Home / Blogs

DPI is Not a Four-Letter Word!

As founder and CTO of Ellacoya Networks, a pioneer in Deep Packet Inspection (DPI), and now having spent the last year at Arbor Networks, a pioneer in network-based security, I have witnessed first hand the evolution of DPI. It has evolved from a niche traffic management technology to an integrated service delivery platform. Once relegated to the dark corners of the central office, DPI has become the network element that enables subscriber opt-in for new services, transparency of traffic usage and quotas, fairness during peak busy hours and protection from denial of service attacks, all the while protecting and maintaining the privacy of broadband users.

Yet, DPI still gets a bad rap. Guilty until proven innocent! Why is that?

DPI means different things, because it is an overloaded term. I can think of at least four separate product categories of DPI:

  1. Traffic Management: DPI that classifies application traffic by examining the headers, without looking into the actual content itself.
  2. Surveillance: DPI that logs, reconstructs, or plays back communication exchanges.
  3. Ad-Insertion (and profiling): DPI that profiles subscriber web browsing or search activities, inserts cookies, or logs URLs visited by a subscriber.
  4. Security: DPI that examines content for viruses, trojans, or other forms of vulnerabilities.

Paramount to each of these product categories is privacy. Service providers and consumers share in concerns over privacy, as do industry luminaries. Yesterday, according to ZDNet, Sir Tim Berners-Lee, "inventor" of the World Wide Web, spoke out against the use of deep packet inspection citing concerns over how snooping on clicks and data reveals more information about people than listening to their conversations.

His concerns are valid. And I can attest, having worked with service providers around the globe, that service providers are deeply aware of how important it is to protect consumer privacy. That is why service providers are becoming more transparent and giving consumers choices with opt-in and opt-out capabilities. This new era of transparency is as much a result of consumer interests, service provider best practices, and increasing regulatory pressures, as it is an indication of the broader shift of how DPI-based services are being used.

That is why Phorm, the targeted advertising service company mentioned in the ZDNet article which uses DPI, has a technology that can't know who users are and allows users to switch it off or on at any time (opt-out or opt-in).

But transparency and consumer opt-out are not limited to broadband service providers and DPI. Yesterday, Google launched "interest-based" advertising on their partner sites and on YouTube, where ads will associate categories of interest based on the types of sites you visit and the pages you view. And, in line with DPI and service provider models of transparency and consumer choice, Google is offering transparency, choice with Ads Preference Manager, and a non-cookie based opt-out capability.

So at the heart of any service over broadband, not just DPI-based services, is the need for transparency, fairness, consumer choice and protection while preserving the privacy of individuals. These are the new discussion points that need to transcend specific technologies in the network. The public debate and regulatory directions has to be centered on these key areas (stay tuned as Arbor becomes more active in these arenas).

As for DPI itself, it has proven to be a critical network element in service provider networks, by providing those things that we all hold dear: privacy, protection, fairness and transparency. DPI is not a four-letter word!

By Kurt Dobbins, Chief Technology Officer, IP Services, Arbor Networks

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


I'm a bit confused as to how By Scott Francis  –  Mar 13, 2009 10:47 am PDT

I'm a bit confused as to how exactly a third party eavesdropping on a conversation provides privacy (or protection, fairness or transparency). Perhaps you define these terms differently from the average network end-user?

However, I can certainly see how DPI can provide revenue opportunities, and LEO cooperation opportunities, and media industry monitoring opportunities, and ever more over-subscription opportunities. (why build out capacity when you can simply degrade performance for users, protocols or content deemed "unacceptable"?)

The era of ubiquitous transparent encryption for all traffic between endpoints can't come soon enough.

Why do you confuse port 25 filtering with dpi, Joe XX? By Suresh Ramasubramanian  –  Mar 13, 2009 8:35 pm PDT

I am probably wasting my time asking this ..

Indeed you are By Richard Bennett  –  Mar 16, 2009 6:04 pm PDT

But it's noble of you to try to spread a little light.

Don't use port 25 By Richard Bennett  –  Mar 16, 2009 7:33 pm PDT

Personally, I use port 465 to send e-mail from my Comcast account at home and 993 to receive it, so any use of port 25 on my home router would be a solid indication of a bot infection. As I don't know what goes on inside your home network (neither do you, apparently,) that's all I have to go on. I'm a Comcast customer with no e-mail blockage problems.

