Can Deep Packet Inspection (DPI) Handle Today’s Growing Traffic Complexities?

In a recent interview, Ariana Lynn, Principal Analyst at The Fast Mode spoke to Srini Addepalli, Chief Technology Officer at Aryaka on the impact of traffic visibility on modern IP networks. Srini joins us in a series of discussions with leading networking, analytics and cybersecurity companies, assessing the need for traffic filtering technologies that can deliver real-time, granular application awareness. The series explores how advanced analytics power various network functions amidst the rapid growth in traffic and applications. 

Ariana: How effective is deep packet inspection (DPI) technology in addressing today’s traffic complexities?

Srini: Traffic complexity arises from various factors related to DPI:

1. Multiple traffic flow scenarios stemming from:
   1. Distributed workforces in enterprises.
   2. Hybrid and multi-cloud deployments of enterprise applications.
   3. Increased usage of SaaS services by enterprises.
2. Encrypted traffic, predominantly TLS/SSL based.

Due to these factors, DPI tools cannot be deployed in isolation. We believe that DPI will be part of larger network and security solutions such as SASE/SSE. Since SASE/SSE operate at line rate, it is crucial for them to ensure that the DPI library is multi-threaded and works with C/C++ interfaces. SASE/SSE solutions terminate SSL/TLS connections, providing access to clear data. It is important for the DPI library to be integrable at multiple levels in the data plane – on encrypted traffic and clear traffic – for optimal application detection via DPI.

Ariana: What is your view on commercial DPI vs open-source DPI?

Srini: As we provide a complete, integrated solution, it is always preferable to have access to the source code. This facilitates faster troubleshooting in case of any functional, performance, and stability issues. However, in the case of DPI, it’s not just the software, but also supporting multiple protocols, identifying cloud services, and the operations being performed on them. This necessitates continuous updates to the DPI or its feed. The current belief is that commercial DPI vendors are faster to respond to newer applications/services compared to open source solutions. The ideal solution for us is to have access to the source code, preferably open, with a commercial feed.

Srini Addepalli is the Chief Technology Officer at Aryaka and is a security and Edge computing expert with 25+ years of experience. Before joining Aryaka, Srini was at Intel, where he incubated multiple open-source edge computing and security initiatives including Service Mesh, cloud native SASE framework, Distributed HSM and Multi Edge/Cloud orchestration technologies. Before Intel, he held the Fellow position at Freescale and CTO position at Intoto Inc. As part of Intoto, which was acquired by Freescale, he was instrumental in leading the development of Gateway and UTM (Unified Threat Management) product lines. Srini has multiple patents in networking and security technologies. He holds a BE (Hons) degree in Electrical and Electronics Engineering from BITS, Pilani in India.

This interview is a part of The Fast Mode’s Traffic Visibility segment, featuring leading networking, analytics and cybersecurity companies and their views on the importance of network intelligence and DPI for today’s IP networks. A research report on this topic will be published in June 2024 – for more information, visit here.