Wi-Fi needs DPI. Wi-Fi 7 needs it even more.

Magnus Bartsch portrait

by Magnus Bartsch
published on: 02.01.2023

Promising Ethernet-like speeds, Wi-Fi 7, the latest protocol for Wi-Fi connectivity, is expected to present a major leap in how wireless local area networks (WLAN) are designed and managed. The first generation of Wi-Fi 7 devices are expected to debut in the marketplace as early as next year. Players in the telecommunications, Wi-Fi and IoT segments are already devising performance and security strategies to support a plethora of new and exciting use cases.

Wi-Fi 7 presents significant upgrades from Wi-Fi 6. Wi-Fi 7 will enable speeds of 40 Mbps, 4 times higher than that of Wi-Fi 6 (9.6 Mbps) and boasts a much lower latency. Wi-Fi 7 features a bandwidth of 320 MHz, twice as high compared to Wi-Fi 6. This enables Wi-Fi 7 to support higher device density and improves the quality of experience.

Addressing WLAN complexities with deep packet inspection

The question of how traffic visibility requirements would change in Wi-Fi 7 is a pertinent one. Just like its predecessors Wi-Fi 6 and Wi-Fi 5, and very much like any other IP-based network, Wi-Fi 7 needs real-time traffic visibility to enhance its functionalities and manage the performance and security of applications, access points and devices/sensors. Network traffic visibility also plays an important role in supporting a host of Wi-Fi 7-specific technologies in laying out the WLAN architecture, selecting channels and bands, choosing backhaul connectivity and configuring access points and devices.

Super-fast traffic filtering by the deep packet inspection software from ipoque, R&S®PACE 2 and its VPP-native counterpart R&S®vPACE, provides Wi-Fi networks with real-time identification of packets and flows, down to protocols, applications and service types. Leveraging advanced traffic classification methodologies and encrypted traffic intelligence, the PACE engines can even analyze and classify traffic that is encrypted, obfuscated and anonymized. Combined with metadata extraction, DPI software from ipoque can be used to establish a wide range of traffic parameters such as speed, latency, packet loss, jitter and round trip time. Security-wise, both DPI engines boast the ability to detect suspicious, anomalous and malicious traffic in real time.

High throughput provided by advanced DPI technology can match up to the new speeds and latency requirements in Wi-Fi 7. With respective throughputs of 14 Gbps per core and more than 30 Gbps per core, R&S®PACE 2 and R&S®vPACE can be deployed in Wi-Fi routers and access points to handle unlimited traffic volumes without compromising Wi-Fi 7’s new speeds and latencies.

Application awareness for intelligent Wi-Fi networks

Advanced traffic classification capabilities offered by our DPI products can be used to implement application-aware traffic management policies for Wi-Fi 7 networks. This is particularly important when handling a growing number of latency-sensitive and bandwidth-intensive applications expected to run on home, enterprise and industrial Wi-Fi connectivity. For home networks, for example, the ability to identify 4K or 8K video traffic that requires minimum speeds of 20 Mbps or 50 Mbps respectively, or cloud gaming applications that require a latency of less than 20 ms, enables the provisioning of higher bandwidth to specific flows and the prioritization of related devices within a WLAN.

For Wi-Fi 7 in particular, real-time identification of applications supports dynamic provisioning of bandwidth across 2.4 GHz, 5 GHz and 6 GHz bands. This allows network capacity and resources to be distributed according to the QoS requirements for each application. Wi-Fi 7’s multi-link operations (MLO) technology for example allows dynamic aggregation, access and transmission of Wi-Fi traffic across multiple channels over all three radio bands simultaneously. Depending on the application and the end device, Wi-Fi 7 automatically adjusts the channel and band selection to deliver the expected QoS. DPI can greatly augment MLO by providing granular analyses of applications and services in terms of speeds and latencies. This enables critical applications to bypass congested channels and be routed through shorter and faster pathways for consistent and stable performance.

Making the most out of Wi-Fi 7

Wi-Fi 7 features include restricted target wake time (TWT), a capability that allows timed access for end devices used in IoT use cases. IoT sensors and meters for example can be programmed to ‘wake up’ and start sending/receiving data only at specified times. Application insights from R&S®PACE 2 and R&S®vPACE are of great use in restricted TWT as it allows ‘wake up’ times to be configured based on application traffic patterns, reducing contention between these end nodes, preserving battery life and ensuring that critical information logs are delivered in time.

Another key technical specification in Wi-Fi 7 that can benefit significantly from DPI is multi-access point coordination. Using techniques such as C-OFDMA, CSR, CBF and JXT, Wi-Fi 7 enables two or more access points to establish some form of arrangement to prioritize specific devices and applications. Application awareness and traffic analysis provided by DPI software allow access points to decide which applications are to be prioritized and how radio resources are to be distributed between different access points. This ensures devices supporting such applications receive the bandwidth they require as devices roam from one Wi-Fi hotspot to another within a WLAN environment. This powers a wide range of Wi Fi based applications such as smart home appliances, warehouse robotics and augmented reality tours.

What about Wi-Fi security?

Wi-Fi 7 devices will require, at the minimum, WPA3 encryption to ensure secure transmission. The use of WPA3 alone, however, is not sufficient to protect the new volumes of traffic and critical data expected to traverse Wi-Fi 7 networks. Man-in-the-middle and evil twin attacks for example can still take place. In open networks where authentication is not required, a single malicious user can easily compromise other devices on the network.

Cybersecurity vendors can leverage traffic insights provided by ipoque’s PACE engines to detect changes in the behavior of sensors and devices, identify bandwidth-hogging applications and discover unusual requests for authentication. Congestion in selected channels and poor performance of selected access points and devices may indicate malware, ransomware and DDoS attacks. In the enterprise context, DPI data can be used to uncover rogue devices and malicious activity such as data exfiltration and infiltration, as well as abuse of network resources for unauthorized uses. With fine-grained, highly accurate identification of the underlying applications and services including traffic metrics and the identification of obfuscation such as DNS tunneling, administrators managing Wi-Fi 7 will have the information necessary to analyze network vulnerabilities and put in place stronger security measures.

Welcoming Wi-Fi 7

With 82.45% of mobile Internet traffic expected to be accessed on Wi-Fi by 20231 , efforts will intensify in the Wi-Fi 7 space to enable new and emerging use cases such as interactive telemedicine and smart factories while greatly improving experiences on existing applications such as real-time collaboration, online video conferencing and immersive AR/VR. As the humble LAN transforms into a Wi-Fi hotbed, connecting to hundreds if not thousands of endpoints in a dense and complicated mesh, visibility provided by deep packet inspection will ensure each application and device stays on the radar and keeps performing.


Sources

[1] https://www.analysysmason.com/contentassets/63ab4d5ecf364c60a558dcca49ee801f/analysys_mason_wireless_traffic_forecast_oct2021_samples_rdnt0.pdf

Magnus Bartsch portrait

Magnus Bartsch

Contact me on LinkedIn

Magnus has always had a keen interest in computer science. From the start, he has had a particular fascination for deep packet inspection and the broader technologies utilizing this powerful software. Based on this interest, Magnus joined ipoque, a market leader in the DPI field.
This decision has enabled him to pursue his personal and professional goals to their fullest. During his 10 years at ipoque, he has worked in development, pre-sales and consulting. Throughout this time, he has not only been able to motivate, coach and advise people from around the globe, but also to expand his personal experience by providing full-stack support from rapid prototyping over integration support up to application architecture design. When he is not out promoting ipoque, he has a passion for seeing the world from his motorbike and is an avid diver.