Hacker News new | past | comments | ask | show | jobs | submit login

There's a lot of misconceptions on DPI going on here. Without taking position, let me just share a few facts (I work with this...).

- DPI is used in most networks in the world, and is mainly used for throttling P2P or for traffic analysis. Legal interception e.g. classical wiretapping is a different thing, although it could use same hardware.

- DPI does cost some resources to the operator but the impact on end users is negligible (except for malfunctions or improperly dimensioned DPIs). It only adds a tiny amount to latency, which puts an upper limit on bandwidth. In many cases, the bandwidth is limited somewhere else on the link.

- DPI hardware works in several stages, typically: analyze IP flow (shallow inspection), if not enough to decide, to DPI (analyze HTTP headers etc), if not enough to decide, rely on heuristics based on traffic pattern etc.

- DPI is not very good at all at dealing with encrypted traffic, and most DPIs will not be able to do anything else than shallow inspection. (some claim to do traffic flow analysis, and some (normally transparent proxies) can break the HTTPS flow in two, but it would generate client errors).

- ITUs specifications won't have much impact on what ISPs do at the moment (as they already do it) but I guess could be a part of the wider regulatory discussion.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: