1. Field of the Invention
This invention relates generally to packet based communications using deep packet inspection (DPI).
2. Description of Related Art
In its existing form, DPI is a sort of computer network packet filtering that examines data and/or header part of a packet as it passes an inspection point, searching for non-protocol compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. DPI is also sometimes called Content Inspection or Content Processing. DPI is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.
DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures as well as the actual payload of the message. The DPI will identify and classify the traffic based on a signature database that includes information extracted from the data part of a packet, allowing finer control than classification based only on header information.
A classified packet can be redirected, marked/tagged (see QoS), blocked, rate limited, and of course reported to a reporting agent in the network. In this way, HTTP errors of different classifications may be identified and forwarded for analysis. Many DPI devices can identify packet flows (rather than packet-by-packet analysis), allowing control actions based on accumulated flow information.
DPI allows phone and cable companies to readily know the packets of information a user is receiving online, from e-mail, to websites, to sharing of music, video and software downloads as would a network analysis tool. This is the approach that cable operators and ISPs use to dynamically allocate bandwidth according to traffic that is passing through their networks. Thus, for example, a higher priority can be allocated to a VoIP call versus web browsing.
DPI is also increasingly being used in security devices to analyze flows, compare them against policy, and then treat the traffic appropriately (i.e., block, allow, rate limit, tag for priority, mirror to another device for more analysis or reporting). Since the DPI device looks at each individual packet, it can be used by ISPs to provide or block services on a user by user basis.
The foregoing objects and advantages of the invention are illustrative of those that can be achieved by the various exemplary embodiments and are not intended to be exhaustive or limiting of the possible advantages which can be realized. Thus, these and other objects and advantages of the various exemplary embodiments will be apparent from the description herein or can be learned from practicing the various exemplary embodiments, both as embodied herein or as modified in view of any variation that may be apparent to those skilled in the art. Accordingly, the present invention resides in the novel methods, arrangements, combinations, and improvements herein shown and described in various exemplary embodiments.