Networking and cybersecurity vendors’ view on open-source DPI in 2024

Christine Lorenz portrait

By Christine Lorenz
Published on: 17.07.2024

The DPI market has been growing rapidly in recent years, in tandem with the growth in IP traffic across the globe. By 2027, the DPI market is expected to reach USD 20.8 billion, growing at a CAGR of 25.0% from just USD 4.4 billion in 2020.1 A notable segment within DPI is open-source DPI, which is rivalled by commercial and in-house DPI offerings. Open-source DPI plays a particularly important role in the DPI market, simply because it provides an affordable and simplistic deployment option. This, in turn, propagates the use of DPI in vendor solutions and various networking use cases.

To take a deeper dive into the dynamics of open-source DPI deployments, we conducted a survey earlier this year. The aim was to understand the motivations and experiences among vendors when it comes to using open-source DPI. We interviewed 48 vendors in the networking, cybersecurity and analytics segments, who have or are currently using open-source DPI. The results are presented in our latest report, ‘State of open-source DPI: Challenges, opportunities and alternatives’. As expected, the report uncovered some very insightful findings that serve as a great guidance for vendors contemplating on choosing open-source DPI, as well as those looking for alternatives.

Works great for protocols, but falls short in terms of applications and services

Open-source DPI proves to perform well when it comes to protocol detection. According to the report, 78.3% of respondents agree to its ability to identify protocols (e.g. HTTP/S, BitTorrent, SIP/RTP and MTProto) comprehensively. However, when it comes to applications (e.g. Teams, Microsoft365, Discord and Skype) and service types (e.g. file backups, video downloads and video calling), only 28.3% of vendors think that open-source DPI provides comprehensive classification. This finding underscores issues with application awareness when open-source DPI is used for traffic analysis, jeopardizing vendors’ ability to execute application-based policies for networking or security purposes. For example, the steering of traffic by type of application – where high priority traffic is channeled via premium routes, and low priority traffic is delivered via standard pathways – can no longer be executed by SD-WAN or SASE gateways.

Addressing encryption perils

Open-source DPI projects, as a community-driven initiative, are led by a maintaining organization and supported by a network of users. The codes are worked on by multiple parties and enhancement cycles rely on the availability of resources and experts who can lend their time to developing the codes. This has an implication on the effectiveness of open-source DPI in addressing emerging trends in traffic management.

Take encryption for example. Emerging encryption protocols, such as TLS 1.3, DoX, ESNI and ECH, have rapidly eroded the information that is available to DPI-based monitoring tools. This is due to the fact that previously visible information, such as handshake and packet metadata, are no longer readable. Commercial DPI providers have improved their inspection mechanisms to incorporate AI-based techniques that can determine the underlying protocols, applications and service types despite encryption or obfuscation. Open-source DPI, however, is yet to catch up in this aspect, evident by the limited use of AI-based techniques. Only 31.1% of vendors cite the use of machine learning (ML) and deep learning (DL) in open-source DPI, says the report.

Open-source DPI can mean more security hazards

Respondents of the survey also expressed a number of security concerns related to open-source DPI. Topping the list of concerns are the risks originating during customization, where users modify or edit the codes to align DPI outputs to their use cases. Other significant risks come from code errors or bugs, and the use of untested versions. Most of these concerns stem from the free use of open-source DPI which allows anyone to experiment with its codes, without the backing of a specialist team that is dedicated to ensuring its accuracy, efficacy and correct application.

Adding to the list of concerns plaguing open-source DPI users is poor or limited customer service and support. As a public initiative, customer service and support is typically provided as an add-on service, but is limited by the resources available to the maintaining organization or other third-parties who offer such services. The survey saw 71.3% of vendors rating customer service and support provided by open-source DPI as either poor or limited. This shortfall in customer service can have a significant impact on complex, large-scale deployments as delays in diagnosis of issues or updates can lead to major processing latencies that impact the entire network.

The good news: a migration assistant cuts downs transitioning complexities for open-source DPI users

At ipoque, we take immense pride in how far DPI has come over the last decade, thanks to the collective effort of all players in the ecosystem, including open-source providers. As the DPI market expands to encompass many new use cases, for example, IIoT, WiFi 6 and 6G, we see the importance of providing users with the best option in the market, to suit their growth requirements.

Recognizing this need, we offer a DPI migration assistant that eases vendors’ transitioning from any open-source DPI tool to our popular OEM DPI engine, R&S®PACE 2. The migration assistant translates classification outputs from R&S®PACE 2 into the same information structure that is used in open-source DPI, ensuring zero disruption in vendor operations. It enables vendors to experience, almost immediately, R&S®PACE 2’s high-speed performance, coupled with a low memory footprint, for a lean, yet powerful implementation that fulfils vendors’ growth requirements. R&S®PACE 2’s traffic classification additionally leverages advanced statistical, heuristic and behavioral analysis, and ML and DL techniques that ensure accurate detection of flows despite encryption, obfuscation or anonymization.

ipoque’s DPI technology allows vendors to access a wide range of enhanced features, including the ability to define custom signatures and detect tethering activity. ipoque’s OEM DPI modules also come with first packet classification and a plug-in that automatically translates DPI outputs into records that are compatible with IPFIX/NetFlow records.

Are you ready?

With more than eight out of ten (82.2%) vendors agreeing that a migration tool impacts their decision to upgrade to commercial DPI, ipoque’s migration assistant is expected to spur this development. This creates an opportunity for vendors to access the latest libraries developed in the most stringent quality assurance process, and the best customer service, without worrying about massive reconfiguration and extensive reintegration. Vendors will undoubtedly appreciate having 24/7 global support from a team of dedicated experts, in addition to enjoying flexible SLAs and hands-on training.

If you are a vendor contemplating on procuring or upgrading your DPI solution, you should not miss our latest report ‘State of open-source DPI: Challenges, opportunities and alternatives’ discussing the strengths and challenges of open-source DPI, vendor migration trends and various factors you should consider in evaluating a DPI solution.

Sources:

[1] Business Research Insights - Deep Packet Inspection (Dpi) Market Report Overview

Christine Lorenz portrait

Christine Lorenz

Contact me on LinkedIn

Christine is DPI marketing expert at ipoque, joining the company in 2013. With her background in marketing communications, she is passionate about making people aware of the capabilities of traffic analytics and DPI use cases. Christine is a lover of Vietnamese food and spends most of her spare time running and cycling, exploring nature and the outdoors.

ipoque blog - discover the latest news and trends in IP network analytics

Sign up for the ipoque newsletter

Stay informed about the latest advances and trends in
deep packet inspection and network traffic visibility