Friday, December 31, 2010

In-Stat: Wi-Fi Hotspot Growth Continues to be Strong

A new report from In-Stat concludes that "While venue growth in Wi-Fi Hotspots has been and continues to be strong, usage growth has been phenomenal. AT&T reported a fivefold increase from 1Q09 to 1Q10.  Other operators have experienced similarly strong growth in usage.  In-Stat projects that worldwide annual hotspot connects are anticipated to grow to over 11 billion by 2014".

See "Wi-Fi Hotspot Sessions to Grow to Over 11 Billion by 2014" - here and "Worldwide Wi-Fi Hotspot Usage Soars, but is Model Sustainable?" - here.

"The hotspot market continues to experience strong growth in deployed venues and usage. As with the past several years, growth in the hotspot market is largely being driven by wireless and broadband providers embracing Wi-Fi as both a competitive differentiator and enhancement to core services."

"The total worldwide hotspot market size will swell to 319,200 venues by year-end .. Worldwide annual hotspot connects, or sessions, will reach over 2 billion by the end of 2010 with annual hotspot connects anticipated to grow to over 11 billion by 2014"

Amy Cravens, Market Analyst, In-Stat: “In the past, usage growth has largely been tied to venue growth, i.e. the more venues the more usage, and the rate of usage per venue was fairly constant. Going forward, however, usage growth will be driven by increases in connects per day at each venue. This is a result, at least in part, to a broadening base of Wi-Fi-enabled devices

Related posts: 
  • BT's Mobile-like service: Free, Unlimited Wi-Fi to its Broadband Customers - here
  • AT&T: Times Square needs a Wifi Boost to cope with 3G Traffic - here
  • Amtrak Blocks Video Streaming and Large Downloads, Filters Sites - here

Thursday, December 30, 2010

Yankee: CSPs Need Proactive Subscriber Intelligence

A new research by Sheryl Kingstone from the Yankee Group concludes that "CSPs must proactively identify subscriber issues, usage and behavior to reduce churn, increase revenue opportunities and drive improved customer experience and loyalty. While there is no one-size-fits-all approach, we provide an overview of new strategies and technologies designed to help CSPs meet the challenge".

See "CSPs Need Proactive Subscriber Intelligence to Improve the Customer Experience" - here.

"Virtually all CSPs realize they need to better manage the subscriber experience today, especially as more connected devices get into the hands of mainstream consumers. Without critical insight into subscriber experience, CSPs face an unsustainable combination of increasing operational network costs, escalating customer support costs and unacceptably high customer churn. As new, complex IP-based services emerge, CSPs must use network information to not only ensure a consistent customer experience, but also generate new insight, innovative services—and revenue .. CSPs can generate a deeper understanding of subscriber needs through the use of device performance and network usage data enriched with demographic and other subscriber-specific data gathered from Web, CRM, billing and other systems"

See also - "Yankee: "Operators need to develop the right price/package mix" - here.

China: Foreign VoIP Services are Illegal (affecting 450M users)

People's Daily Online reports that "The Chinese regulator has declared Internet phone services other than those provided by China Telecom and China Unicom as illegal, which is expected to make services like Skype unavailable in the country".

See "VoIP decision means Skype now illegal" - here.

"The Ministry of Industry and Information Technology said all VoIP (voice over Internet protocol) phone services are illegal on the Chinese mainland, except those provided by telecommunications carriers China Telecom and China Uniom. The ministry gave no timetable on when the ruling takes effect .. The decision is expected to make Skype, UUCall and other similar services unavailable in China"

In related news, a recent report (here) states that "The number of Chinese netizens had risen to 450 million by the end of November, up 20.3 percent year on year, Wang Chen (picture), head of China's State Council Information Office, said Thursday..Wang said China hopes to work with other countries to safeguard online security and boost Internet development and supervision"

See - "Is it Possible to Block Skype with DPI? " - here.

Wednesday, December 29, 2010

[Update 29: Callis Service Manager] PCRF - DPI Compatibility Matrix

Callis Technologies, a vendor of PCRF products was added to the PCRF-PCRF table. Callis “provides solutions for the global carriers market, with commercial focus primarily in Latin America”.

