Tuesday, April 27, 2010
here and "Skype Rising Usage - Best Example for the Net Neutrality Fight" - here) may lead the reader to think that blocking Skype is possible - using DPI technology.
Just add a DPI element (standalone or integrated in some other device) and it will detect Skype (and other Over-The-Top VoIP traffic which compete with the carrier voice revenues) and will block it per the pre-defined policies. Some operators will block it for everybody, some will allow it for some subscribers (line the Orange France case) and block for others.
However, blocking Skype (even if the traffic is accurately detected) is not that easy! A recent VoIP-VoIP.org blog entry from Art Reisman, CTO of APconnections ("Blocking Skype Won’t be Easy" - here) explains "the special case of why blocking Skype traffic is a different animal".
The main issue is the continues fight - DPI vs. Skype. It is a never-ending engineering challenge. Once a reliable method for detecting and blocking Skype is discovered by DPI engineers - Skype engineers add a new way to bypass it. Since distributing a new client is an easy and quick process, detecting and blocking significant percent of Skype (90-95%), over a long period of time, is a huge challenge.