Table of Contents
DPI. Traffic Structure Definition and Flexible Traffic Management
Why DPI is used in practice:
- Reduces the impact of network congestion on the user, improving the user experience, thereby enhancing the accessibility of critical applications such as video, online games, and business tools.
- Saves uplink bandwidth—helps utilize bandwidth more effectively and establish direct routes (peering) with the most demanded resources.
- Ensures better service for a group of users (e.g., B2B).
- Can block illegal content or services (e.g., certain messengers).
Let's check it in tests:
Test 1. DPI Statistics Overview: Traffic Structure and Network Metrics Data
Test 2. Prioritization and Blocking Setup by Application Protocol for Shared Bandwidth
Test 3. Uplink Speed Limitation Without Deteriorating Critical Service Quality
- SSG setup “inline.”
- A PC with internet connected via DPI with a Torrent client installed. You can download it at https://www.utorrent.com/downloads/complete/track/stable/os/win/.
- An account in the WhatsApp messenger. The web version is required on the test PC (https://web.whatsapp.com/) or the app on a smartphone connected to the internet via DPI.
Testing is performed in the SSG graphical interface.
Test 1. DPI Statistics Overview: Traffic Structure and Network Metrics Data
- Top protocols in the network
- List of "problematic" subscribers
- Key AS
- Data export
Exploring this data is useful for making informed decisions about network policy settings. This section contains many critical operational data, but for testing, the most illustrative data is selected.
- Open the QoE Analytics/Dashboard section. Here, you can display and configure all necessary metrics for easy control as numeric indicators or charts. In the top menu, you can select the statistics period, defaulting to 2 hours.
- Navigate to the "Netflow" section. In the right part of the screen, find the "Reports" section, and expand the "Traffic Speed" list
- Analyze traffic by application protocols, highlighting the most popular protocols by speed and traffic volume:
The top list and graphs display the most important protocols, showing their "weight" and activity periods. - Analyze traffic by groups of application protocols. The system identifies thousands of protocols. To avoid analyzing and configuring each separately, our developers grouped them.
The idea is similar to individual protocols but works with entire groups (categories). - Analyze traffic by autonomous systems.
This analysis is essential for optimizing network routes and deciding on peering with systems with the most active traffic exchange. - Examine the RTT (Round Trip Time, packet transmission delay) section
The graph shows most subscribers with low latency on the left. When the "hump" shifts rightward, it may signal network issues. Data can be collected over time or by subscribers, aiding in technical support for "problematic" users. - Test data export to Excel for detailed analysis
Exporting enriches the operator’s data or aggregates multiple metrics into one database.
Test 2. Prioritization and Blocking Setup by Application Protocol for Shared Bandwidth
- Limiting bandwidth for a specific subscriber
- Blocking web resources by protocol
- Improving critical resource availability under bandwidth constraints
Preparation:
- Select several protocols to work with. For example, block WhatsApp, limit Bittorrent, and increase YouTube video priority.
- Record the current state of selected services before starting the tests:
- WhatsApp — messages, audio, and video calls pass through.
- Bittorrent — files download successfully.
- YouTube — 4K video plays without interruptions.
SSG Configuration:
- To make the test illustrative, limit the channel for the test user to 30 Mbps:
- Go to the DPI Management → Tariff Plans section.
- In the Tariffs field, create a new tariff plan via "+", Name the plan "30", set Incoming — 30 Mbps, Outgoing — 30 Mbps;
- Add the test user to the system.
- Assign the test tariff to the user
- Measure internet speed on the test PC using any speed test service, e.g., https://www.speedtest.net/
- Check application performance without prioritization:
- Start downloading 2 or more torrents.
- Play 4K video on YouTube
The video may lag due to torrents consuming the bandwidth.
- Configure priorities. Go to DPI Management → Protocol Prioritization
- Add the protocols from the test service list (WhatsApp, Bittorrent, YouTube in the "Protocol" column). Assign a class in the "DSCP Value" column when adding each protocol. Classes range from cs0 (highest priority) to cs7 (lowest), with "drop" blocking the protocol.
- After configuration, save and "update hot parameters".
The prioritization or blocking configuration by application protocol for shared bandwidth is complete.
Result:
Conduct tests:
- WhatsApp — no connectivity; messages and calls fail on both desktop and smartphone connected to WiFi.
On the smartphone, disable mobile data usage to prevent WhatsApp from switching to the mobile network when WiFi is blocked. - Bittorrent — start downloading a new torrent (important since DPI policies apply only to new sessions), measure speed before and after playing a YouTube video. The download speed should significantly decrease when the YouTube video plays. Set the video quality to 4K. Torrents should not affect video playback quality.
Test 3. Uplink Speed Limitation Without Deteriorating Critical Service Quality
In this mode, DPI prevents "uplink bursts" during peak subscriber loads.
- Limiting bandwidth for all subscribers
- Allocating limited bandwidth
- Working with protocol categories
Preparation:
- Remove or disable all SSG policy settings from previous tests, eliminating prioritization and bandwidth limitations.
- Simultaneously enable several “heavy” internet applications, e.g.:
- Multiple torrent downloads.
- 4K YouTube video playback.
- Download large files from file hosting services.
- Perform several Speedtest measurements.
- Measure traffic peaks. This can be done using any tool, including the QoE module in SSG, which has a corresponding dashboard chart. Running applications will occupy the entire physical bandwidth, potentially working poorly due to channel contention.
SSG Configuration:
- Prioritize critical protocols; test the function of protocol group management.
- Go to DPI Management → Protocol Prioritization
- Assign classes to protocol groups in the "DSCP Value" column. Classes range from cs0 (highest priority) to cs7 (lowest), with "drop" blocking the protocol. Assign high priority (cs0) to IP telephony, VPN, Video, and messenger groups, and low priority (cs7) to the P2P group.
- Save and “update hot parameters.”
- Enable the "Peak bandwidth limit" checkbox and set the bandwidth in Mbps (e.g., 20).
Testing is conducted similarly to Test 2. Torrents should not affect YouTube playback quality. Measure their speed before and during playback.