The network broadband technology brings about not only a lot of opportunities but also a lot of problems to the operators. For example, because broadband services cannot be identified, broadband services are difficult to manage; content-based charging cannot be performed; and information security requirements cannot be met. To solve these problems, a deep packet inspection (DPI) technology emerges.
DPI is a new technology relative to the common packet inspection technology. The common packet inspection technology analyzes only the contents below the application layer in an IP packet. That is, the common packet inspection technology performs flow classification on the received packets according to the 5-tuple of packets, and determines the flow type of each packet. The 5-tuple of packets includes source address, destination address, source port, destination port, and protocol type. The DPI technology, however, further identifies packets of the flow types related to DPI. The identification process includes: analyzing packets at the application layer or performing deep flow inspection (DFI) on the packets, and identifying the service type and/or contents of packets corresponding to each flow type; and performing DPI filtering on the packets corresponding to the flow type according to the identified service type and/or contents, for example, discarding the packets according to a DPI policy if viruses are detected in the contents of the received packets. It should be noted that the steps of performing DFI on the packets and identifying the service type and/or contents of the packets belong to the DFI technology. In the embodiments of the present invention, DPI and DFI are uniformly called “DPI technology”.
The preceding DPI process is performed by a DPI server. FIG. 1 is an architecture diagram of a network where a DPI server is located in the prior art. As shown in FIG. 1, the DPI server is configured at the edge between the core network and the access network, for example, on an IP edge or a service router of the edge between the core network and the access network. The access network may include multiple access nodes (ANs), each of which may receive packets sent from a lot of user equipments (UEs) on a customer premises network (CPN). That is, all the packets from the access network are processed by the DPI server, so that the DPI server has to process a large quantity of packets. Therefore, the DPI server may fail to process the packets on a real-time basis. In addition, the DPI server should have powerful centralized processing capabilities.