In telecommunications networks, inspection of a payload section of data packets may be used for enabling smarter network decisions, e.g., with respect to controlling data traffic. For example, the inspection may be used as a basis for providing differentiated treatment of traffic based on potentially complex characteristics of the data traffic itself. This differentiated treatment may involve acting on the data traffic itself, e.g., by discarding data packets, modifying data packets, throttling transmission rates, or the like. Further, the differentiated treatment may involve taking actions related to the data traffic, e.g., charging or replication of the data traffic for law enforcement purposes or monitoring. Such inspection of payload may be implemented as Deep Packet Inspection (DPI). DPI functionalities may for example be integrated in nodes conveying user plane traffic, e.g., in a gateway or transport node.
However, DPI may require significant amounts of processing resources. Accordingly, implementation of DPI in a node conveying user plane traffic may result in performance degradation of functionalities needed for conveying the user plane traffic. Such performance degradation may be up to several orders of magnitude.
In addition, the processing load caused by DPI may depend strongly not only on the complexity of implemented inspection algorithms, but also on the nature of inspected data traffic. For example, a high proportion of data traffic which is “easy to classify” may lead to relatively low processing load, while a high proportion of data traffic which is “hard to classify” may lead to a processing load which is significantly higher, e.g., up to several orders of magnitude, even if the absolute amount of conveyed data traffic remains unchanged. Although a statistical distribution of data traffic between “easy to classify” and “hard to classify” may be assumed as a general rule, this may alleviate high load variance within relatively short periods of time, but typically does not alleviate impacts from new traffic patterns or addition of complex services. For instance, the dissemination of a new virus/worm requiring complex detection rules, or the success of a new peer-to-peer product may significantly increase DPI load on a rather short time scale.
DPI may also be implemented in specialized nodes. Such nodes may be optimized for DPI and offer sufficiently high processing resources. However, as additional devices such specialized nodes typically require high-capacity network ports for transfer of the user plane data traffic. This applies to the specialized node itself, but also to other nodes connected to the specialized node. Such high-capacity network ports may contribute significantly to the overall cost of a node. Further, such specialized nodes are typically designed to offer processing resources which are sufficient to perform also very complex inspection and classification algorithms at high speed, which may result in significant costs for a given throughput of user plane data. In scenarios where the user plane data traffic has a high proportion of “easy to classify” data the expensive hardware of the specialized node would be utilized inefficiently. Moreover, such a specialized node may constitute an additional potential point of failure and add complexity to any high-availability transport network design.
Accordingly, there is a need for techniques which allow for efficiently inspecting traffic in a telecommunications network.