EdgeRouter - Deep Packet Inspection Engine
This article gives a quick overview of how the Deep Packet Inspection (DPI) analysis tool works on EdgeRouters.
Deep Packet Inspection on the EdgeRouter
Starting from the v1.7.0 EdgeOS firmware release, Deep Packet Inspection (DPI) and Traffic Analysis are supported on EdgeRouters. Compared to traditional packet analysis tools which only give a glimpse of packet information such as port number and IP address, DPI is used to analyze and report the actual data contents in the IP packet, in some cases even encrypted traffic. When enabled, the DPI engine drills down to the core of the packet, collecting and reporting information at the Application-layer, such as traffic volume of a particular application used by the host.
Compared to the expensive and slow DPI methods in today’s router market, Ubiquiti’s proprietary DPI tool integrates with EdgeRouter’s hardware offload feature. This means the DPI supports the most common network traffic and protocols, including IPv4, VLAN tags, PPPoE, and more. EdgeRouter works behind the scenes to automatically update these inspection signatures to ensure traffic is categorized as accurately as possible.
DPI can work in conjunction with firewall and QoS policies configured on the EdgeRouter. This means that traffic for certain applications can be dropped or rate limited. Note that by default, the DPI engine recycles data after 30 minutes of inactivity. However, the DPI engine still retains data for any combination of host and application that passes traffic again within 30 minutes of inactivity.
EdgeRouter - How to Create a Firewall Rule Using DPI
EdgeRouter - Hardware Offloading
EdgeRouter - Quality of Service (QoS)