Currently there are few NGN deployments around the world. We can only deduce some of its possible application scenarios based on its already defined 2-stratum architecture ([b-ITU-T Y.2012]).
Figure I.5 illustrates an example how DPI can be deployed in an NGN environment. The functional blocks included in the dashed box are components that are closely related to the process of both DPI and packet forwarding: the blocks of policy control consists of subscriber policy control and its corresponding policy repository; the block of resource admission control subsystem is responsible for subscriber authentication/admission and resource allocation while the block of DPI will carry out all the functions of packet header analysis and content scanning.
Figure I.5 Example of DPI’s application scenario within the context of NGN
[b-ITU-T Y.2012]
Figure I.6 illustrate NGN as a layered architecture. DPI resides in packet forwarding plane, while resource and admission control is a basic function of control plane, with policies being stored in the policy repository. Whenever a new application is detected, DPI will generate a request for resource demand and deliver it to the control plane for resource allocation, even in some cases, DPI can be used to reroute the packets to satisfy SLA requirement.
Figure I.6 Example of DPI’s operation within the environment of NGN
Figure I.6 illustrates example locations of DPI policy rule enforcement, e.g., customer premises equipment (CPE) - or host-based on customer premises or network based DPI.
In the scenario above, when DPI is used in the scenario for resource allocation, there are some standardized interfaces within the network architecture. Resource reservation request originated from DPI will be generated whenever a new service is identified. For example, bandwidth allocation and QoS guarantee for a real-time VoIP application. Under such circumstances, DPI is deployed to fulfil the following goals:
1) Monitor network and bandwidth usage. DPI is applied to automatically discover the application and determine the protocol that might affect the network performance and bandwidth usage.
2) Define the policies in accordance with the identified application. Policies can be seen as the tie between application and resource requirements, which in turn determines the QoS attributes of applications, among them are: minimum and maximum bandwidth, traffic prioritization, etc.
3) Enforce the policy and make the policy repository up-to-date at any time.
From the perspective of NGN, DPI is applied to identify the application and generate the raw resource demand; all the remaining processing, including message triggering, delivery and processing will follow the procedures as defined in section 9, ITU-T Recommendation of [ITU-T Y.2111].
As part of application scenario, how DPI components are installed in the network is a big concern, whether it is deployed as in-line mode or by-pass mode, and what functions DPI can fulfil are something that also should be mentioned.
As shown in Figure I.7, a DPI component can be deployed in a network either as an inline device or a bypass device; it depends on the operator’s purpose in using them.
Figure I.7 Scenario of DPI’s Deployment in packet-based network
I.3.1 DPI used as a bidirectional tool for service control
Example use case:
Bidirectional DPI is used to monitor closely related traffic in opposite directions. Under such circumstances, DPI FE needs first to set up the association between the opposite traffic, search the rule table to retrieve the appropriate entry and process the rules accordingly.
With its rule tables and bidirectional DPI signatures, DPI can act on both incoming and outing direction on bidirectional traffic.
See clause 6 concerning correspondent requirements for uni- and bidirectional DPI.
Share with your friends: |