So rather than whining about a perfectly rational practice on the part of your ISP and imagining sys admins are reading your personal mail, why don't you secure your system and setup your e-mail in a responsible way? Comcast will give you a copy of McAfee for free to help get you started.

Practicalities By The Famous Brett Watson  –  Mar 16, 2009 10:21 pm PDT

Joe, I think you are going to save yourself a lot of time and aggravation by avoiding this issue rather than tackling it head on. It seems perfectly likely to me that Comcast are not upholding their promises in relation to information disclosure, but I'm a firm believer in Hanlon's Razor here: they are not being evil or devious, they are just a large bureaucracy which is incapable of internal consistency by merit of simple size. You could take the matter to the courts if you so desired, but that seems like an awful lot of time, effort and money, given the best possible outcome is what? You get to know why they're blocking you? Or maybe you think it will be a worthwhile ideological victory? You're far less cynical than I am if that's the case.

Were I in your position, here's what I would do: observe best current practices for message submission (BCP 134, RFC 5068) and send email to a smarthost via port 587. That way you get the satisfaction of being a technical purist, and Comcast's beliefs about your use of port 25 become irrelevant. Yes, it's a little annoying that you can't use port 25 even though it is a technically reasonable approach, but port 25 hasn't been the gold standard for mail submission in a decade or so, and a technical purist needs to keep up with the times.

So the thought I would like to leave you with is this: if you were observing best current practices, this would not be a problem for you. Solve the problem at your end, not Comcast's: it's the path of least resistance and fewest ulcers.

By George Ou  –  Mar 16, 2009 2:01 pm PDT

All ISPs block outbound port 25 Joe and they've been doing it for many years.  At one time before Comcast blocked outbound port 25 for anything other than Comcast's SMTP server, Comcast's customers were unknowingly sending ~25% of the world's spam.

Yet this has nothing to do with DPI and it's not some kind of evil plot.  Consumers can still do emailing through Comcast or third party email providers.  Those third parties such as Gmail use port 465 for SMTP over SSL.

By George Ou  –  Mar 16, 2009 3:31 pm PDT

You don't use any kind of DPI technology to do simple port filtering which has been around for around two decades.

By Richard Bennett  –  Mar 16, 2009 6:09 pm PDT

There is something in the world called Spam, most of it sent from computers that have been infected by things called "bots." When the volume of your outgoing mail gets to be quite high compared to the average user, a responsible ISP will check some of this e-mail for spammy content. This isn't exactly "reading" your mail - there;s not a group of sys admins sitting around laughing at you for the way you write, there's a program that pattern matches your e-mail and gives it a spam score. If the score is high enough to determine that it is spam, they shut down port 25 to stop the spamming.

This is a good thing to do, but I agree with your that the Terms of Use for that particular ISP could be more clear. In any event, spam prevention is a good thing.

By George Ou  –  Mar 16, 2009 7:52 pm PDT

Joe, one last try.  There is no DPI technology involved here.  It's simple port blocking which is around 2 decades old. I and other people on this site have tried to correct you and explain that this has nothing to do with DPI or behavioral or interest based advertising.  I've and others have explained to you that external port 25 is blocked to stop spam and that this doesn't prevent you from using external SMTP email servers.

No human at your ISP reads your emails Joe.  The anti-spam and anti-virus systems inspect your email for spam and protects you from annoying and malicious emails.

By George Ou  –  Mar 16, 2009 8:16 pm PDT

Joe, don't confuse port blocking with anti-spam or anti-virus.  All three systems work independently of each other and they don't need the presence of the other two systems to work.

Everyone here is trying as patiently as possible to explain to you that Comcast systematically blocks all users from getting to the Internet on TCP port 25 and that this is very normal behavior for consumer broadband accounts.  Just about every major broadband provider uses this technique to avoid being the world's leading source of spam.

Your line of questioning is getting beyond ridiculous at this point, and there's not much more I can add to this.

By Richard Bennett  –  Mar 16, 2009 8:39 pm PDT

You don't have time to check the SSL button in Thunderbird (or the equivalent) but you do have time to draft a meritless lawsuit?

Damn, you must write fast.

Add Your Comments

 To post your comments, please login or create an account.




Sponsored byVerisign

Domain Management

Sponsored byMarkMonitor

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byAppdetex

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byAppdetex