Home > Broadband, Net neutrality > DPI – the end of Net Neutrality

DPI – the end of Net Neutrality

The recent events in the media and talk about net neutrality have once again brought focus onto technologies that disrupt the fine balance between neutrality and traffic shaping in ISPs. Internet service providers and Wireless broadband service providers have been looking at ways and means to shape the traffic, enforce policies and prioritize packets as Internet and mobile internet have set to take off. One of the biggest set of tools that has been used by operators is Deep Packet Inspection (DPI). This has been one of the several content optimization techniques that includes Policy Control mechanisms, QOS techniques and ‘throttling’ in extreme cases. Why do ISPs and WISPs resort to this?

Data traffic has grown umpteen fold and the pipes are filling up faster than the operators have been able to install them, as well as people’s expectations have been raised as they expect to have access to advanced multimedia services regardless of their location. And this development represents a major business opportunity for operators but places new demands on the infrastructure. The merger of the telecom and media industries has made a huge amount of digital content easily accessible for a large number of subscribers.  The key to the solution is traffic inspection and the ability to differentiate between best-effort and premium services.

Most applications can be identified by means of packet inspection but this method needs to be complemented with heuristic analysis (compare “pattern recognition”) in the case of peer-to-peer traffic. The protocols of peer-to-peer applications that are used to distribute illegally copied material are often designed to avoid detection.

What is DPI?

Deep Packet Inspection (DPI) is the technology that refers to devices and technologies that inspect and take action based on the contents of the packet “payload” rather than just the packet header. Once DPI algorithms determine what content is in the payload, traffic information can be logged and actions triggered in network elements as necessary depending on the application. These functions need to happen in real-time in order to evaluate and act on service heuristics or generate billing information.

DPI equipment was initially deployed to control spiraling volumes of peer-to-peer traffic, but its use has widened because DPI has proven relevant in a number of other contexts, including network security, service packaging, and service management.

Network economics have created a demand for DPI technology since traffic volumes have been growing, forcing fixed line broadband service providers to invest in new network infrastructure. The prices of these services though have remained flat or decreasing forcing service providers to use DPI to best understand network usage in order to build out the right amount of infrastructure at the right time and to prioritize traffic to improve their profitability.

And demand for DPI is no longer limited to the fixed line telecom sector. Mobile operators, with ever increasing data service speeds will face the same need as they roll out advanced multi-media services to increment ARPU in the face of flat rate voice and data plans. Investment in DPI systems is a global phenomenon, and demand for DPI capability will grow as carriers upgrade their networks and as customers continue to use more and more bandwidth-hogging applications.

Traffic inspection: packet inspection and heuristic analysis

Source: Ericsson

The three complementing methods for traffic inspection are illustrated by Figure above. In case of a peer-to-peer session, the application server in the figure would represent a user terminal. It should be noted that heuristic analysis is not always completely accurate since it is based on a type of pattern recognition. New peer-to-peer protocols and applications will appear and the network intelligence for heuristic analysis will have to be updated accordingly.

The most obvious benefit from implementing functionality for packet inspection and heuristic analysis is that it provides information about the type of traffic carried over the network. Unlike standard statistical features of network management systems, the volumes of traffic can be studied on an application level. The information could be used to review current policies, for example with regard to fair usage. It also represents valuable input, in terms of subscriber behavior and preferences, to the planning of charging schemes and the launch of new services. In an increasingly competitive communications business, it is crucial to pick up on new trends and spot the potential at an early stage.DPI and heuristic analysis can also prove useful when a new charging scheme has been implemented or a service has been launched. By comparing traffic volumes and subscriber preferences before and after the change, conclusions can be drawn on whether subscribers think they get good value for money.


Managing Traffic: DPI enables traffic throttling, blocking at a flow or application level. This has become especially important as bandwidth-hungry, priority-packet multi-media usage has skyrocketed, mainly in the form of Voice over IP (VoIP) and video/audio over IP.

Secure quality-of-service for premium services: Helps traffic generated by best-effort services as the quality-of-service class implies, be deferred or even rejected if buffers are overloaded.

Form partnerships with third-party content providers: DPI and heuristic analysis in place, operators will be able to form partnerships with media companies, offering service level agreements and providing mechanisms for service authorization, real-time charging and revenue sharing.

Evaluate subscriber preferences for targeted marketing: Subscribers accessing a specific type of content are more likely to be interested in associated products and services, than the general public. If the traffic concerned is identified by means of packet inspection, there could be opportunities for targeted marketing and injection of advertisements.

Improve network security: Network security is another area affected by peer-to-peer applications. In traditional networks, dedicated routers and gateways handle routing and blocking of traffic. This is not feasible in a peer-to-peer network since the architecture is decentralized. With high volumes of file-sharing traffic being routed directly between users, there is an increased risk of viruses, worms and other types of malware being spread.

CALEA: DPI enables operators to meet the requirements of the Communications Assistance for Law Enforcement Act (CALEA) and its international equivalents to ensure that security services can use equipment for surveillance, in particular for VoIP traffic.

Copyright enforcement:  DPI can help enforce copyrights for content copyright owners or content protected by courts or official policy.

