What is DPI in 5G?

DPI in 5G is an intelligent, cloud-native traffic analysis engine. Communications service providers (CSPs) typically implement DPI engines in the User Plane Function (UPF), which is part of the 5G core (5GC) network responsible for user data forwarding.

How Does DPI Work?

DPI uses sophisticated detection methods to monitor traffic over unencrypted and encrypted protocols and analyze communications patterns to detect anomalies and to enforce policies for enhanced security and service differentiation.

DPI engines can classify thousands of applications at scale and extract metadata to enable services such as content filtering, parental controls, traffic shaping, and advanced threat detection.

Intelligent DPI engines use pattern matching, encrypted traffic analysis, artificial intelligence (AI), and machine learning (ML) to classify and prioritize traffic dynamically, in real time.

With modern DPI technology, CSPs can:

• Observe and analyze the raw content of the data packets flowing through the network at massive scale
• Examine and classify traffic by application type
• Enforce network policies
• Proactively detect and block malicious or unauthorized traffic
• Optimize quality of service for latency-sensitive services in real time

Challenge for CSPs

But even with this capability, implementing DPI engines remains complex and challenging, often requiring immense storage capacity. As a result, user plane data extraction is seen as cost prohibitive for CSPs.  
CSPs will only realize these benefits if they consider an end-through-end network observability architecture powered by DPI that has the capacity to curate data at scale, 24/7, in near-real time, to produce what NETSCOUT calls Smart Data.

Integrating DPI in 5G

CSPs typically implement DPI engines in the UPF, which is part of the 5GC network responsible for user data forwarding. DPI uses sophisticated detection methods to monitor traffic over unencrypted and encrypted protocols and analyze communications patterns to detect anomalies and enforce policies for enhanced security and service differentiation. 5G networks rely on the successful operation of DPI techniques to ensure and secure network traffic, as well as to assure high performance for network slices.

DPI supports outcomes for emerging 5G use cases such as:

• Massive device connectivity (Internet of Things [IoT], smart cities)
• Ultra-low latency applications (augmented reality/virtual reality [AR/VR], autonomous vehicles)
• Network slicing (requires precise traffic identification and control)
• Mobile network security (detected and mitigated cyberthreats)

The integration of DPI within the 5GC supports real-time monitoring and response with minimal impact on network performance. Within the UPF, DPI modules conduct the following tasks:

• Inspect and classify user traffic
• Report metadata (e.g., app ID, flow type) to control-plane functions (such as the Policy Control Function [PCF] or Session Management Function [SMF])
• Trigger policy enforcement (throttling, prioritization, redirection)

DPI Flow

When CSPs integrate DPI engines within the 5GC, the following interaction occurs between DPI, the Network Data Analytics Function [NWDAF], and PCF (see Figure 1):

• DPI - Analyzes traffic and sends traffic classification to the PCF and detailed metrics to NWDAF in real time
• NWDAF - Processes the traffic data and predicts any congestion, security threats, or slice performance issues

• PCF - Uses the inputs from DPI and NWDAF to enforce or adjust policies dynamically in real time, optimizing user experiences and resource allocations, and enabling decision-making for traffic shaping, billing, and service assurance

  

NETSCOUT Offers Scalable User Plane Solution

CSPs can rely on NETSCOUT Omnis AI Insights to drive intelligent automation for observability. Powered by modern DPI technology, this solution generates high-fidelity curated data that is AI-ready and delivers comprehensive observability that can help CSPs unlock new value streams for tailored business insights to securely operate their networks toward:

• Gaining autonomous network performance and services with closed-loop orchestration, on-demand analytics, and automatic management of subscriber experiences
• Achieving reliability and latency goals
• Providing opportunities for new revenue and monetization

Learn more about NETSCOUT Omnis AI Insights.