The company’s product - Callis Service Manager is "an advanced Policy and Charging solution, able to manage both Wireless and Wireline networks, including functions such as PCRF, SPR, AF, OCS, PS, AM, RKS

Amongst other services, Callis SM provides:
  • Web Portal for advanced Subscriber Self Care.
  • Prepaid and Postpaid services (time, volume and/or application constrained)
  • Easy administration of promotional plans
  • Bandwidth on Demand (Turbo Button)
  • Parental control
  • Personalized subscriber´s statistics  

The company indicates compatibility with Cisco's DPI product - the SCE (in the Callis Traffic Congestion Manager product).

Tuesday, December 28, 2010

How to Build DPI Products? (Part VII - Regular Expression Matching-3)

Yet another paper on regular expression optimization (see previous post - here and here) - this time by Yi-Hua E. Yang, Hoang Le and Viktor K. Prasanna (picture)- all from Ming Hsieh Dept. of Electrical Eng, University of Southern California.

See "High Performance Dictionary-Based String Matching for Deep Packet Inspection String Matching for Deep Packet Inspection" - here.


Dictionary-Based String Matching (DBSM) is used in network Deep Packet Inspection (DPI) applications virus scanning [1] and network intrusion detection [2]. We propose the Pipelined Affix Search with Tail Acceleration (PASTA) architecture for solving DBSM with guaranteed worst-case performance.

Our PASTA architecture is composed of a Pipelined Affix Search Relay (PASR) followed by a Tail Acceleration Finite Automaton (TAFA). PASR consists of one or more pipelined Binary Search Tree (pBST) modules arranged in a linear array. TAFA is constructed with the Aho-Corasick goto and failure functions [3] in a compact multi-path and multi-stride tree structure. Both PASR and TAFA achieve good memory efficiency of 1.2 and 2 B/ch (bytes per character) respectively and are pipelined to achieve a high clock rate of 200 MHz on FPGAs.

Because PASTA does not depend on the effectiveness of any hash function or the property of the input stream, its performance is guaranteed in the worst case. Our prototype implementation of PASTA on an FPGA with 10 Mb on-chip block RAM achieves 3.2 Gbps matching throughput against a dictionary of over 700K characters.

This level of performance surpasses the requirements of next-generation security gateways for deep packet inspection.

Monday, December 27, 2010

Ad Insertion - Recent Ruling Concerning NebuAd Technology

Last week, the District Court in Montana, ruled (here) in the case of in Mortensen v. Bresnan Communication, concerning a class action suit against Bresnan for inserting personalized ads, using equipment from the late NebuAd.

See analysis of the ruling by Jonathan Klinger - "NebuAd, The Public Interest and Enforceable Agreements" - here and Eric Goldman (picture) - "Deep Packet Inspection (NebuAd) Litigation: Court Dismisses ECPA Claim but CFAA Claim Continues" - here.

To summarize (from Jonathan's post): "..the ISP raised a claim that its users are subject to an agreement that allowed it to inspect their traffic, and therefore the Electronic Communication Privacy Act claim (ECPA) should be denied. The court accepted most of the ISP’s claims and ruled that apart from the question of whether injecting the cookie was consensual, the remainder of the lawsuit should be denied".

Behavioral advertizing gets some attention recently, and we may experience a comeback, assuming that the business model will still show an opportunity even if done on an "opt-in" basis.

See also:
  • [WSJ] Carrier Ad-Insertion Returns! - here
  • Sandvine Spins-off Simplicita as Xerocole - here
  • Japan - ISPs May Use DPI for Behavioral Advertising - here

Sunday, December 26, 2010

Copyright Infringements: New Technology Identifies Pirated Video

"Dr. Alex Bronstein of Tel Aviv University's Department of Electrical Engineering has a new way to stop video pirates. With his twin brother Michael and Israeli researcher Prof. Ron Kimmel, he has developed the ultimate solution: treating video footage like DNA".

See the story from Science Daily "Catching Video Pirates: Invisible DNA-Like Fingerprint on Video Assist Law Enforcement" - here.

I covered some commercial products in the past - for music (audio) files (see "Ofcom: ISPs Need to Reduce Online Copyright Infringement - How?"- here). While the new technology is still an academic research and needs to be commercialized - it will handle video - where the money is now. 

May work nicely with DPI products and identify unlawful sharing, download or upload (of the original or altered video), if someone wishes and able to finance that.

"The technology employs an invisible sequence and series of grids applied over the film, turning the footage into a series of numbers. The tool can then scan the content of Web sites where pirated films are believed to be offered, pinpointing subsequent mutations of the original .. When scenes are altered, colors changed, or film is bootlegged on a camera at the movie theatre, the film can be tracked and traced on the Internet, explains Dr. Bronstein. And, like the films, video thieves can be tracked and caught"

Blog News: DPI Product List

A new page was added to the permanent tab link - DPI Products.

Currently, the table provides basic information on the major DPI products, offering traffic management features. The highest-end product of each vendor is presented.

Vendors covered: Cisco, Allot, Sandvine, Arbor (Ellacoya), Procera, Alcatel-Lucent and Ericsson.

Friday, December 24, 2010

Seasons Greetings (and Fun)

Wishing all my loyal readers, followers of the booming Traffic Management, DPI and Policy Control markets - Happy Holidays and a great New Year!

The FCC has cleared the way for traffic management, mobile traffic is booming, operators look for Value-added and Personalized Services - all indicate that 2011 will be a good year for the industry!

So - "Let’s try it on Orange!"   (or, if you prefer the DPI song - here)

UK Government Wants "Opt Out" Parental Control

Follow-up on a previous post (here) - Caroline Davies from UK's Guardian reports that Ed Vaizey, the communications minister is going "to meet internet providers, including BT, Virgin Media and TalkTalk, "in the near future" to discuss changing the way pornography enters private homes".

See "Broadband firms urged to block sex websites to protect children" - here.

The new idea will be that "broadband providers should consider automatically blocking sex sites, with individuals being required to opt in to receive them, rather than opt out and use the available computer parental controls."

"Virgin Media said that it had already implemented the technology on its mobile service, but said that parents can control what their children see at home and online. A BT spokesman said they had a "clean feed" system to stop access to illegal sites."

BT''s response refers to a different requirement, which UK ISPs decided to implement on a "self-regulation" basis - blocking  web sites presenting illegal content, such as child pornography to all subscribers (known as "blacklist" and monitored by organizations like the IWF - Internet Watch Foundation).

 "Andrew Heaney, TalkTalk's executive director of strategy and regulation, told the newspaper: "Our objective was not to do what the politicians want us but to do what is right for our customers. If other companies aren't going to do it of their own volition, then maybe they should be leant on." [see DPI Deployment (15) : TalkTalk Uses Huawei to Detect Malware (or Parental Control?) - here

There is a big difference between the blacklist and a full paternal control service - including the size of the URL database, its update rate, and the need for subscriber awareness, policy-based control and service portal when implementing paternal control.

Related links:

Infonetics Research: Policy Management is not only Bandwidth Control - here
Kosher Mobile Internet - Cellcom Israel Offers Web Filtering - here

Thursday, December 23, 2010

AT&T Develops Mobile Security

"AT&T has hired 13 Ph.Ds in the last six months to open a new lab in New York City focused on mobile security. The researchers are working on technology that detects and blocks worms, viruses and other malicious software from reaching mobile devices" - report the Wall Street Journal.

See "Fortifying Phones From Attackers" - here.

"Everyone is realizing that this is an uncontrolled environment," said Edward G. Amoroso, chief security officer of AT&T Inc. "We don't want to have the same problems that we had with PCs."
The story mentions also some security s/w developers (such as Lookout, working with Verizon and MobileIron), but by the above description it seems that AT&T research is for a network service, rather than a handset application.

Security for mobile services gain more attention recently and some of the DPI vendors are already providing network solution similar to the above mentioned AT&T research, usually based on anomaly behavior detection algorithms.

See some background and DPI offering- "Yankee Group Prediction: A Denial-of-Service Attack Will Take a 4G Network Down" - here.

DPI and Policy Management Vendors Are OK with New Net Neutrality

Some DPI and Policy Management vendors have already published their views on the new opportunities resulting from the recent adoption of Net Neutrality by the FCC (see my recent post "Net Neutrality Approval Reopens US Market for DPI and Policy Management" - here).

Openet's VP marketing, Michael Manzo, says in the company’s blog " One business model that Openet promotes is that the over-the-top providers share revenue with operators in order to have traffic prioritized and bandwidth shaped in order to guarantee high quality delivery.  Openet isn’t of the opinion that the ONLY option is for consumers to pay extra fees.  We simply believe that operators aren’t receiving a fair portion of the revenue in the value chain for their value within it."

See "What’s not being said in the Net Neutrality/Technology Debate" - here. See also "Allot - Openet: Monetizing and Controlling OTT Applications Use Cases" - here (and chart). 

