Deep packet inspection: Controversial but valuable traffic management tool

Tom Nolle, CIMI Corporation
04 Aug 2009

Many technologies somehow become defined by a single application, and for a few, that leads to controversy. Deep packet inspection (DPI) is on that list.

Unfortunately, nearly all of the publicity associated with DPI has come out of its use in behavioral targeting or in managing user Internet traffic, and much of this has been negative.

The truth is that DPI is an important tool in overall Internet traffic management because of some inherent limitations of the Internet protocol that can hamper effective monitoring and control of the network.

An IP packet header identifies the source, destination address and some basic information about the data itself. When IP was first deployed in a research and academic setting, this information was sufficient to enable efficient packet handling by the routers that direct packet flow and by the systems that originate and terminate them. But the Internet has changed profoundly in the last decade, and the IP header has changed very little. This has generated significant challenges for network operators.

Wanted: Increased packet information beyond IP header

Monitoring and handling traffic effectively requires having some knowledge of what kind of traffic the packet represents. The IP header doesn't have enough information to provide that. You need to look deeper into the packet to identify its application and mission, and for that you need deep packet inspection. DPI's monitoring applications have been accepted almost from the beginning.

The Remote Monitoring standard (RMON) defines "probes" that can look at packet data beyond the IP header to classify the packet by traffic type (voice, email, video, etc.) and by application. Vendors have offered proprietary monitoring products/probes with even greater ability to analyze deep packet data, and this information can be critical to network operators and enterprises in planning network capacity and managing quality of service (QoS).

The controversy around deep packet inspection for behavioral targeting is not about the technology per se. The issue is whether an ISP that is not an actual participant in a Web exchange between a browser and a server has the right to examine the end-to-end data to gain insight into what the user is doing. That question must be answered at the public policy level (and no consensus has fully emerged), but the monitoring applications of DPI alone would justify the technology even if applying it to behavioral targeting turned out to be a privacy rights issue.

IP headers miss the mark in identifying traffic type

The traffic control applications of DPI are even more significant than the monitoring applications, though they are also sometimes controversial. Everyone knows that "routing" is based primarily on IP address and may sometimes be based on things like the type of service, an element that's also included in the IP header. But service and QoS indicators in the IP header are not reliable ways of identifying traffic types to assure reasonable handling of priority traffic like voice or video.

With Internet users generating enormous traffic bursts from their ordinary surfing, some means of expediting time-critical applications in periods of congestion may be crucial to emerging applications like VoIP and Web conferencing. Deep packet inspection can be used to help separate the traffic that needs expedited handling, even where that traffic isn't easily distinguished by normal IP header fields like address or port number.

Related content

No Comments Yet! Be the first to share what you think!