Deep packet inspection (DPI) has become indispensable in delivering real-time visibility into today’s IP networks. The rapid growth in traffic has pushed DPI’s widespread adoption and has become an impetus for vendors to unleash the latest technologies, leading to a market that brims with solution choices. As DPI customers weigh in every solution to find one that best meets their needs, the two key factors that they should focus on are cost and performance.
The costs of DPI software are calculated using Total Cost of Ownership (TCO), which involves tallying all expenses – initial acquisition, deployment, maintenance, support and scalability – over the entire expected lifespan of the DPI solution. It may sound arduous but it ensures that your choice aligns with your operational needs and financial capabilities in the long run, as network traffic grows and software/hardware costs rise. It also helps evaluating hidden costs and choosing the most suitable usage models.
DPI performance refers to its speed and capacity, as well as its impact on network latency. Measuring DPI performance involves several key metrics such as throughput, latency, resource utilization, accuracy, and scalability. It helps you pick a high-performant DPI, crucial for today’s networks, where even a millisecond delay can disrupt user experience and cause reputational losses.
Selecting the right DPI solution can be tricky
Different DPI solutions have different cost and performance implications. Open-source DPI and self-built options offer flexibility and lower initial costs, but they require extensive technical expertise and resources for development and ongoing maintenance. Commercial DPI solutions, backed by industry specialists, on the other hand, offer advanced capabilities and reduced operational overheads. Popular examples are ipoque’s renowned OEM DPI engine R&S®PACE 2 and OEM VPP DPI engine R&S®vPACE.
Both R&S®PACE 2 and R&S®vPACE are highly optimized for the varying cost and performance needs of modern networks. Both DPI engines are developed and perfected by ipoque expert teams through years of research and experience. Regardless of the type of end solution, networking and cybersecurity vendors deploying optimized DPI software from ipoque benefit from a flexible and scalable technology that delivers the following:
Cutting the clutter
First off, both DPI engines from ipoque are lean and lightweight, leading to minimal overheads. R&S®PACE 2 is designed for high performance and scalability, boasting more than 14 Gbps throughput per core, while R&S®vPACE caters to cloud environments, using vector packet processing (VPP) for up to three times higher performance. High processing capacity means fewer tools for traffic awareness and hence lower initial investments, maintenance, integrations and faster processing for networking and cybersecurity solution providers. Similarly, the signature library of ipoque, which is updated weekly, provides a single point of intelligence for all traffic types, reducing the need for multiple references. The signature library covers thousands of protocols, applications and services, from communication apps such as Zoom and Teams to metaverse platforms such as Roblox, VPNs such as NordVPN or CyberGhost, and AR apps such as Pokémon GO or SnapChat.
The rise of encrypted traffic has led to vendors resorting to various tools and techniques including SSL/TLS decryption, flow analysis and behavioral analysis and heuristics. Next-gen DPI software from ipoque cuts these complexities by providing encrypted traffic intelligence (ETI). ETI leverages advanced machine learning (ML) and deep learning (DL) algorithms, high dimensional data analysis and advanced caching to restore visibility into encrypted, obfuscated and anonymized traffic. This greatly enhances packet brokers, IP probes, NGFW and IPS/IDS solutions relying on DPI insights to process and analyze traffic flows.
In some DPI use cases, for example SD-WAN and SASE, instantaneous detection of network traffic is crucial. ipoque enables first packet classification (FPC) allowing vendors to identify an application from the first packet of a flow, which in turn, powers real-time traffic steering and policy enforcement. ipoque DPI engines additionally come with an IPFIX exporter that generates Netflow/IPFIX flow records for detected traffic. Technical capabilities such as encrypted traffic intelligence, first packet classification and the IPFIX exporter reduce multi-vendor dependencies and drive cost savings, apart from simplifying deployments and speeding up performance.
Custom outputs for targeted results
With many years of experience and profound technical expertise, next-gen DPI software from ipoque offers deep customization capabilities that align perfectly to industry needs. This saves costs and boosts performance. For instance, networking solutions, such as those focused on traffic prioritization or QoS, require visibility into network performance metrics such as latency, bandwidth utilization, packet loss, and routing information. In contrast, analytics solutions such as probes, content filtering systems and application performance monitoring tools, need deeper, application-specific data to detect patterns, trends and anomalies. Both ipoque DPI engines boast a configurable event system that allows you to customize information output based on specific use cases, creating an optimal analytics engine while improving performance.
Tailored for different architectures and industries
ipoque DPI software can be aligned to any architecture, whether it is legacy, VM-based, cloud-native, distributed or as-a-Service. For instance, the VPP DPI engine R&S®vPACE leverages vector-based processing and prefetching for faster packet I/O. This supports high-performance packet processing, making R&S®vPACE suitable for VNFs and CNFs, such as 5G UPFs. Conversely, R&S®PACE 2 uses scalar packet processing which can be tailored to work effectively with dedicated hardware configurations, allowing for enhanced performance and customization for solutions hosted on-premises.
R&S®PACE 2 and R&S®vPACE can also be customized to focus on protocols, applications and services specific to an industry. For example, in IIoT/OT networks, they can classify ICS and SCADA protocols, and detect anomalies that relate to machine-to-machine communications. For private applications, the DPI engines come with an in-built capability that allows customers to add new signatures or customize existing ones, whenever required. This level of fine-tuning eliminates the need for additional forensics, lowering TCO and improving detection results.
Other factors that contribute to cost and performance are flexible SLAs, fast upgrades and 24/7 global support, which reduces operational and maintenance costs, and potential downtime. ipoque also offers the assurance that comes from being a well-known, long-standing brand in the DPI market. Unlike open-source DPI and small-scale DPI vendors, ipoque has demonstrated its DPI expertise and long-term commitment to all customers and partners.
Good decisions come from great network insights
A powerful DPI engine with a comprehensive library can make a huge difference in your monitoring capacity. In December last year, telecoms giant BT registered over 8 Tbps more traffic on its broadband network. The surge came from the latest chapter launch by popular gaming app, Fortnite. Three days later, BT recorded its highest traffic peak at 30.1 Tbps, as six Premier League football matches were streamed live on Amazon Prime1 Optimized DPI software such as R&S®PACE 2 and R&S®vPACE can dig into the root of such traffic events in no time and deliver granular insights that enable real-time policy responses across the network, all year long – and all this, of course, at minimal overheads and with top-notch performance.
Sources
[1] BT Sees Record Broadband Network Data Traffic on 06 December