Procera Networks' CEO, James Brear, says "Although the ruling might not deliver what either side of the debate was hoping for, it does support continued investment in network infrastructure by providing opportunities for innovative service offerings while preventing providers from blocking lawful over-the-top services. It leaves providers with room to offer service plans that are designed explicitly for over-the-top video services (e.g., a different usage plan for video services that is separate from regular data services) that enable high-volume video consumers to continue to enjoy the abundance of video available over the Internet. This ruling is positive for Procera by allowing our installed base of customers and new customers to take advantage of our industry-leading policy enforcement technology to create innovative service offerings that provide an opportunity for a return on continued investment in broadband network infrastructure."

See "FCC Net Neutrality Legislation Impact on Procera" - here.

Wednesday, December 22, 2010

French Government: Google and Foreign OTTs to Pay for Networks Usage

The French minister of Industry, Eric Besson, said yesterday that the French Government has established a working group to see if large Internet content providers, such as Google, Facebook, YouTube and EBay should be taxed to help financing the network infrastructure in France.

See "21 décembre 2010 - Intervention d'Eric Besson - Price Minister" - here (French).

These foreign companies do not pay taxes in France, but take significant portion of the local e-commerce and advertising markets as well as available bandwidth:

"..Or certains services, comme Google ou Facebook, occupent une place sans cesse croissante sur ces réseaux, sans contribuer d''aucune manière à leur financement. Ces sociétés sont basées dans des pays étrangers, ne paient aucun impôt en France, et occupent dans le même temps des positions très dominantes sur le marché Français. Cette situation est inédite. Google capte par exemple plus de 90 % du marché français de la publicité sur les moteurs de recherche, sans payer aucun impôt en France ni rémunérer aucun opérateur de réseaux. Sa filiale YouTube peut occuper plus de la moitié de la bande passante de certains réseaux, sans contribuer d''aucune manière au déploiement et à l''entretien de ces réseaux."

Similar statements have been made by the CEOs of leading European carriers - Telefonica (here) and Deutsche Telekom (here)

Net Neutrality Approval Reopens US Market for DPI and Policy Management

The FCC approved yesterday the Net Neutrality guidelines, based on the recent proposal by Chairman Genachowski.

The approved guidelines are in fact a compromised (proposed originally by Google and Verizon - here) compared to the initial FCC proposal (the guidelines are covered - here).

"The rules require all broadband providers to publicly disclose network management practices, restrict broadband providers from blocking Internet content and applications, and bar fixed broadband providers from engaging in unreasonable discrimination in transmitting lawful network traffic.  The rules ensure much-needed transparency and continued Internet openness, while making clear that broadband providers can effectively manage their networks and respond to market demands" 

See the FCC formal announcement - "FCC Acts to Preserve Internet Freedom and Openness" - here.

For DPI and policy management vendors, the approval is very significant, especially for their activity in the US (which will probably affect the EU and other major market considering Net Neutrality):
  1. After years of uncertainty, a decision has been made. Carriers and ISPs that were waiting for the FCC to decide, delaying DPI investments may now re-launch traffic management projects.
  2. The new guidelines do not bar the wireless carriers, the most lucrative market for DPI and policy management vertical market today, from "engaging in unreasonable discrimination".
  3. Wireline carriers, allowed to “effectively manage their networks and respond to market demands” (known also as "reasonable network management"' -see definition below), will need to use smart network management tools in order to improve QoE to subscribers, reduce congestion, secure the network and offer security services, parental controls and similar needs.
In short - I see this decision, which may be seen as a threat to the DPI industry, as a great opportunity for the DPI market to grow!

Reasonable network management.  A network management practice is reasonable if it is appropriate and tailored to achieving a legitimate network management purpose, taking into account the particular network architecture and technology of the broadband Internet access service. Legitimate network management purposes include: ensuring network security and integrity, including by addressing traffic that is harmful to the network; addressing traffic that is unwanted by users (including by premise operators), such as by providing services or capabilities consistent with a user’s choices regarding parental controls or security capabilities; and by reducing or mitigating the effects of congestion on the network.

Tuesday, December 21, 2010

NSN CEO: "DPI tools help manage networks effectively"

Lightreading reports on Nokia Siemens Networks CEO, Rajeev Suri, speech during his US trip last week.

Regarding DPI, Mr. Suri is "in favor of the deployment of deep packet inspection (DPI) tools to help manage networks effectively and ensure end-users get the best possible experience.

"With traffic increasing massively on networks everywhere, these kinds of tools are really no longer optional"

See "NSN CEO Talks Up US Push in 2011" - here.

See also: "NSN CEO: “Finding ways to support the 10,000% increase in smartphone generated data traffic by 2015 is vital for operators worldwide” - here and reviews of NSN's DPI offering - GGSN (here) and PCRF (here)

Plusnet: Troubles with Traffic Management System

2 days ago I mentioned Plusnet's (UK) traffic management policies, providing advanced application-based tiering (here) - and today I saw that the operator has experienced some issues with the DPI system used to implement it (from Ellacoya-Arbor Networks - see "U.K. Provider PlusNet Addresses Network Management With Tiered Services and Transparency" - here)

Bob Pullen, from Plusnet's Customer Support, writes to his customers about "..the problems we've been experiencing with our traffic management platform. Because of these problems, your Internet connection may not have been performing as well as you would normally expect."

See here. Needless to say (and may be irrelevant to Plusnet’s unfortunate problem), that like all critical network components, DPI and their management systems (policy servers, for example) need to have a well-thought redundancy design. One example (rather basic with partial redundancy) is shown in the following chart:

"Our network engineers have managed to partially restore service, and the traffic management platform is now processing requests again. Customers should be aware that there are certain cases where we will have to manually fix accounts. This particularly applies to customers who changed account type today or have recently entered/exited failed billing. We will be looking to fix these accounts tomorrow where necessary. We still need to swap out some hardware and restore resiliency to the platform so we're not completely out of the water yet."

Monday, December 20, 2010

SFR Deploys NSN Cell_PCH Optimization Technology

Nokia Siemens Networks announced today it "has already provided Radio Network Controllers along with Cell_PCH technology that helps conserve smartphone battery life by handling signaling traffic more intelligently and decreasing signaling load on the network" to SFR, the 2nd largest mobile operator in France with over 20M mobile customers.

See "Nokia Siemens Networks upgrades SFR 3G network, showcases double-speed mobile broadband" - here.

See "NSN: New iPhone OS Saves Network Resources" - here for more details on the technology and its importance to mobile operators.

Vendor Review: Traffix' Diameter Router

Last week I spoke to Ben Volkow (picture), CEO of Traffix Systems, about their latest technology and product - the Diameter Router Agent.

The company, established 5 years ago, developed enabling technology - Diameter Protocol Stack (here) to major networking equipment vendors (see "Traffix Diameter Platform is integrated with Allot Communications’ Online Charging and Policy Control" - here) and later started to introduce its own products, including the Diameter Gateway, router and load balancer.

The Diameter Router (here, chart below) helps deploying complex PCRF-PCEF configurations, in which multiple PCRFs need to communicate with multiple PCEFsin an efficient, secured and reliable manner. While this entity is defined by the 3GPP standards, such products became available recently and field deployments are just starting. 

Competitors are Tekelec, who announced the Diameter Signaling Router on October (here) and IntelliNet Technologies' Diameter Agent (here).

Sunday, December 19, 2010

Yankee: "Operators need to develop the right price/package mix"

A new research by Gordon Mack, Research Associate, Yankee Group focus on the recent tiered services trend: "Operators around the globe are embracing tiered pricing plans for data device and smartphone users. The plans show a wide range of price points and market strategies, but are not without pitfalls. Poorly constructed plans can easily cost operators revenue."

See "Global Adoption of Tiered Data Highlights Pros and Cons" - here.

" ..tiered pricing presents operators with a dilemma. While tiered plans can both help operators gain subscribers and increase revenue, they also have several pitfalls that if not avoided can thwart both objectives. For example, if plans aren’t designed and marketed properly, bill shock and overage fees may end up leading to churn and hurting operator bottom lines. Operators adopting tiered pricing need to develop the right price/package mix to fit both their network and strategic goals. Those that avoid competing solely on price and get creative in building their tiers will see the most success".

Note that in most cases, the tiers in tiered services are volume-based only (here). However, a more advanced approach would be to add additional value to the tiers, such as guaranteed QoS - mainly for video or VoIP services. See the suggestion of Allot and Openet (here), TeliaSonera's Value-based Pricing (here), ideas from Everything Everywhere (here) or even the complex plan offered by Plusnet, a UK-based Broadband provider (here - see chart below - how the different service plans are mapped to traffic priorities)

Saturday, December 18, 2010

How to Build DPI Products? (Part VI - Regular Expression Matching-2)

Yet another paper on regular expression optimization (see previous post - here) - this time by 4 staff members from the Computer Sciences department of the University of Wisconsin-Madison, USA: Randy Smith (picture below), Cristian Estan, Somesh Jha and Shijin Kong.

See "Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata Inspection with Extended Finite Automata" - here.

Deep packet inspection is playing an increasingly important role in the design of novel network services. Regular expressions are the language of choice for writing signatures, but standard DFA or NFA representations are unsuitable for high-speed environments, requiring too much memory, too much time, or too much per-flow state. DFAs are fast and can be readily combined, but doing so often leads to statespace explosion. NFAs, while small, require large per-flow state and are slow. We propose a solution that simultaneously addresses all these problems. We start with a first-principles characterization of state-space explosion and give conditions that eliminate it when satisfied. We show how auxiliary variables can be used to transform automata so that they satisfy these conditions, which we codify in a formal model that augments DFAs with auxiliary variables and simple instructions for manipulating them. Building on this model, we present techniques, inspired by principles used in compiler optimization, that systematically reduce runtime and per-flow state. In our experiments, signature sets from Snort and Cisco Systems achieve state-space reductions of over four orders of magnitude, per-flow state reductions of up to a factor of six, and runtimes that approach DFAs.

Friday, December 17, 2010

Tuesday: FCC to Vote on Net Neutrality

The Federal Communications Commission will hold an "open meeting" on Tuesday, December 21st, in which it will "consider a Report and Order adopting basic rules of the road to preserve the open Internet as a platform for innovation, investment, competition, and free expression" -

Invitation - here.

"Audio/Video coverage of the meeting will be broadcast live with open captioning over the Internet from the FCC Live web page at"

Background: "FCC: Updates to Net Neutrality Guidelines" - here and "FCC: Usage-Based Pricing is Important" - here.  

otherwise known as Net Neutrality.

[Update 29: More Details on NSN PCS-5000] PCRF - DPI Compatibility Matrix

Similarly to the difficulties in obtaining information on Nokia Siemens Networks' Flexi-NG (see story here), their PCRF product is also not documented on the company's web site.

However, I was able to get some information on the product - directly from NSN and with the help of Ray Le Maistre, from LightReading.

The chart below summarizes the features of the PCS-5000 product. As for its DPI support, NSN says:

"The PCS-5000 is fully integrated with Nokia Siemens Networks Flexi GGSN [here] .. It has also been successfully integrated with 3rd party GGSN, Deep Packet Inspection (DPI) and BRAS products, and operators existing back-end systems ... PCS-5000-based policy control solution allows the operator to apply fair use policies which restore the control of network resources to the operator and enable them to manage those resources more efficiently .. The PCS-5000 provides dynamic and service/application-based Policy Control which allows operators to optimize the service experience".

My PCRF-DPI compatibility table (accessible from the link above the post) already reflects the DPI vendors which are supported. NSN also stated that "PCS5000 Policy server can interoperate with any vendors DPI via Gx-interface (both fixed and mobile environment)".

Thursday, December 16, 2010

Allot - Openet: Monetizing and Controlling OTT Applications Use Cases

DPI and Policy management vendors continue to educate carriers on how they can make money. I already presented some use cases from Bridgewater- here and Comptel - here. Now, following their joint announcement (here), Allot and Openet held a webinar "Managing the unmanageable: monetizing and controlling OTT applications" -  showing their own ideas - some of which are very intriguing.

The presentation may be accessed through here.

Some interesting use cases:

1- Monetize OTT applications - building on the value to the subscriber, allowing the carrier to share the revenue from using popular applications (and hopefully providing better QoS ..)

2- Special passes - Bandwidth boost, promotion, use of OTT applications

Vendor Review: NSN Flexi-NG's DPI support

During MWC 2009, in a visit to the NSN booth, I saw their new GGSN product (see announcement - here) - an ATCA based product, promising a number of new, advanced features.

Since then I saw a number of press releases announcing deployments of the new product - Flexi-NG (picture) - such as MegaFon, Russia - here, Telefonica O2, Germany - here and Agri-Valley Communications - here, but still could not find any real documentation in NSN's web site (other than a presentation in the Japanese site - here).

Recently, I contacted NSN, and got a document providing some information on NSN's Flexi-NG.