Why is DPI harmful?

Speaking at a House of Lords event on the 20th anniversary of the invention of the World Wide Web, in 2009 Tim Berners-Lee said that deep packet inspection was the electronic equivalent of opening people’s mail. “This is very important to me, as what is at stake is the integrity of the internet as a communications medium,” Berners-Lee said on Wednesday. “Clearly we must not interfere with the internet, and we must not snoop on the internet. If we snoop on clicks and data, we can find out a lot more information about people than if we listen to their conversations.”

Comcast and Internet Blocking

In 2007 a high-profile case which led FCC to test the strength of the Internet Policy Statement, began when Comcast users started posting complaints on user message boards about the cable operator’s treatment of peer-to-peer traffic. Though no one could identify quite how it happened, it appeared that Comcast was blocking file transfers between users. Robb Topolski, a network engineer in Portland, Ore., cracked the code with a series of experiments in the fall of 2007.Additional tests were done by Topolski, the Associated Press and the Electronic Frontier Foundation, which collectively determined that Comcast was using DPI technology to identify packets coming from peer-to-peer applications. Comcast was then secretly blocking those packets, while allowing other packets to pass through unimpeded. Comcast’s actions presented a clear case of network discrimination. In November 2007, Free Press and other public interest organizations filed a petition with the FCC to demand that Comcast’s activities be stopped and ruled unlawful.6 After two public hearings, substantial media attention, and overwhelming public opposition to the practice, the FCC ruled against Comcast and ordered a halt to the company’s blocking practices. However, the FCC’s order fell short of making Net Neutrality the unambiguous law of the land. The commission’s ruling found that ISPs could not block consumers from accessing online content – but it did not squarely address the underlying issue of discrimination that stopped short of blocking.

Following the commission’s order, Comcast stopped its peer-to-peer blocking practices and instituted a new network management system that does not discriminate against or in favor of any Internet applications. Comcast’s new system identifies neighborhoods that are growing substantially congested, and then identifies individual users within those neighborhoods that are using a substantial amount of bandwidth, and slows down those heavy users for a short period of time. Although imperfect, Comcast has adopted a non-discriminatory network management regime that deals with congestion without attempting to pick winners and losers on the Internet.

NebuAd and Internet Monitoring

The dangers of DPI are not limited to violations of Net Neutrality; they extend to violations of privacy as well. Until its reorganization in 2008, a company called NebuAd offered an advertising service to network providers. With this service, NebuAd devices would secretly sit at key places within the network and monitor all consumer communications passing through the network, using DPI to search within packets for URLs and search terms. The devices would then analyze some or all of that traffic to identify consumer behavior patterns. But NebuAd’s activities went beyond information gathering. NebuAd artificially inserted packets of data into the stream of traffic to redirect Web browsers to a NebuAd-owned domain for the purpose of placing unsolicited tracking cookies on the user’s computer.

In March 2008, Internet users began detecting unsolicited cookies originating from NebuAd systems put in place by ISPs without notice. In May 2008, NebuAd made headlines by announcing a targeted advertising partnership with Charter Communications. After substantial pressure from public interest groups, subcommittees from both the House15 and the Senate16 held hearings to investigate the arrangement and NebuAd’s practices. As a result of intense negative feedback from Congress and its customers, Charter terminated its arrangement with NebuAd in June 2008. The company has now virtually disappeared, but the enticing business of consumer tracking remains an attractive proposition for many ISPs.

In the cases of Comcast and NebuAd, consumer interests won the battle, though the war is far from over. The manufacturers of DPI equipment are committed to selling tools for network monitoring and discrimination, and were not deterred by the Comcast and NebuAd debacles. The debate over the use of DPI has only begun. Appropriate uses of DPI technologies do exist. But the applications we have seen thus far are not encouraging, and the burden of proof for their benefit rests squarely with the network operator.


Operators can and will use DPI technology to improve their profits at the expense of their customers. The technology permits network operators to reduce the amount they spend on network upgrades by allowing them to oversell their networks while simultaneously increasing the amount the average customer pays, through the creation of new revenue streams. Or, in marketing language, providers want to “deliver customized service plans that increase customer satisfaction and reduce churn.”

DPI can help alleviate problems of congestion in a network, thus improving the user experience. But at the same DPI technology – the same electronics equipment, in fact – also allows providers to monitor and monetize every use of the Internet, and DPI vendors succeed by developing and marketing this capability. These DPI systems may already be installed in some operators’ networks. Many do not disclose it publicly. Through these secret arrangements, the DPI industry is experiencing remarkable growth. Precedent, motivation and capability all exist for providers of wireline and wireless Internet services to discriminate in the transmission of Internet content in search of new revenue streams. For an operator the advantages far outweigh the concerns of privacy and content filtering that DPI brings along with it.

DPI now offers capabilities far beyond simply protecting Internet users from harm, and the service providers purchasing and installing DPI equipment are well aware of these possibilities. If service providers flip the switch and turn on these control mechanisms, it might mean the end of the net neutrality as we know it!

SOURCE: dpacket.org, nodpi.org

Categories: Broadband, Net neutrality
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: