality questions the use of DPI
  • Business and operational planning: Data volume/scaling – is the scaling cost-effective for high data volumes?

These changes only add an additional source of significant transformation in a fast-moving environment.image-1-for-8-12-16-blog

Today’s mobile operator is managing the demand for data by innovative apps, the need to evolve infrastructure to reduce costs, and the conflicting demands of the internet to provide universal access while restricting how to operate as a business.

Over time, traditional appliance vendors have offered a range of functionality to complement deep flow analysis (e.g. CGNAT, firewalling, etc). As the network transitions into a virtualized environment, the network provider is in an ideal position to consider the functional building blocks of service chains and the best of breed vendors for each component.

This leads to some questions worth considering: Can DPI be more than fixed routing points gathering network traffic stats and managing fair use quality of service (QOS)? Can it become a revenue generating point by enabling application-based metering plans or promotional add-on services? What is the right strategy? That all depends on the business and technical needs.

Decision making: Does the DPI evolve into a decision-making hub for service chains in a virtualized environment? The issue here is that the decision making is more than classification – it will require layer #7 application level analysis, policy, session and profile data to put the classification in context so it can be meaningfully used.

 Cap & Grow Virtually: Re-assess the capability and use for classification in different flows – IOT flows, encrypted flows – perhaps in some cases using different DPI that specialize in different areas. This has the benefit of isolating functional components which can be easily virtualized and deployed in an agile service chain to meet demand.

Operators must be able to derive greater business and use it to provide new business use cases and boost revenues. Use cases can include:

  • Application-based billing model to provide network access at a price point that suits users’ preference for activities
  • Activity-based data plans – e.g. streaming, music, gaming
  • Application-based data metering and promotion
  • Internet of Things (IoT) based prioritization and access restriction
  • User-based, application-based prioritization for roaming
  • Enterprise-level data access controls
  • User-based content filtering

In addition, the core use case of packet inspection is key, providing network insights for traffic capacity analysis.

Another use case to examine is how packet and flow classification adapts to the changing dynamics of social network apps. Qualifying something as Facebook or WhatsApp is not enough. The activity within a session can change from messaging, to video, to VoIP, for example – and as it changes, differing network services and dynamic effective bandwidth allocation are required.

As we move to a 5G environment, the core ability to package data in new and differentiated ways will be needed to develop the business of building and operating networks. An evolved packet and flow inspection that is capable of handling the changing protocol, app and server demands, while remaining agile and flexible enough to be deployed as a foundational virtual component of the next generation of service chains, is critical.  Otherwise, we risk the business becoming a network of dark bit pipes.