Here are some quotes on its DPI support:

"By integrating DPI (Deep Packet Inspection) into the gateway, Nokia Siemens Networks does not just provide a high capacity element – it is setting the foundation for Mobile Broadband with a solution that is extremely powerful and highly scalable at the same time. Deep Packet Inspection (DPI) is supported for L7+ analysis in own processor on dedicated Service Aware Blades (same hardware as Service Blade, without external interfaces, and with different software only). These flow classification methods include port and signature based methods. Generic signature methods can be used to differentiate mobile access to Internet and operator/partner services (e.g. MMS, e-mail, streaming). L7+ analysis includes heuristic analysis that is typically applied to track proprietary protocols like peer to peer applications and services. With service awareness and DPI capabilities Flexi NG is capable of differentiating service treatment within the same Access Point, for example the Internet access point. The operator may for example control the access to selected services and apply flow based charging to differentiate the tariffs for different services. Service Awareness and DPI also provide valuable information for service and network planning. DPI can detect the majority of user traffic and protocols used in the Internet today (e.g. peer-to-peer communication). More than 600 protocols can be identified currently. Dynamic changes in applications and Internet protocols may require updates of DPI functionality, which can simply be enhanced by software independent of actual the Flexi NG software. End user connections are kept alive also during updates of DPI engine by help of ISSU (in-service software upgrade"

"With DPI and service aware policy enforcement the operator is able to make on-line changes to the traffic treatment policies. An example for data services is limiting excess usage by bandwidth limiting or even blocking certain bearers or services. For voice and multimedia services service aware policy enforcement can be applied to enforce real-time Quality of Service (QoS) and to ensure enough capacity on the transmission path. Dynamic QoS optimizes the use of network resources as real-time QoS can be allocated and capacity reservations can be made for preferred real-time services."

Wednesday, December 15, 2010

Everything Everywhere (UK) Likes Application-based Tiered Services

Which?Mobile reports that "During a meeting earlier today between Everything Everywhere representatives and Which? Mobile, the telco mooted the idea of a broadband market where your internet package dictates what types of content you can access. This, it felt, had the potential to allow more flexible tariff pricing."

Everything Everywhere is the parent company of the merged operation of T-Mobile and Orange in the UK. It has now 28M subscribers and 16,000 employees.

See "Would you pay your operator extra to access YouTube?"- here.
" if you’re not interested in watching online video such as the BBC iPlayer, then you could move to a cheaper tariff .. Those who want free access to all content types could pay more for a deal with no restrictions .. Everything Everywhere was careful to stress that it’s not currently considering adopting these kinds of tariffs. But it said it does not want industry regulators to restrict such a strategy in the interest of net neutrality"

Which?’s Net Neutrality policy expert Rob Reid  said "Allowing ISPs to develop tariffs with restricted access to the web could open the door to discrimination and harm innovation"

Tuesday, December 14, 2010

Bridgewater: Use Cases for Policy Control

A recent post to Bridgewater Systems' blog - "Mobile Get Personal" - presents a number of use-cases for policy management.

See "A Day in the Life: How subscriber, service, and policy controls improve the consumer experience" - here.

The cases are presented by visiting "a ‘Day in the Life’ of a typical mobile user whose network operator has implemented subscriber, service, and policy control technology".

The illustration below tells the whole story .. "To summarize, then, our consumer can access the network and securely shift to Wi-Fi when necessary. He can also track his mobile usage when roaming by setting limits and notifications. The policy application on his device even enables him to receive special offers such as a roaming day pass or top-up. The biggest advantage to him today, however, was his ability to decide which of his apps had bandwidth priority – specifically, ensuring that his customer visit was unhampered by bandwidth issues. The moral of the story is that subscriber, service, and policy control technology benefits the consumer as much as the operator; everyone wins"

Other posts on Policy management use cases - Vodafone (here), Telefonica (here), AT&T (here), Comptel (here), Allot (here)

Monday, December 13, 2010

Vendor Review: DiViNetworks' Bytestream Caching

Last week I met the management team of DiViNetworks - the Founder and CEO - Barak Avitbul and Dr. Yair Shapira - VP Marketing, Sales & Business Development. 

DiViNetworks, founded on 2004, is focusing on optimization solutions for broadband service providers, on a number of levels.

DiViNetworks developed a unique caching technology. Unlike other caching solutions (see "Video Caching Market Finally Growing" - here), DiViNetworks' solution is agnostic to the type of application and searches for repetitive patterns (500 bytes long rather than complete objects or files), on any traffic (HTTP, P2P, Video etc). These patterns are cached, indexed by a short key which will be later used instead of transmitting the whole pattern.

As such, while the solution still needs to be implemented on both sides of the link (unlike video optimization and DPI/traffic shaping solutions), it does not require large storage arrays (like other caching solutions) and may be embedded in smaller devices, including access elements and even home gateways. It can also be implemented in conjunction with DPI devices, that will be used to re-direct relevant traffic for the encoding/decoding process.

In addition, it may also save bandwidth on uplinks, which are sometime even more congested resources. According to the company’s experience, their "Bytestream caching" technology can save up to 50% of all traffic, vs. 5-8% saved by other caching solutions, while it needs only a 3U unit to handle a 10Gbps link at wire-speed.
DiViNetworks implemented the technology in a number of products, the newest (and I believe the most interesting one) is DiViAccess, to be used in cellular RAN, DOCSIS and satellite access networks.

The client side will be integrated into home gateways, VSATs or integrated with wireless connection managers, and can easily be ported to support further CPE.

Among DiViNetworks' current customers is Bezeq International (see "My ISP Endorses Quota Policy" - here), the largest ISP in Israel. Bezeq is using DiViNetworks' system since 2008, continuously demonstrating 40% bandwidth expansion, on top of their legacy caching solutions for their Internet Exchange connections in London and Frankfurt over (the only one so far) expensive submarine link from Israel.
The company says it is about to announce a number of partners that will implement the technology in the above and other network elements, as well as marketing alliances.

Mobixell Raised $10M - Expects Sales of $40M in 2011

TheMarker reports today (here, Hebrew) that Mobixell (see recent posts - here, here and here) completed a $10M funding round from existing investors.

Amir Aharoni, Mobixell's CEO (picture) told Themarker's reporter Guy Grimland: "We grew from a small startup to a medium-size company with sales of $30M a year, following the acquisition of 724 solutions [here] .. we sell mainly in central Europe and some in India, China, Indonesia, Russia and East Europe .. our goal is to reach revenues of $40M in 2011 and $50-60M in 2012".

Sunday, December 12, 2010

Infiniti Research: DPI Market for ISPs will reach $1073M in 2015

Following its DPI market forecast for the goverenment sector (here), Infiniti Research issued a new report forecasting the more common DPI market - for ISPs. The report covers the key vendors - Sandvine, Procera Networks, Allot Communications, Cisco and Arbor Networks

The report is available from the ReportLinker site - see "Deep Packet Inspection Market for ISPs 2010-2015" - here. Infinity forecasts that "the market (vendors providing DPI to service providers) will reach $1073.2M in 2015".

Compare to Infonetics ($1.5B/2014 - here), Bharatbook ($1.6B/2015 - here) and ABI Research ($1.3B/2015 - here).

"Key Market trends include:
• High bandwidth consuming applications, slowing down traffic and driving the internet to saturation point
• Price wars among ISPs are taking toll on the revenue earned per bit
• Increasing mobile penetration and 3G popularity pushing mobile broadband internet to new heights
• Cyber threats growing both in terms of number of attacks and effectiveness
• Increasing lawfully required surveillance and assistance for law enforcement and national security"

Saturday, December 11, 2010

How to Build DPI Products? (Part V - Regular Expression Matching)

Continuing my "How to Build a DPI product?" series (see previous parts - I, II, III, IV) this time a paper by Fang Yu, UC Berkeley;  Zhifeng Chen Google Inc.; Yanlei Diao University of Massachusetts, Amherst (picture); T. V. Lakshman Bell Laboratories and Randy H. Katz, UC Berkeley.

See "Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Matching for Deep Packet Inspection" - here.


Packet content scanning at high speed has become extremely important due to its applications in network security, network monitoring, HTTP load balancing, etc. In content scanning, the packet payload is compared against a set of patterns specified as regular expressions.

In this paper, we first show that memory requirements using traditional methods are prohibitively high for many patterns used in packet scanning applications. We then propose regular expression rewrite techniques that can effectively reduce memory usage. Further, we develop a grouping scheme that can strategically compile a set of regular expressions into several engines, resulting in remarkable improvement of regular expression matching speed without much increase in memory usage.

We implement a new DFA-based packet scanner using the above techniques. Our experimental results using real-world traffic and patterns show that our implementation achieves a factor of 12 to 42 performance improvement over a commonly used DFAbased scanner. Compared to the state-of-art NFA-based implementation, our DFA-based packet scanner achieves 50 to 700 times speedup.