EdgeRouter - Deep Packet Inspection Engine for EdgeRouter


This article gives a quick overview of how the Deep Packet Inspection (DPI) analysis tool works on the EdgeRouter.

Deep Packet Inspection was introduced in EdgeOS firmware 1.7.0 and is available on all EdgeRouter models with the latest firmware.

Deep Packet Inspection on the EdgeRouter

Back to Top

Compared to traditional packet analysis tools which only give a glimpse of packet information such as port number and IP address, the Deep Packet Inspection method is used to analyze and report the actual data contents in the IP packet, in some cases even encrypted traffic. When enabled, the DPI engine drills down to the core of the packet, collecting and reporting information at the Application-layer, such as traffic volume of a particular application used by the host. To omit information about application type, select hosts only.

Compared to the expensive and slow DPI methods in today’s router market, Ubiquiti’s proprietary DPI tool integrates with EdgeRouter’s hardware offload feature. This means the DPI supports the most common network traffic and protocols, including IPv4, VLAN tags, PPPoE, and more. EdgeRouter works behind the scenes to automatically update these inspection signatures to ensure traffic is categorized as accurately as possible. Note that by default, the DPI engine recycles data after 30 minutes of inactivity. However, the DPI engine still retains data for any combination of host and application that passes traffic again within 30 minutes of inactivity.

Reporting Example

Related Articles

Back to Top

EdgeRouter - Create a Firewall Rule using Deep Packet Inspection (DPI)

We're sorry to hear that!