Facebook, YouTube and Instagram: Tackling app frenzy with DPI-driven application awareness

Christine Lorenz portrait

by Christine Lorenz
published on: 01.11.2023

Facebook has 2.93 billion active monthly users1. Assuming that 5%2 of these are bots or fake accounts, the number still stands at a whopping 2.78 billion. That is almost 35% of the current global population3. Facebook is not alone on the pedestal of the greatest apps of our times. YouTube has 2.73 billion users4 - that is three in every eight humans on this planet!

Not too far from this mark is Instagram, the photo- and video-sharing app and WhatsApp, which boasts a penetration rate of 78% even for people over the age of 655. Both apps boast 2 billion active monthly users6. In the league of 1 billion users, we have Facebook Messenger, TikTok and Amazon. Telegram, X (previously Twitter), Spotify and Netflix follow suit, each with hundreds of thousands of users.

The busiest marketplace

There is obviously not a moment of quiet in today’s app stores as apps are created, updated and continuously downloaded. TikTok, a video sharing platform, saw 672 million downloads last year7, followed by Instagram which registered 548 million downloads. WhatsApp was downloaded 424 million times, while CapCut, a video editing app, was downloaded 357 million times. Other most downloaded apps include Snapchat, Telegram, Subway Surfers, Facebook, Stumble Guys and Spotify.

Implication for networks

Applications shape today’s networks. Virtual network slices in 5G are designed to match different classes of application speeds and latencies. An enterprise SD-WAN network is designed to ensure the reliability of its CRM and ERP applications. An OT network is designed to track industrial applications. To ensure every network is aligned with the applications it delivers, application visibility is absolutely crucial.

The classification stack

R&S®PACE 2 and R&S®vPACE are the market-leading deep packet inspection (DPI) solutions by ipoque that deliver real-time application visibility. The engines feature cutting-edge techniques for traffic classification utilizing behavioral, statistical and heuristic analyses as well as machine learning (ML) and deep learning (DL). These methodologies deliver the full classification stack for each packet. This starts with protocol identification for layer 3 and layer 4 (e.g., TCP, UDP and SCTP). At layer 7, the stack identifies application protocols such as HTTP(S), SMTP(S) or QUIC and applications such as Microsoft Teams, Netflix or Facebook, along with the relevant tags and attributes such as service types.

ipoque's R&S®PACE 2 classification model
Figure 1: ipoque classification model

This classification information is then merged with traffic metadata to establish various performance parameters such as speed, jitter and latency. Traffic patterns are also used to identify traffic that is malicious, suspicious and anomalous traffic.

How DPI analytics break down application complexities

Let us take the example of Facebook. Around 1.9 billion people use Facebook daily.8 Facebook traffic peaks on Wednesdays, from 9am to 1pm. As networks wake up to a new day, they will find a steady stream of traffic heading towards Facebook servers as users log into their accounts and start watching reels, browsing their feed, uploading photos and commenting on friends’ posts.

To monitor and manage these sessions, networks need to identify not only the applications they are handling, but a deeper set of data relating to each application as well. The DPI engines R&S®PACE 2 and R&S®vPACE provide these insights, illustrated in the following Facebook example:

  • Application protocols: e.g., HTTP(S), own proprietary Facebook protocol, QUIC
  • Applications: e.g., Facebook, Facebook Lite or Facebook Messenger
  • Application attributes: e.g., video, audio or live broadcasting

This level of analytical depth fuels a truly dynamic response to network events. Mobile operators bundling unlimited Facebook access in their data plans will prioritize Facebook traffic, knowing how it drives subscription and customer satisfaction. Segregation of Facebook traffic by service types, such as video, audio or live broadcasting, also allows networks to queue or cache video traffic to make more space for its other feed.

Through combining traffic classification with traffic parameters, operators can flex their networks even further. Where speeds and performance of other applications on the network take a hit due to Facebook traffic, operators can reallocate bandwidth in real-time and ensure no major degradations in service.

This is not all. The threat awareness of the DPI technology from ipoque can easily pinpoint the exact network subscriber that is involved in a DDoS attack or in the transfer of malicious content. This ramps up protection against threats hidden in any application.

Same insights, different actions

Policy responses to the same application insights can be different across networks. A corporate network will offload all social media traffic, including Facebook, onto standard internet links. This leaves premium routes for business-critical applications. An enterprise can also enforce rules that only allow Facebook Lite on its official devices to alleviate congestion on LAN and WAN. Similarly, DPI analytics can be used to impose parental control on Facebook usage within a home network.

Built-in quality assurance

Staying ahead of changes in the app universe requires a lot of effort. At ipoque, we take pride in our expertise, continuous R&D and built-in quality assurance (QA) which ensure that we have the most comprehensive, accurate and updated signature library. We conduct robust testing, generating more than 1000 traces every week from various nodes globally. These traces add to our 3.3 terabytes of test material which we use to train and perfect our classification models. Using automated regression testing executed in the CI/CD pipeline, we validate each code merge against our test material, up to 100 times a week. This ensures our DPI software remainr highly accurate and updated.

We also ensure adequate coverage for all network types and scenarios. For mobile traffic specifically, we leverage our mobile application framework (MAF) which processes traffic from 150 high-priority applications. This allows applications such as Samsung TouchWiz Home, Gmail and Google Maps9 to be continuously monitored and reflected accurately in our weekly software updates.

Seamless tech

On top of all this, our DPI engines are easily deployed. With linear scalability of 14 Gbit/s per core on average for R&S®PACE 2 and 35 Gbit/s per core on average for R&S®vPACE, the DPI technology by ipoque can be integrated into any networking or cybersecurity solution across traditional, virtualized and cloud environments. Both of our engines come with encrypted traffic intelligence and boast advanced features such as first-packet classification, mobile tethering detection or custom service classification that enables you to implement your own DPI signatures by using easy, pre-defined criteria to smoothly extend network visibility on-the-fly. Leveraging these advancements, our deep industry expertise and 24/7 support, we ensure networks are adequately equipped with the network intelligence they need to ensure a smooth app experience at all times.


[1] https://www.edudwar.com/list-of-most-popular-apps-in-the-world/
[2] https://backlinko.com/facebook-users
[3] https://worldpopulationreview.com/
[4] https://www.demandsage.com/youtube-stats/
[5] https://verloop.io/blog/whatsapp-statistics-2023
[6] https://www.edudwar.com/list-of-most-popular-apps-in-the-world/
[7] https://blog.apptopia.com/worldwide-and-us-download-leaders-2022
[8] https://backlinko.com/facebook-users
[9] https://www.data.ai/en/apps/unified-app/top/active-user/worldwide

Christine Lorenz portrait

Christine Lorenz

Contact me on LinkedIn

Christine is DPI marketing expert at ipoque, joining the company in 2013. With her background in marketing communications, she is passionate about making people aware of the capabilities of traffic analytics and DPI use cases. Christine is a lover of Vietnamese food and spends most of her spare time running and cycling, exploring nature and the outdoors and dreaming of becoming a ranger in a national park.

ipoque blog - discover the latest news and trends in IP network analytics

Sign up for the ipoque newsletter

Stay informed about the latest advances and trends in
deep packet inspection and network traffic visibility