EdgeRouter - Deep Packet Inspection Engine for EdgeRouter

NOTES & REQUIREMENTS:
Deep Packet Inspection was introduced in EdgeOS firmware 1.7.0 and is available on all EdgeRouter models with the latest firmware.

 

Overview

Compared to traditional packet analysis tools which only give a glimpse of packet information such as port number and IP address, the Deep Packet Inspection method is used to analyze and report the actual data contents in the IP packet, in some cases even encrypted traffic.

When enabled, the DPI engine drills down to the core of the packet, collecting and reporting information at the Application-layer, such as traffic volume of a particular application used by the host. To omit information about application type, select hosts only.

Compared to the expensive and slow DPI methods in today’s router market, Ubiquiti’s proprietary DPI tool integrates with EdgeRouter’s hardware offload feature. This means the DPI supports the most common network traffic and protocols, including IPv4, VLAN tags, PPPoE, and more.

EdgeRouter works behind the scenes to automatically update these inspection signatures to ensure traffic is categorized as accurately as possible.

NOTE: By default, the DPI engine recycles data after 30 minutes of inactivity. However, the DPI engine still retains data for any combination of host and application that passes traffic again within 30 minutes of inactivity.

 

Reporting Example

 

 Related Articles


EdgeMAX - Create a Firewall Rule using Deep Packet Inspection (DPI)