Saturday, August 02, 2008

Deep packet inspection

What the telecom industry will do about DPI

Based on public perception, Deep Packet Inspection would seem to be a technology either headed for the scrap heap or doomed to very limited applications.

Well-documented problems with how DPI is used have many, including the American Civil Liberties Union, questioning whether this technology, which allows ISPs to look at each packet they transport and know where it comes from, where it is going, and which subscribers and applications are involved, isn’t too dangerous to be widely deployed and used.

“If DPI is built everywhere, will we see the govt. try to force ISPs or search companies to turn over data or create a back door for the government – targeted warrants and requests?” said Timothy Sparapani, ACLU senior legislative counsel. “I don’t think people expect there to be a gatekeeper or recording monitoring their Internet activity.”

That’s why the ACLU and others have argued in Congressional hearings for limits on what telecom service providers can do with DPI.

Telecom industry officials, particularly those who have developed products which use DPI or something similar to enable new applications and services believe that is throwing the baby out with the bath water.

“It’s as if somebody took a hammer and broke into a store and stole some cash and Congress says ‘We are going to outlaw hammers’,” said Kevin Walsh, vice president of marketing for Zeugma, which makes an edge services router that uses Deep Session Inspection, a sister to DPI.

One way Zeugma is avoiding the controversy around DPI is to limit what its product does in potentially controversial areas such as throttling peer-to-peer traffic. Other vendors “are probably doing a noble thing trying to identify peer-to-peer traffic, which is a moving target,” Walsh said. “We don’t do that -- we don’t do signature libraries for peer-to-peer. We are more focused on identifying traffic types and doing things that promote them, delivering the types of services that seemed to have passed scrutiny. It’s a little bit of political correctness and terminology because DPI is now a bad word to use, and that’s unfortunate.”

Other DPI vendors have also tried to use different terminology to describe their products, but as Peder Jungck, co-founder and CTO of CloudShield, pointed out, there are risks associated with merely renaming the technology.

“We can’t completely run away from the concept,” Jungck said. “The problem I have with running away from the words is, does that mean we are going to have a charade out there between us and consumers? Because consumers are bright, and they can figure out what is doing on. If all we do is come up with a new name, and people go on using it in exactly the same way, then we wind up with the same issues all over again. What needs to be established is, what are the appropriate things that service provides can do or not do?”

A number of DPI vendors have come together to create dpacket.org, a group and a Web site that seeks to offer public information about deep packet inspection, with the hopes of calming fears and showing what the technology can do. Among the founding sponsor companies are Allot Communications, Bivio Networks, Cloudshield, Ellacoya Networks (now part of Arbor Networks), LSI, Qosmos, Sandvine, and Solera Networks.

“This technology was originally intended for service providers, but the marketplace has all of a sudden brought attention that we had never expected,” Jungck said. “We are starting to change our focus – we need to help people understand what we are going. Consumers understand these things – how it is good and where it is not appropriate.”

ATIS, the U.S. organization focused on telecom standards, is also preparing to tackle DPI, through its Packet Technologies and Systems Committee (PTSC).

Allot, which incorporated DPI into a service gateway, is addressing the issues head on, said Cam Cullen, director of product marketing and product management, and isn’t seeing any abatement in demand.

“We aren’t seeing any slowdown,” Cullen said. “For us, we know what our product is and what it does and our introduction of service gateway product put our stake in the ground as to where we are going. We are seeing a rise in the need to offer application-based services.”

If, as many believe, the industry moves more toward usage-based billing or tiered services, DPI is likely to play an important role in enabling service providers to manage their networks while offering the differing service levels, much as U.K. ISP PlusNet does today.

Of course, tiered services in and of themselves are likely to set off another firestorm of protest from those who support Net Neutrality and believe service tiers are inherently unfair.

No comments: