What is DPI?
Deep packet inspection (DPI), also called complete packet inspection and information extraction (IX) is a technique for inspecting data in order to identify and filter out malware and other unwanted traffic.
Each data packet includes both its own content and a set of headers that control how it is handled by routers and other devices as it is transmitted across the internet. DPI is a method that inspects not only the packet’s multiple headers, but also the actual data content of the packet. DPI can search for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination. This makes it a critical tool for advanced IT security.
Deep Packet Inspection (and filtering) enables advanced network management, user service, and security functions as well as internet data mining, eavesdropping, and internet censorship. DPI is used in a wide range of enterprise-level applications, by telecommunications service providers, and by governments.
In the age of fast-evolving advanced threats and zero-day attacks, DPI is also a critical and fundamental aspect of an effective network security strategy.
PROTEI DPI is a packet processing platform with deep packet inspection capabilities allowing to efficiently manage utilization of network resources and provide new value generating services.
PROTEI DPI performs policy enforcement on a per-subscriber per-flow basis. All the traffic flows traversing through the system are classified by means of signature and statistical analysis and are associated with a service e.g. «Social networking» or «VoIP». A policy rule appropriate for the service is retrieved from a PCRF or other external policy server and is applied to the flow. Policy rules define whether the flow shall be blocked or allowed, bandwidth, available for the flow and its priority to solve conflicts between flows. In case of overload flows with higher priority are allocated with the required throughput while other flows are throttled thus ensuring guaranteed level of service quality.
- Maximum efficiency of bandwidth usage.
- Suitable for fixed and mobile broadband networks including LTE.
- Signature-based and statistical-based detection of application layer protocols.
- Support of 2700 protocols and 6000 protocol parameters.
- Value added services providing.
- Efficient policy management.
- Flow-based and event-based real-time charging.
- Dynamic congestion control using subscriber priorities.
- Embedded user-friendly tools for system maintenance, collecting statistics and channel monitoring.
- Flexible settings of charging and policy rules.
- Integration with PCRF and external databases via Gx or via XML.
- 1+1 active redundancy, hardware bypass.
- Hardware and software developed by PROTEI.
- Signature-based and statisticcs-based detec-tion of application layer protocols including P2P, IM, E-mail, Voice/Video over IP, streaming,gaming, web and security.
- Traffic filtering by black/white lists or site categories.
- Real-time charging via Gy, periodical per-service quota, Gx usage monitoring.
- Policy enforcement by bit rate limitation and priority control on a per-subscriber per-flow basis.
- Configurable charging and policy rules by different parameters (time, date, location,terminal type, tariff options, traffic volume and others).
- Tethering detection, fraud prevention, SPAM blocking.
- Traffic forwarding to VAS platforms and redi-rection to partners’ resources.
- WEB-based statistical and configuration inter-face, CSV UDR files, online channel monitoring.
- Subscribers’ notification about tariffs, quotas and service options.
PROTEI DPI 20
PROTEI DPI 40
|Throughput||20 Gbps Fulldulex||20 Gbps Fullduplex|
|Flows per second||250K||250K|
|Number of channels||7x10GE||16x10GE, 4x40GE|
|Interfaces||1000 Copper, 10GE Fiber||10GE Fiber, 40GE Fiber QSFP+|
|Hardware||X86 server with PCI-E interface board||1 rack unit (RU), 19’’ rack-mounted|