We have had a number of DPI boxes (SCE8080) sitting in the access network
for a while now, so far they served mainly for congestion management and
such, and are wondering if there are some real use case in the fine-grained
service control land (as the vendors keep whispering in out ears...) Anyway,
we are reviewing a couple of service manager solutions, but I would like to
hear from you operators, what actual use cases have you seen in the field
(if any) for DPI'ing user sessions, considering we are mostly a DSL shop.
I've seen tyrannical governments use Bluecoat's to crack down on their
own population(*).
Was this the sort of use-case you were looking for?
Ummm, not really...
Actually, we've been faced with proposals to build services based on traffic
classification, like e.g. "access our own webmail and all social networking
sites, but not skype and video" or the capability to do exact metering based
on net traffic time or volume, as well as being able to redirect the
customer to various captive portals using HTTP redirect directly from the
DPI box, and such.
What I'm interested to know, is if someone has actually had some success
with service offerings like these, or if it can be used to implement some
other kind of value-added service in the network access provider field.
I am fully aware of the net-neutrality implications this might have, but
anyway, putting that aside for a moment, I would like to explore the
possibilities that this technology brings in.
I've seen these used for two purposes over the years:
1) Repressive nation states.
2) ISPs/Universities who want to "shape" their bandwidth to prevent certain
traffic types from consuming everything.
3) Integrated with enhanced caching solutions to serve content locally and
save bandwidth (Web cache).
Use case #2 is becoming less and less common ISP industry wide. More and
more consumptive activities are switching away from quasi-legitimate
"throttle it and see if anyone complains" type activities
(bittorrent/Peer2Peer), and more and more towards legitiamte, high
consumption, HTTP based traffic, where subscribers would have a fit. Net
neutrality rules in some countries are limiting this behavior further (such
as Skype blocking). Furthermore, industry wide pay-as-you-use and unlimited
access with bandwidth caps is becoming more prevalent among wired and
wireless SPs.
Your use case is not beyond the possibility of full DPI, but a transparent
proxy box of some nature would be sufficient for most of that. Usage limits
on the other hand is often easier done via your AAA accounting/radius
solution, including policing/shaping/cutting users off/billing for overages.
Ohh, and these boxes often make pretty pictures, graphs, and reports.
one wonders at the cost of these sorts of solutions relative to just
link upgrades as well... for some deployments +1gbps capable boxes in
redundant configs are far more expensive as compared with just
upgrading 1gbps -> 10gbps ...
Actually, we've been faced with proposals to build services based on
traffic classification, like e.g. "access our own webmail and all
social networking sites, but not skype and video"
you're on the wrong list. this list is about the internet.
> Actually, we've been faced with proposals to build services based on
> traffic classification, like e.g. "access our own webmail and all
> social networking sites, but not skype and video"
you're on the wrong list. this list is about the internet.
Apparently Telcos are faced with implementing the following algorithm
to create value-added services:
- Take service S with provides value Y
- Artificially remove value, creating new service V
- Price V at the same level as S
- Offer old S at a higher price point and market it as a "value added"
service, compared to V
One would have thought that "value added" referred to well, *adding*
value to what already exists, not rehashing current offers and
artificially limiting them.
But then again, I don't think like a marketing person.
