Table of Contents
DPI. Traffic Structure Definition and Flexible Traffic Management
Why DPI is used in practice:
- Reduces the impact of network congestion on the user, improving the user experience, thereby enhancing the accessibility of critical applications such as video, online games, and business tools.
- Saves uplink bandwidth—helps utilize bandwidth more effectively and establish direct routes (peering) with the most demanded resources.
- Ensures better service for a group of users (e.g., B2B).
- Can block illegal content or services (e.g., certain messengers).
Let's check it in tests:
Test 1. DPI Statistics Overview: Traffic Structure and Network Metrics Data
Test 2. Prioritization and Blocking Setup by Application Protocol for Shared Bandwidth
Test 3. Uplink Speed Limitation Without Deteriorating Critical Service Quality
Test Conditions:
- SSG setup “inline.”
- A PC with internet connected via DPI with a Torrent client installed. You can download it at https://www.utorrent.com/downloads/complete/track/stable/os/win/.
- An account in the WhatsApp messenger. The web version is required on the test PC (https://web.whatsapp.com/) or the app on a smartphone connected to the internet via DPI.
Testing is performed in the SSG graphical interface.
Test 1. DPI Statistics Overview: Traffic Structure and Network Metrics Data
- Top protocols in the network
- List of "problematic" subscribers
- Key AS
- Data export
Exploring this data is useful for making informed decisions about network policy settings. This section contains many critical operational data, but for testing, the most illustrative data is selected.
- Open the QoE Analytics/Dashboard section. Here, you can display and configure all necessary metrics for easy control as numeric indicators or charts. In the top menu, you can select the statistics period, defaulting to 2 hours.
- Navigate to the "Netflow" section. In the right part of the screen, find the "Reports" section, and expand the "Traffic Speed" list
- Analyze traffic by application protocols, highlighting the most popular protocols by bandwidth and traffic volume:
The top list and graphs display the most important protocols, showing their "weight" and activity periods. - Analyze traffic by groups of application protocols. The system identifies thousands of protocols. To avoid analyzing and configuring each separately, our developers grouped them.
The idea is similar to individual protocols but works with entire groups (categories). - Analyze traffic by autonomous systems.
This analysis is essential for optimizing network routes and deciding on peering with systems with the most active traffic exchange. - Examine the RTT (Round Trip Time, packet transmission delay) section
The graph shows most subscribers with low latency on the left. When the "hump" shifts rightward, it may signal network issues. Data can be collected over time or by subscribers, aiding in technical support for "problematic" users. - Test data export to Excel for detailed analysis
Exporting enriches the operator’s data or aggregates multiple metrics into one database.
Test 2. Prioritization and Blocking Setup by Application Protocol for Shared Bandwidth
- Limiting bandwidth for a specific subscriber
- Blocking web resources by protocol
- Improving critical resource availability under bandwidth constraints
Preparation:
- Select several protocols to work with. For example, block WhatsApp, limit Bittorrent, and increase YouTube video priority.
- Record the current state of selected services before starting the tests:
- WhatsApp — messages, audio, and video calls pass through.
- Bittorrent — files download successfully.
- YouTube — 4K video plays without interruptions.
SSG Configuration:
- To make the test illustrative, limit the channel for the test user to 30 Mbps:
- Go to the DPI Management → Tariff Plans section.
- In the Tariffs field, create a new tariff plan via "+", Name the plan "30", set Incoming — 30 Mbps, Outgoing — 30 Mbps;
- Add the test user to the system.
- Assign the test tariff to the user
- Measure internet speed on the test PC using any speed test service, e.g., https://www.speedtest.net/
- Check application performance without prioritization:
- Start downloading 2 or more torrents.
- Play 4K video on YouTube
The video may lag due to torrents consuming the bandwidth.
- Configure priorities. Go to DPI Management → Protocol Prioritization
- Add signatures for the test scenario to the "Protocol" column. When adding each protocol, assign it a class in the "DSCP Value" column:
- dns – cs0
- youtube – cs1
- default – cs2
- whatsapp – drop
- whatsapp_voice – drop
You can assign a class from cs0 to cs7, or drop: - cs0 — highest priority class
- cs7 — lowest priority class
- drop — blocks the protocol traffic
In this configuration, DNS services will have the highest priority, YouTube will have medium priority, and all other traffic (default) will have the lowest priority, while WhatsApp (both calls and other app functions) will be unavailable.
- After configuration, save and "update hot parameters".
The protocol prioritization by common channel is completed.
Result:
Conduct tests:
- WhatsApp — no connectivity; messages and calls fail on both desktop and smartphone connected to WiFi.
On the smartphone, disable mobile data usage to prevent WhatsApp from switching to the mobile network when WiFi is blocked. - Bittorrent — start downloading a new torrent (important since DPI policies apply only to new sessions), measure speed before and after playing a YouTube video. The download speed should significantly decrease when the YouTube video plays. Set the video quality to 4K. Torrents should not affect video playback quality.
Test 3. Uplink Speed Limitation Without Deteriorating Critical Service Quality
In this mode, DPI prevents "uplink bursts" during peak subscriber loads.
- Limiting bandwidth for all subscribers
- Allocating limited bandwidth
- Working with protocol categories
Preparation:
- Remove or disable all SSG policy settings from previous tests, eliminating prioritization and bandwidth limitations.
- Simultaneously enable several "heavy" internet applications, e.g.:
- Multiple torrent downloads.
- 4K YouTube video playback.
- Perform several Speedtest measurements.
- Measure traffic peaks. This can be done using any tool, including the QoE module in SSG, which has a corresponding dashboard chart. Running applications will occupy the entire physical bandwidth, potentially working poorly due to channel contention.
SSG Configuration:
- Prioritize critical protocols; test the function of protocol group management.
- Go to DPI Management → Protocol Prioritization
- Assign classes to protocol groups in the column "The value of DSCP". Classes range from cs0 (highest priority) to cs7 (lowest), with "drop" blocking the protocol. Assign high priority (cs0) to VoIP applications, Video, and messenger groups, and low priority (cs7) to the P2P group.
- Save and "update hot parameters."
- Set an upper bandwidth limit of 30 Mbps for all users:
- Go to Main Menu → SSG control → Configuration → External channels’ usage optimization;
- Use the "Autocomplete" button and set the limit to 30 Mbps.
Configuration of protocol group prioritization for the total bandwidth is complete.
Result:
Perform tests:
- Repeat the action — run several "heavy" internet applications simultaneously, for example:
- multiple torrent downloads
- 4K video on Rutube
- run multiple speed tests in Yandex Internetometer
- Measure traffic peaks. Peaks should not exceed the configured maximum value. Measurement can be done using an external service or the built-in "Traffic speed" widget in the QoE dashboard.
- Despite bandwidth limitation, video and communication services should operate normally. When starting Rutube video, you can check BitTorrent downloads — their speed should decrease.