DPI deployment use case

PC paul4004 at gmail.com
Fri Oct 7 16:44:45 UTC 2011

I've seen these used for two purposes over the years:

1) Repressive nation states.

2) ISPs/Universities who want to "shape" their bandwidth to prevent certain
traffic types from consuming everything.

3) Integrated with enhanced caching solutions to serve content locally and
save bandwidth (Web cache).

Use case #2 is becoming less and less common ISP industry wide.  More and
more consumptive activities are switching away from quasi-legitimate
"throttle it and see if anyone complains" type activities
(bittorrent/Peer2Peer), and more and more towards legitiamte, high
consumption, HTTP based traffic, where subscribers would have a fit.  Net
neutrality rules in some countries are limiting this behavior further (such
as Skype blocking).  Furthermore, industry wide pay-as-you-use and unlimited
access with bandwidth caps is becoming more prevalent among wired and
wireless SPs.

Your use case is not beyond the possibility of full DPI, but a transparent
proxy box of some nature would be sufficient for most of that.  Usage limits
on the other hand is often easier done via your AAA accounting/radius
solution, including policing/shaping/cutting users off/billing for overages.

Ohh, and these boxes often make pretty pictures, graphs, and reports.

On Fri, Oct 7, 2011 at 10:20 AM, Claudio Lapidus <clapidus at gmail.com> wrote:

> Hello,
> On Thu, Oct 6, 2011 at 8:00 PM, Martin Millnert <millnert at gmail.com>
> wrote:
> > I've seen tyrannical governments use Bluecoat's to crack down on their
> > own population(*).
> > Was this the sort of use-case you were looking for? :)
> >
> Ummm, not really... :)
> Actually, we've been faced with proposals to build services based on
> traffic
> classification, like e.g. "access our own webmail and all social networking
> sites, but not skype and video" or the capability to do exact metering
> based
> on net traffic time or volume, as well as being able to redirect the
> customer to various captive portals using HTTP redirect directly from the
> DPI box, and such.
> What I'm interested to know, is if someone has actually had some success
> with service offerings like these, or if it can be used to implement some
> other kind of value-added service in the network access provider field.
> I am fully aware of the net-neutrality implications this might have, but
> anyway, putting that aside for a moment, I would like to explore the
> possibilities that this technology brings in.
> thanks again,
> cl.

More information about the NANOG mailing list