Basic technology
DPI technology, namely DPI (Deep Packet Inspection) deep packet inspection technology is a traffic detection and control technology based on the application layer. When IP data packets, TCP or When the UDP data flow passes through the bandwidth management system based on DPI technology, the system reorganizes the application layer information in the OSI seven-layer protocol by deeply reading the content of the IP packet payload, thereby obtaining the content of the entire application, and then according to the system definition The management policy performs traffic shaping operations.
The bandwidth management solution based on DPI technology is similar to the anti-virus software system we are familiar with in some aspects, that is, the application types it can identify must be known to the system, and the BT that is well-known to users is For example, the protocol signature of Handshake is ".BitTorrent Protocol"; in other words, the anti-virus system background must have a huge virus signature database, and the bandwidth management system based on DPI technology must also maintain an application signature database. When the traffic passes through When a new application appears, the background application feature database must also be updated to have the ability to identify and control new applications.
Important Applications
Deep Packet Inspection (DPI) is a technology that has been successful in traffic management, security and network analysis. At the same time, this technology can analyze network data packets. Performs content analysis, but is different from header or metadata-based packet inspection, which are typically performed by switches, firewalls, and intrusion detection systems/IPS devices. Common DPI solutions are capable of providing deep packet inspection for different applications. Header-only processing limits what can be seen from packet processing and is not able to detect content-based threats or differentiate between applications using different communication platforms. DPI can detect the content and payload of packets and extract content-level information such as malware, specific data and application types.
As network operators, Internet Service Providers (ISPs), and similar companies become increasingly dependent on the efficiency of their networks and the applications running on them, the complexity of managing bandwidth and controlling communications and The need for security is becoming increasingly important. DPI can exactly provide these requirements. User enterprises seeking better network management and compliance should regard DPI as an important technology.
DPI technology can first assemble data packets into network traffic. Data processing (including protocol classification) can then extract information from the traffic content. Both traffic reassembly and content extraction require a large amount of processing power, especially in high-traffic data streams. Successful DPI technology must be able to provide basic functions such as high-performance computing and flexible support for analytical tasks.
The DPI processing department must be able to provide scalability and performance consistent with the performance of the communication network. Deep content inspection requires more processing than just header inspection. Therefore, DPI often uses parallel processing structures to speed up computing tasks. DPI technology can ultimately provide users with information extracted from network traffic. The actual content processing may be very different from the extracted information. DPI technology behaves a bit like a platform, providing practical tools for content processing, but allows users to Decide what to process.
Separate network traffic
Many service providers now use DPI to classify traffic into low latency (voice), guaranteed latency (network traffic), and guaranteed delivery (application traffic) and best-effort delivery of applications (file sharing). Using this classification, they can better optimize resources based on mission-critical traffic, non-critical traffic and reduce network congestion. Because of cheap bandwidth, service providers can add value-added services to generate additional revenue, including security, peak usage management, content billing and targeted advertising. These require in-depth inspection of network traffic.
Manage network performance
Enterprises with large networks covering many geographic areas may be running completely different types of communications between their internal networks. In addition to controlling costs and bandwidth usage, security has always been a challenge, which requires an understanding of network application traffic. These enterprises have begun to see the benefits of DPI analysis. For example, network administrators can use DPI technology to control network performance. When network performance is low, limit certain application traffic, and then increase it when performance returns to normal. flow.
More and more network security functions now require payload-level knowledge, and data leakage prevention requires a deep understanding of what is actually being sent over the wire. The application layer firewall is responsible for the content of the payload, not the header content. Security service providers in cloud computing, such as anti-spam or web filtering services, must have real-time visibility into the content of multiple customer communications in order to quickly obtain information to defend against threats and attacks. This also requires content-level intelligence.
Traditionally, these security functions are provided by special-purpose technologies, which may include some DPI functions. For example, IPS has built-in DPI.
Securing web gateways also provides DPI analysis of web content, but each special-purpose technology invokes its own special purpose or incompatible software, making the network infrastructure inefficient. A packet may be inspected multiple times for multiple purposes. In addition, these technologies do not provide programmable interfaces, which means you cannot extract arbitrary information.
In addition to security issues, DPI also has a significant impact on cloud computing service providers. For cloud computing providers, service subscription and user management are a major challenge. Many vendors use home-grown or off-the-shelf technology to manage service subscriptions, which they find lacks scalability and does not provide sufficient information for complex management tasks. On the other hand, DPI can provide intelligence information about user traffic, application usage, content delivery and abnormal patterns. These service providers can also use programmable interfaces to collect other useful information, such as marketing intelligence and customer profiles.