Accelerating and securing mobile networks – The role of software acceleration in DPI and encrypted traffic intelligence

Roy Chua, AvidThink portrait

by Roy Chua, AvidThink
published on: 07.02.2024

As the Mobile World Congress 2024 in Barcelona approaches, the spotlight is once again on the evolution of the mobile ecosystem. With the ongoing transition to 5G and an increasing number of networks moving to 5G standalone, the industry is gearing up for the next stage: 5G-Advanced (5.5G). The forthcoming 3GPP Release 18 specification (June 2024 for implementable specs) will be a significant milestone in defining aspects of 5G-A. It will push throughput, capacity and reduced latency on mobile networks to the next stage.

Rising throughput and emerging challenges in wireless networks

The current mobile landscape sees public and private 5G wireless networks handling increasing loads, from industrial IoT workloads and video surveillance to streaming and growing AR/VR/XR workloads. This surge brings with it not just opportunities but also challenges in user experience, traffic prioritization, and cybersecurity. Advanced networks are becoming increasingly complex, which breeds new security vulnerabilities.

Deep packet inspection (DPI) technologies and encrypted traffic intelligence (ETI) are critical in this context. These tools are instrumental in managing network and computing resources, improving user and application experiences, and providing robust defenses against malicious traffic.

Flexibility of software-based DPI and ETI

The trend in mobile networks mirrors what data center networks have already experienced – virtualization, cloudification, and disaggregation. There's a software-centric shift in major components, with workloads increasingly running on commercial-off-the-shelf systems. These systems typically feature general-purpose CPUs with x86 and ARM instruction architectures, sometimes supplemented with network accelerators.

Consequently, networking vendors must optimize visibility and security solutions like DPI and ETI for general-purpose CPU-based systems. Vendors must lean on software techniques to accelerate DPI and ETI efficiently, whether in packet handling, protocol detection, real-time metadata extraction, or AI inferencing for ML-models-based classification on CPU architecture.

    Taking a vector-based approach with FD.io VPP and DPDK graph library to boost acceleration

    Over the last decade, many virtual and cloud-native network function (VNF/CNF) telecom workloads have come to depend on the Data Plane Development Kit (DPDK), a project to accelerate packet processing that’s hosted by the Linux Foundation. DPDK offloads packet handling from the OS kernel to user space and uses other acceleration techniques to achieve dramatic throughput.

    As software acceleration techniques matured alongside the telco virtualization movement, developers observed that a vector-based approach to packet handling (processing multiple packets in a batch) versus a scalar-based approach (processing a single packet at a time) yielded higher performance. One of the first popular frameworks to take advantage of this was the Vector Packet Processor (VPP) from FD.io (another Linux Foundation project). VPP is now generally used, in concert with the DPDK library, in many commercial implementations of virtual and cloud-native network functions in telecom networks. In the past few years, the DPDK project also added the DPDK graph library, which, in addition to facilitating a modular data processing framework built on graph nodes, provides cache optimization and vector packet processing.

    Vector-based frameworks handle multiple packets within a processing stage before moving to the next stage. This results in optimized CPU instruction cache usage and reduced memory read latency for critical data structures. Vector approaches ensure that directed graphs of nodes used for packet processing are optimized to fit instructions per node within the CPU instruction cache. These approaches may also pre fetch packets into the data cache to minimize memory latency. The result is a significant improvement in packet handling performance – vendors have benchmarked VPP and DPDK graph performance for DPI use cases at multiple times that than of scalar approaches.

    Accelerated DPI and ETI in 5G mobile networks

    High-performing DPI and ETI are pivotal for mobile networks, enabling operators to optimize services. For instance, they can reduce the latency of interactive communications like web conferencing, categorize and direct critical business traffic through high-speed links to regional hubs, and effectively block malicious traffic.

    The software-accelerated approach of DPI/ETI solutions allows for flexible embedding and location specific deployment. These solutions can be integrated everywhere, from customer premises equipment in fixed wireless access setups to metro-area mobile service centers, regional data centers, and even public and private clouds, without depending on proprietary networking hardware.

    DPI and ETI stacks are critical to new generations of security solutions covering SASE, SSE, CASB, ZTNA, IPS, and DDoS prevention. As networking vendors and telecom providers look to deploy new features to accelerate and protect mobile traffic across 5G networks, they want to ensure that the DPI and ETI libraries they leverage in their solutions support a vector-based approach. Without a modular and portable architecture that supports vector-based processing, it will be hard to achieve the performance necessary to roll out compelling new services and support mobile traffic growth rates. Those looking at new DPI/ ETI solutions or seeking to revamp existing solutions will want to ensure their DPI/ETI partner has the architectural framework to achieve the best performance and efficiency.

    Conclusion

    The evolution of 5G and 5G-Advanced Networks underscores the importance of VPP-enabled DPI and encrypted traffic intelligence. These technologies are not just additions but necessities for securing networks and enhancing user experiences amidst advanced network capabilities. As we move forward, integrating these solutions will play a critical role in shaping the future of mobile networking, ensuring robust performance and security in an increasingly connected world.

    This post is sponsored by ipoque, a Rohde & Schwarz company. If you're at Mobile World Congress in Barcelona from February 26 to 29, you can visit the Rohde & Schwarz booth (5A80) to see a demo of a VPP-enabled DPI engine with visibility into encrypted traffic in action. More details here.

    Roy Chua, AvidThink portrait

    Roy Chua, AvidThink

    Contact me on LinkedIn

    Roy, an entrepreneurial executive with 20+ years of IT experience, is the founder of AvidThink, an independent analyst firm covering infrastructure technologies at both carriers and enterprises. AvidThink's clients include Fortune 500 technology firms, early-stage startups, and upstart unicorns. Roy has been quoted by and featured on major publications including WSJ, FierceTelecom/Wireless, The New Stack and Light Reading. Roy is a graduate of MIT Sloan (MBA) and UC Berkeley (BS, MS EECS).

    ipoque blog - discover the latest news and trends in IP network analytics

    Sign up for the ipoque newsletter

    Stay informed about the latest advances and trends in
    deep packet inspection and network traffic visibility