Deep packet inspection (DPI) technology significantly enhances the security and management of current networks -- but combined with software-defined networking (SDN), DPI becomes an even more powerful tool that can centralize network policy control and accelerate automation.
DPI is a network packet filtering technology that examines a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or other defined criteria. The tool then decides whether the packet may pass or if it needs to be rerouted. DPI provides the information to enable advanced network automation, policy, compliance and security functions throughout the network.
Advances in DPI technology
Increases in semiconductor processing power have enabled a number of key advances in DPI technology, including:
- The ability to inspect deeper within packets: This provides more context and information about individual traffic flows.
- Pervasive inspection: DPI capabilities are being built into a wide range of devices (not just purpose-built boxes), including Ethernet switches, routers, server load balancers, WAN optimization appliances, management devices and network security elements.
- More frequent inspection: Improved processing capabilities means less drain on performance when DPI is turned, which enables always-on DPI and the ability to examine all packets.
- Ability to run DPI as software on standard servers: This allows for lower cost implementation of DPI as compared to purpose-built appliances.
Where SDN and DPI meet: Centralized policy and security control
Improved DPI can provide the detailed data to inform the SDN controller about the state of the network and its traffic flows. This allows SDN to treat the network as a holistic resource rather than a diverse group of devices (e.g. switches, security and other Layer 4-7 elements). Ultimately, connecting SDN and DPI will let network pros apply policy control and automation to the entire network as opposed to individual components or elements. Leveraging a central DPI capability will provide intelligence to all relevant functions (controller, policy, security, etc.) -- instead of the current system of each functional box performing its own DPI.
More on SDN and network management
Microsoft uses OpenFlow SDN for network monitoring
SDN for network management: More than just middleware, please!
Where SDN and DevOps meet
This kind of centralized DPI enforcement will go a long way in meeting the new security requirements resulting from the growing remote workforce, bring-your-own-device trends and the explosion of different internal and external traffic types (e.g. Facebook, Skype, video chat, streaming, video, etc.).
The network must now "see" much deeper into traffic flows to identify the difference between good traffic or traffic that should be excluded from the network. IT managers may want to allow Skype calls to save on international dialing charges, but block file transfers via Skype for data leak prevention (DLP) and to enforce compliance policies, for example.
Combining DPI and SDN for improved security
DPI enables IT administrators and security officials to set policies and enforce them at all layers, including the application and user layer, to help combat malware and other threats. The combination of DPI and SDN will allow for pervasive network security throughout the network -- not just at specific endpoints like firewalls. An advanced network security system can evaluate the "health" of network traffic on its behavior instead of relying on perimeter controls.
With DPI and SDN: Applying big data to network management
Current network management systems remain mostly reactive and operationally intensive -- meaning trained network engineers must react to network slowdowns or failures instead of being proactive.
More on DPI tools
DPI vendor comparison
DPI technology: Proxy vs. stream-based
DPI primer: Understanding the basics
Enhanced DPI technology can change that, offering exponentially more information about the network. But the challenge lies in leveraging this huge amount of data to make better decisions. The near future of network management is essentially a big data problem with questions about frequency of data collection, type of data to collect, and which analytics/policy tools to use becoming paramount.
DPI plays a key role in providing critical information about health and performance of the network. Enhanced DPI will impact a wide range of suppliers, including the incumbent networking vendors (e.g. Cisco, Juniper, HP Networks, F5, Riverbed); SDN start-ups (e.g. Big Switch, PLUMGrid, Saisei); IT suppliers (e.g. IBM, Intel, VMware); network monitoring providers (e.g. Gigamon, NetScout, IXIA); and a large number of network security players. Use of DPI will become pervasive in most networks as part of security and management solutions. DPI, in combination with SDN, will lead the way toward an automated network that is easier to manage and much more secure with a lower OPEX.
About the author: Lee Doyle is a principal analyst at Doyle Research. Doyle Research delivers quantitative and qualitative analysis, forecasting and market positioning advice to network and IT industry professionals.
This was first published in August 2013