A brief history of DPI
Originally, DPI technology was developed and used with success in security applications for the firewall industry during the 90's. Generally speaking, DPI focuses on analyzing all the content of data packets passing through the network, the headers and the data protocol structures (as opposed to the prior "Shallow Packet Inspection" that would only analyze the packet header) and compares this content against rules or signatures (for example, virus signatures). Based on these rules or signatures, the traffic will be treated appropriately by blocking, allowing, or tagging the packets. As a result, this would prevent malicious intrusions or viruses to penetrate a protected network by analyzing the threats buried within the data.
Recently, it became clear for some OSS pioneers that this DPI technology could also be used within the mobile data networks. One problem still remained: how does one deal with sessions and content that are split into several packets? This last problem was overcome as they pushed the DPI one step forward by adding a unique session reassembly technique at OSI layer 7, the application level which is what subscribers see on their devices. Thus, the Deep Packet Inspection technology applied to mobile data networks was born.
DPI's specificities
One of the most convenient aspects about DPI is that it enables the possibility to get unrivaled E2E visibility on the mobile network's overall activity just by analyzing data at a few different interfaces in the core-network. This only implies the deployment of server-based, reliable 24x7 nodes that capture data through standard mirroring ports of the core-network nodes (SGSN, GGSN, MMSC, etc) that do not run in-line in the network and will not affect the usual traffic flow. These DPI nodes are meant to gather extremely large amounts of data to perform this analysis. Specialists often talk about terabits of data that is captured, processed, and stored in databases for further report generation and DPI-based application queries. Depending on the network traffic throughput, one or several nodes can be deployed, some supporting the capturing process and the application layer, while other nodes can host the database with huge storage capabilities.
Instead on focusing on the bearer first (like radio connectivity, etc ...) and then going up to the higher OSI layers like traditional methods, DPI is based on a totally different principle. DPI directly starts analyzing from the 7th layer, the application layer, and drills all the way down to the lower layers attempting to pinpoint the root of the problem. The DPI rules-based engine inspects all the packets and re-assembles sessions and content at OSI layer 7 in as the data is being captured in real-time, equipping the operator with information on what all subscribers perceive about the services they are using. This ability to get any kind of information within the network is revolutionary in terms of data management, providing a real subscriber, service, and application-centric platform.
