A brief history of DPI
Originally, DPI technology was developed and used with success in security applications like firewalls during the 90's. Generally speaking, DPI focuses on analyzing all the content of data packets passing through a network, which
includes the headers and the data protocol structures (as opposed to the prior "Shallow Packet Inspection" that would only analyze the packet header), and compares this content against rules or signatures (for example, virus signatures). Based on these rules or signatures, the traffic will be treated appropriately by blocking, allowing, or tagging the packets. As a result, this would prevent malicious intrusions or viruses to penetrate a protected network by analyzing the threats buried within the data.
More recent, it became clear that this DPI technology could also be used within the mobile data networks. One problem still remained: how does one deal with sessions and content that are split into several packets? This problem was overcome as DPI was pushed a step forward by adding session reassembly techniques at OSI layer 7, the application level which is what subscribers see on their devices. Thus, Deep Packet Inspection technology applied to mobile data networks was born.
One of the most convenient aspects about DPI is that it enables the possibility to get unrivaled E2E visibility on the mobile network's overall activity by analyzing data at one or more interfaces in the telecom network. This requires the deployment of reliable 24x7 telecom-grade DPI Probe infrastructure, that capture data through standard mirrored ports of the mobile network nodes (SGSN, GGSN, WAPGW, etc) and that do not require to be in-line with existing network equipment so it will not affect the existing traffic flow. This DPI Probe infrastructure is meant to gather extremely large amounts of data to perform analysis on. Specialists often talk about terabits of data that is captured, processed, and stored in databases for further report generation. Depending on the network traffic throughput, one such DPI probe infrastructure will contain several nodes, some supporting the capturing process and the application layer, while other nodes can host the database with huge storage and write capabilities.
Instead of focusing on the bearer first (like radio connectivity, etc ...) and then going up to the higher OSI layers like traditional methods, DPI is based on a totally different principle. DPI directly starts analyzing from the 7th layer, the application layer, and drills all the way down to the lower layers attempting to pinpoint the root of the problem. The DPI rules-based engine inspects all the packets and re-assembles sessions and content at OSI layer 7 as the data is being captured in real-time. This equips the operator with information on what all subscribers perceive about the services they are using. This ability to get this kind of End-to-End information, usually from a single or multiple aggregated interfaces within the network, is revolutionary in terms of data management because it providies a real subscriber, service, and application-centric monitoring platform.