The DPI Story – Part I – What is DPI?

The Internet and its underline architecture, TCP/IP (now celebrating its 40 anniversary), was simple yet very naïve. Nobody envisioned the way the Internet is used today – its popularity, the applications built on it and above all the multi-dimensions business it represents.

TCP/IP is simple. It has a simple packet structure, and has a definition for an application (or service) that can be easily detected by looking as a certain offset in the packet header (the TCP or UDP “port”). A registration process was created to ensure that every application (such as email or file transfer) will use a unique port (a “well-known port” – see PORT NUMBERS) . Indeed simple. As a result, the network elements (routers) used to build the Internet can process enormous amounts of data (or PPS - packets per second). They are not required to show any exceptional intelligence, and may concentrate on their main job - moving packets.

However, there is no way to ensure that everybody is fully conforming to the architecture as designed. There is no enforcement authority or embedded technology making sure that everybody uses the designated ports – and this loophole created the need to look deeper into the packet in order to identify the real application or the content communicated between the two sides.

Of course, when someone is hiding something, he probably has a good reason to do so. It may be illegal, abusing or taking advantage of someone else’s assets and investments. DPI was created to help owners of network and service providers to better control their network and resources.

The first vendors to use the term (just 3-4 years ago) created a solution that helps service providers and carriers understand and control traffic on their network. While DPI technology itself was only one of the components of the solution (used to identify applications by looking beyond the TCP port information) it gave the solution its name. It is very common now to see ISPs, fixed, mobile and cable operators publishing tenders for DPI. The other components of this kind of DPI solution include traffic policies enforcement, traffic shaping and throttling, reporting and more.

Why “this kind of DPI”?

Because there are many other solutions and technologies, all looking deeper into the packet. Many use the term DPI to describe their technology, creating some confusing in the market.

Some other examples for DPI are:

• Stopping illegal traffic, such as child abuse content or transfer of copyrighted material (for example using P2P – Peer to Peer – applications)
• Security solutions, stopping malware such as viruses, worms and Trojan horses
• User behavior monitoring, analyzing what subscribers are doing for marketing or targeted advertising

DPI is many things, not all are accepted well by the different players – the network operators, the ISPs, the content providers, the regulation authorities and of course the subscribers – being businesses or consumers of broadband services.