Traffic Classification & Network DPI – It’s more than IP

In a telecom network, analysis of data flows, historically labelled plays a pivotal role to classify traffic flows from user to internet, providing the basis for routing, advanced usage plans, capacity monitoring, service monitoring for quality of experience and potentially providing the tools to prevent fraud and enforce regulation. In the latter case, telecom rules and regulations for telecom vary from country to country. Further the recent update in the UK from Ofcom may be a precursor to more freedoms on permitted services within the bounds of net neutrality.[1]

In the case of enterprise B2B services setting up specific APNs (or in 5G DNNs) has been the normal practice for data management; in some cases, a Telco may have a thousand enterprise APNs. is a different matter as applications themselves change, making it more complicated than just managing a destination as multiple domains may exist behind a single IP address, with, for example google or amazon having thousands of domains behind an IP address. To create a service (a set of data applications that are allowed to be accessed) using an APN therefore requires more complex application logic. This is further complicated by encryption.

It has been well established that most traffic flows (>96%) are encrypted using the TLS protocol, an extension of public key encryption. This is of clear benefit to end-users as their traffic is both private and secure. However, for the service provider, it is difficult to fulfil service obligations and predictably manage the network if assessment of user/device behaviour is not possible. In effect, in the absence of more sophisticated traffic classification and management solutions, these flows can only be assessed from at IP traffic level and not at an application level, making it difficult to establish new services and use cases.

This example serves as a relevant template for various applications that involve both mapping, ordering, tracking and notification. Other examples of applications that warrant alternate data allowance/usage include:

  • Free Government Sites – for appointments, location and in-app voice calls as part of welfare or low-income tariffs, for example in a universal data service
  • Delivery applications including location and voice calling.
  • Entertainment Apps, video / audio streaming
  • Communication apps e.g. conferencing or personal communication
  • Enterprise / office applications

Inline with a user’s experience these interactions, for example with taxi or delivery applications, could also involve in-app VoIP calling and a natural expectation that the data required for that would be included. Clearly there are regional differences as to what is permitted as well as customer expectations and market competitiveness. The 2022 international benchmark report on zero rating offers,[2] provides more detail about the variety and regional differences in offers.

When seeking to provide a wider range of services for end users, provisioning and switching APNs is not the answer; capabilities to classify traffic flows and recognise application traffic are required  to ensure that a specific package of services is not misused (e.g. using a tariff designed for government services to watch You-tube) and track or audit overall data consumption for each service grouping to assess service usage, administer 3rd party billing and assess profitability or benefit.

The service packages provided to the general public – i.e. access to specific government sites / services that are not counted against a user’s data allowance (Ofcom) require a packet and flow inspection capability that can process the metadata of IP flows, distinguishing both the app and the activity within an app (e.g. switching from messaging to voice).

These situations, further challenged by changing protocols and encryption, give insight into some of the varied use cases that Network DPI serves to address – spanning classification for regulatory enforcement as well as to support commercial services. Critically, it should be noted that these flows cannot be decrypted by intermediate parties (a.k.a man-in-the-middle) to preserve privacy, as a user should expect that their interactions are both private and secure.

There are other simpler cases where additional data allowance/bonus as part of their package to use in whichever way they want. This form of free data, or loyalty bonus, is simple but does not represent the value of the service and access combination that operators provide. In other words, it is more valuable for a telecom offer to associate itself with an app brand compared to offering megabytes of data only.

Enea’s Network DPI & Traffic classification provides the basis for the next phase of monetization that must move beyond IP and into flow analysis, classifying user traffic not just by APN/DNN but also by application & service consumed. If service offerings are open to users, they can be more aligned to potential new freedoms offered by regulators. That said, there is a balance needed in keeping it open and enabling popular applications. The popular applications tend to be dominated by the big 5 content providers. Sticking to those apps rather than, for example, a popular local food ordering service or taxi, could be seen as perpetuating the dominance of large internet content providers but in the diversity of applications highlighted in this article, we can see that there is room for expansion, if the toolsets such as Network DPI can keep up.


[1] Ofcom regulatory shift insight








Related insights

2023 Retrospect on Observability

Observability: 2023 Retrospect

Read more

Tags: 5G, AI, Cybersecurity, Network Security, Observability

Roam Where You Want To – Roam Around the World!

Read more

Tags: 5G, AAA, Access Manager

AAA & Access Management – Voice over WiFi

Read more

Tags: 5G, AAA, Access Manager

AAA & Access Management – Scale up for the New Year

Read more

Tags: 5G, AAA, Access Manager

UK Regulator Ofcom & Net Neutrality

Read more

Tags: 5G