Hello all, We have had a number of DPI boxes (SCE8080) sitting in the access network for a while now, so far they served mainly for congestion management and such, and are wondering if there are some real use case in the fine-grained service control land (as the vendors keep whispering in out ears...) Anyway, we are reviewing a couple of service manager solutions, but I would like to hear from you operators, what actual use cases have you seen in the field (if any) for DPI'ing user sessions, considering we are mostly a DSL shop. thanks in advance, cl.
Hi, On Wed, Oct 5, 2011 at 1:11 PM, Claudio Lapidus <clapidus@gmail.com> wrote:
what actual use cases have you seen in the field (if any) for DPI'ing user sessions, considering we are mostly a DSL shop.
I've seen tyrannical governments use Bluecoat's to crack down on their own population(*). Was this the sort of use-case you were looking for? :) Best, Martin (*) http://tcxsyria.ceops.eu/95191b161149135ba7bf6936e01bc3bb
Hello, On Thu, Oct 6, 2011 at 8:00 PM, Martin Millnert <millnert@gmail.com> wrote:
I've seen tyrannical governments use Bluecoat's to crack down on their own population(*). Was this the sort of use-case you were looking for? :)
Ummm, not really... :) Actually, we've been faced with proposals to build services based on traffic classification, like e.g. "access our own webmail and all social networking sites, but not skype and video" or the capability to do exact metering based on net traffic time or volume, as well as being able to redirect the customer to various captive portals using HTTP redirect directly from the DPI box, and such. What I'm interested to know, is if someone has actually had some success with service offerings like these, or if it can be used to implement some other kind of value-added service in the network access provider field. I am fully aware of the net-neutrality implications this might have, but anyway, putting that aside for a moment, I would like to explore the possibilities that this technology brings in. thanks again, cl.
I've seen these used for two purposes over the years: 1) Repressive nation states. 2) ISPs/Universities who want to "shape" their bandwidth to prevent certain traffic types from consuming everything. 3) Integrated with enhanced caching solutions to serve content locally and save bandwidth (Web cache). Use case #2 is becoming less and less common ISP industry wide. More and more consumptive activities are switching away from quasi-legitimate "throttle it and see if anyone complains" type activities (bittorrent/Peer2Peer), and more and more towards legitiamte, high consumption, HTTP based traffic, where subscribers would have a fit. Net neutrality rules in some countries are limiting this behavior further (such as Skype blocking). Furthermore, industry wide pay-as-you-use and unlimited access with bandwidth caps is becoming more prevalent among wired and wireless SPs. Your use case is not beyond the possibility of full DPI, but a transparent proxy box of some nature would be sufficient for most of that. Usage limits on the other hand is often easier done via your AAA accounting/radius solution, including policing/shaping/cutting users off/billing for overages. Ohh, and these boxes often make pretty pictures, graphs, and reports. On Fri, Oct 7, 2011 at 10:20 AM, Claudio Lapidus <clapidus@gmail.com> wrote:
Hello,
On Thu, Oct 6, 2011 at 8:00 PM, Martin Millnert <millnert@gmail.com> wrote:
I've seen tyrannical governments use Bluecoat's to crack down on their own population(*). Was this the sort of use-case you were looking for? :)
Ummm, not really... :)
Actually, we've been faced with proposals to build services based on traffic classification, like e.g. "access our own webmail and all social networking sites, but not skype and video" or the capability to do exact metering based on net traffic time or volume, as well as being able to redirect the customer to various captive portals using HTTP redirect directly from the DPI box, and such.
What I'm interested to know, is if someone has actually had some success with service offerings like these, or if it can be used to implement some other kind of value-added service in the network access provider field.
I am fully aware of the net-neutrality implications this might have, but anyway, putting that aside for a moment, I would like to explore the possibilities that this technology brings in.
thanks again, cl.
On Fri, Oct 7, 2011 at 12:44 PM, PC <paul4004@gmail.com> wrote:
Your use case is not beyond the possibility of full DPI, but a transparent proxy box of some nature would be sufficient for most of that. Usage limits on the other hand is often easier done via your AAA accounting/radius solution, including policing/shaping/cutting users off/billing for overages.
Ohh, and these boxes often make pretty pictures, graphs, and reports.
one wonders at the cost of these sorts of solutions relative to just link upgrades as well... for some deployments +1gbps capable boxes in redundant configs are far more expensive as compared with just upgrading 1gbps -> 10gbps ...
Le samedi 08 octobre 2011 à 05:57 +0900, Randy Bush a écrit :
Actually, we've been faced with proposals to build services based on traffic classification, like e.g. "access our own webmail and all social networking sites, but not skype and video"
you're on the wrong list. this list is about the internet.
good point; +1 mh
randy
I imagine that those proposals are not from users … I would add "tyrannical" telcos cracking down on their own customers. -as On 7 Oct 2011, at 14:20, Claudio Lapidus wrote:
Hello,
On Thu, Oct 6, 2011 at 8:00 PM, Martin Millnert <millnert@gmail.com> wrote:
I've seen tyrannical governments use Bluecoat's to crack down on their own population(*). Was this the sort of use-case you were looking for? :)
Ummm, not really... :)
Actually, we've been faced with proposals to build services based on traffic classification, like e.g. "access our own webmail and all social networking sites, but not skype and video" or the capability to do exact metering based on net traffic time or volume, as well as being able to redirect the customer to various captive portals using HTTP redirect directly from the DPI box, and such.
Apparently Telcos are faced with implementing the following algorithm to create value-added services: - Take service S with provides value Y - Artificially remove value, creating new service V - Price V at the same level as S - Offer old S at a higher price point and market it as a "value added" service, compared to V One would have thought that "value added" referred to well, *adding* value to what already exists, not rehashing current offers and artificially limiting them. But then again, I don't think like a marketing person. If you want a funny look at a not-so-funny and grim possible future scenario, you might want to read this: http://www.nlnetlabs.nl/~olaf/LACNIC_XVI_Meat_and_Greed.pdf regards Carlos On Mon, Oct 10, 2011 at 1:59 PM, Arturo Servin <arturo.servin@gmail.com> wrote:
I imagine that those proposals are not from users …
I would add "tyrannical" telcos cracking down on their own customers.
-as
On 7 Oct 2011, at 14:20, Claudio Lapidus wrote:
Hello,
On Thu, Oct 6, 2011 at 8:00 PM, Martin Millnert <millnert@gmail.com> wrote:
I've seen tyrannical governments use Bluecoat's to crack down on their own population(*). Was this the sort of use-case you were looking for? :)
Ummm, not really... :)
Actually, we've been faced with proposals to build services based on traffic classification, like e.g. "access our own webmail and all social networking sites, but not skype and video" or the capability to do exact metering based on net traffic time or volume, as well as being able to redirect the customer to various captive portals using HTTP redirect directly from the DPI box, and such.
-- -- ========================= Carlos M. Martinez-Cagnazzo http://www.labs.lacnic.net =========================
participants (8)
-
Arturo Servin
-
Carlos Martinez-Cagnazzo
-
Christopher Morrow
-
Claudio Lapidus
-
Martin Millnert
-
Michael Hallgren
-
PC
-
Randy Bush