Visibility into OTT traffic with next-gen DPI software

Tobias Roeder portrait

By Tobias Roeder
Published on: 09.01.2024

Over-the-top (OTT) media services have experienced tremendous growth in recent years, with video alone accounting for a whopping 70 % of mobile network traffic in 2022.1 Spanning entertainment, education, gaming and more, OTT audio and video platforms offer distinct content and service types. Platforms like Netflix serve pre-recorded video content on-demand, while Twitch broadcasts live content. Similarly, linear TV options, such as Hulu + Live TV, follow traditional TV schedules. Some platforms allow downloading, while others are strictly streaming-only. Some are subscription-based and some are ad-supported. These different flavors of OTT services create new opportunities for network operators and content providers but also pose novel challenges in delivering the best quality of experience (QoE) to users.

Deep visibility and network traffic classification are pivotal concerns for both network operators and OTT providers. OTT traffic visibility empowers network operators to allocate resources dynamically based on the needs of a particular user, application or traffic type. It also delivers insights regarding the platforms driving most network usage, allowing operators to optimize network performance and offer tailored QoS and QoE. On the other hand, OTT providers need this visibility to keep tabs on their application’s performance and user satisfaction. Subscriber-awareness and usage insights allow them to offer personalized services and pricing.

Shaping OTT traffic with deep visibility

Deep packet inspection (DPI) plays a crucial role in identifying and distinguishing OTT traffic based on application type (Prime, HBO, Netflix, etc.), service (video, file download, audio etc.) and categorization (streaming, messaging and conferencing). The advanced OEM DPI engines R&S®PACE 2 and R&S®vPACE by ipoque can integrate seamlessly into any part of the network, including edge routers and CDNs. They provide granular OTT traffic visibility and classification based on layer 7 applications and protocols as well as service type attributes. For instance, HTTPS generally indicates on-demand video streaming, while the real-time messaging protocol (RTMP) and the real-time protocol (RTP) are associated with live streaming. Similarly, the WebSocket protocol is often used in online gaming sessions.

Our DPI technology also examines packet metadata to identify packet size, destination and source IPs, port numbers and video-specific headers. This allows to determine traffic performance metrics, such as speed, packet loss and jitter, at each protocol, application and service level. Going a step further, R&S®PACE 2 and R&S®vPACE incorporate encrypted traffic intelligence (ETI) which uses advanced machine learning, deep learning and high-dimensional data analysis as well as advanced caching methods to classify encrypted traffic. For instance, OTT traffic associated with downloading often involves sporadic bursts of data transfers as opposed to the continuous data flow typically seen in streaming traffic. ETI essentially powers networks to tackle the growing share of encrypted OTT traffic.

This multi-layered traffic visibility is crucial as OTT platforms venture into different types of OTT services rather than focusing on one. For instance, traffic from Discord, which started off as a chatting app, no longer suggests messaging activity — it can actually be live video streaming!

Adjusting network parameters for the best experience

Network resources can fluctuate based on the type of network — wired broadband, Wi-Fi, cellular, satellite internet and more. In addition, network conditions like speed, jitter and latency can also vary depending on the overall network burden. These fluctuations require real-time adaptability in resource allocation. DPI analytics power adaptive bitrate streaming (ABR) through active monitoring of network conditions, such as the available congestion and bandwidth, allowing the video quality to adjust according to the network resources. Similarly, DPI can identify applications that deal with rich content, such as 8K videos or graphics-intensive gaming. This delivers the inputs needed to select OTT traffic flows that require compression so that the burden on the network can be minimized.

Different OTT application — different network slice

Different OTT applications demand varying levels of QoS/QoE, resource allocations and forwarding pathways. As 5G adoption soars, OTT applications need to be assigned virtual slices based on their unique performance and security requirements. For instance, XR applications, like multiplayer AR games, must be assigned an Ultra-Reliable Low-Latency Communication (URLLC) slice. As such, DPI’s application-level awareness is needed for allocating different resources or pathways for each OTT application.

In addition, DPI allows network operators to identify popular content, such as regional blockbusters, to leverage edge caching and CDNs for low-latency and fast delivery. DPI-enabled granular OTT traffic analysis goes beyond application recognition and is capable of classifying service types for traffic prioritization. For instance, it can help identify and prioritize live streaming traffic that demands a lower latency than audio or video downloads.

Curbing OTT-based attacks

OTT platforms can also introduce vulnerabilities into the network, such as distributed denial of service (DDoS) attacks during peak times, content releases or significant live events. Last year, FuboTV faced a major cyberattack that brought down its stream during a high-profile FIFA World Cup semifinal, disappointing a huge number of FuboTV subscribers.2 The capability of next-gen DPI software to match traffic signatures with known malware signatures and identify anomalous traffic patterns based on historical data and statistical analysis is at the heart of any OTT cyberattack mitigation strategy.

User-level insights

Each user has different preferences and usage patterns. DPI-driven subscriber awareness can help network operators and OTT providers identify these usage patterns to curate personalized offerings and service bundles, create or host better and more relevant content as well as tweak pricing models and plans. As QoE becomes a major differentiator, OTT stakeholders need DPI for real-time monitoring of QoE metrics to gauge customer satisfaction. User-level insights can enable rapid identification of issues and bottlenecks that impact QoE and cause subscriber churn.

Another crucial factor for OTT QoE is the use of different end-user devices with varying capabilities, such as screen size, computational power/resources and storage capacity. DPI provides device awareness for content adaptability, ensuring that optimized content versions can be delivered for each specific device.

Fine-grained traffic insights for OTT services

Netflix has ventured into gaming, aggregation services like WATCHO are gaining immense popularity as they bring several OTT platforms under one subscription and Twitch has just recently launched “stories” for sharing short posts. The rise of the OTT super apps creates simplicity for the consumers who can enjoy a plethora of OTT services under one platform. However, that simultaneously translates to an increased complexity for service providers, who must now monitor and manage an intricate mashup of traffic types for each platform. Under this diverse OTT landscape, next-gen DPI technology can provide the much-needed visibility into OTT traffic, offering traffic classification down to the service type. It enables providers to treat and manage OTT traffic according to their exact needs.


[1] Ericsson – Video Traffic Report -
[2] FuboTV Hit with Cyberattack During World Cup Semifinal Match:,Service%20was%20restored%20Wednesday%20evening.

Tobias Roeder portrait

Tobias Roeder

Contact me on LinkedIn

Tobias holds a degree in electrical engineering and has more than eight years of experience in product development. For a number of years, Tobias has been working as an application engineer for the deep packet inspection (DPI) software R&S®PACE 2 at ipoque, a subsidiary of the Rohde & Schwarz company. Tobias provides engineering services from the packet processing level up to the application level. In customer consulting, he identifies the optimal implementation to fulfill customer requirements and assists with the architectural decisions that go along with embedding DPI into network solutions. When he’s not at work, Tobias plays disc golf and enjoys doing CrossFit.

ipoque blog - discover the latest news and trends in IP network analytics

Sign up for the ipoque newsletter

Stay informed about the latest advances and trends in
deep packet inspection and network traffic visibility