About a year ago, I first posted on why many vendors' and operators' strategies for Deep Packet Inspection would fail abysmally. After meeting again with a couple of vendors recently (including London-listed SandVine last week), I'm doubly sure I'm right.
The idea of segmenting network traffic into different applications (web, email, IM, Skype and so on) is completely flawed. It totally fails to recognise that increasing proportions of traffic will be "meta-applications" comprising multiple different components. MySpace pages have streaming (perhaps from YouTube), image, IM, maybe VoIP included in the future. Mashups by definition will include a wide and unpredictable mix of component sub-applications. Ironically, if it succeeds, even IMS services are likely to be ad-hoc mixes of various enabling elements, put together in the carrier marketing department faster than the network policy drones can keep up.
So all these charts with "20% of traffic is X, 30% is Y, 10 % is Z" are nonsense. If the end-user wants "a good Myspace user experience", or even a good "Carrier-based Myspace Clone experience", it will have to deal with the fact that today, there will be YouTube streams in it, maybe tomorrow there will be a Skype VoIP element, and the day afterwards a Google Earth mashup. And the suggestion that a carrier-resident service will only include carrier-optimised component applications is ludicrous.
Put simply, differential application-level filtering / blocking / limiting won't work, as the notion of "application" is evolving too fast to generate & enforce policies.
The only realistic use case in my view for DPI is in very non-granular network integrity protection. "Limit BitTorrent to 50% of traffic on this link, as otherwise there's a risk of failure".
To be fair, SandVine does have another pitch about using its boxes to try and spot security risks like DoS attacks. That's fair enough - that's not "application traffic", it's more the box doing a clever sort of "pattern recognition", which is an entirely different concept. In fact, I suspect that many of the DPI vendors' key IPR is actually in pattern recognition, and they've initially picked "application spotting" as a usage case, perhaps without realising that it only has months to live.