Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Networks

Understanding deep packet inspection (Part 1)

Posted: 19 Jun 2013 ?? ?Print Version ?Bookmark and Share

Keywords:Deep packet inspection? IP? network? DPI? server?

Deep packet inspection (DPI) is a kind of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for defined criteria to decide what, if any, action should be taken by the network on that packet.

A classified packet may be redirected, marked/tagged, blocked, rate limited, or reported to a reporting agent in the network. Many DPI devices can identify packet flows (rather than packet-by-packet analysis), allowing control actions based on accumulated flow information.

Typical identification parameters include source and destination IP and ports. Some devices support far deeper inspection of packets to examine the metadata of protocols used and may use these for reporting and classification.

DPI enables a range of network services including network optimisation, flow inspection, data flow management, security and application monitoring. These services may be called many thingssuch as user experience optimisation, policy definition and enforcement, quality of service, tiered services, or lawful intercept, but can be fundamentally grouped into classes of application with similar requirements.

Use cases
There are many different application models where DPI can be used to improve overall application usability and security.

Figure 1: The primary use cases for deep packet inspection.

Network optimisation
Unmonitored and uncontrolled traffic flow through a network operator's network can result in undesired interruption of service due to overload conditions at various places in the network. This can be caused by peer-to-peer (P2P) traffic, distributed denial of service (DDoS) attacks and other events.

As a result, the undesired interruption of service can endanger customer loyalty by impairing the operator's quality of service (QoS). In order to avoid such events, operators use a variety of techniques that can all be summarised as DPI applications, and that can all be brought together in the deployment of a common kind of DPI system.

Flow inspection
Flow inspection analyses the network traffic based on flows (connection between a given client and a given server). This connection is analysed and classified in order to align with carrier policies and requirements, thus allowing the carrier to monitor network usage by both application and total load. This, in turn, enables network operators to review their policies and take appropriate steps to ensure data flow and network integrity.

Improved data flow
Deep packet inspection can also be used to optimise the data flow inside a network. Knowing which flows are dominant at what time of day (and what day), allows dynamic configuration of the network to the respective load factors, thus improving user experience.

This knowledge additionally allows network operators to throttle traffic that is not preferred at a given time, adding headroom to priority traffic. Depending on the level of background information available in the operator's network, this capability can be used to manage service levels.

Security and application monitoring
Finally, an area where DPI is used extensively is the intelligent application monitoring and security arena. DPI techniques can be used to understand and interpret network messages between web server, application server, and actual applications in high-load applications.

DPI can be adapted to find the right messages, analyse the content and remove malformed or malicious content that was injected in order to break into the application. Similar techniques are applicable for security applications, where, in this case, the traffic is being monitored to protect the inside of the network, keeping out malicious content.

1???2?Next Page?Last Page

Article Comments - Understanding deep packet inspection...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top