HTML5: making apps disappear but driving the need for Content Intelligence

Policy control and enforcement drive and protect revenues, DPI drives policy engines, and DPI relies on app signature recognition. So when all apps look the same, how will DPI - and by extension Policy - still "work"? One industry expert outlines the issues, and the possible solutions.

By Cam Cullen
Imagine you are a policeman, and your job is to give tickets to speeding cars and to manage the traffic flow to ensure steady progress for all cars. But the twist in the tale is that 95% of the cars on the road look the same (colour, shape, size), some even have the capability to change their look to appear like other cars if they believe that they have been detected speeding. Even worse, an increasing percentage of the cars are now “encrypting” their make and model so that a casual glance, or even a pretty detailed look will not be useful for telling different cars apart. How would you carry out your duties as a police officer?

This is what is actually happening on networks today.

A solution could claim to have “Deep Packet Inspection” technology, and correctly report that 90-95% of traffic on broadband networks was HTTP-based. Not a very useful bit of “business intelligence”, but on most networks, this would be a fairly accurate assessment of network utilisation.

Going back to our analogy where virtually all cars look identical or appear to be identical, keeping your highways safe and flowing smoothly would be a much more challenging job because you could not pick out cars as easily as you can in the real world. What would you do? It is highly likely you would invest in smarter technology that would get better and better at discriminating between cars. You would try to understand how different cars handled, how driving patterns evolved, notice subtle differences in the cars decorations (headlight shape, door handles, engine noise, etc.). You would also want to determine better ways to ensure that you could detect the make and model of the car as well.

Disappearing apps
The rapid spread of HTML5 may soon become a dirty word to those working in service provider IT, because many have traditionally relied on application signatures to gain visibility into network traffic. With the arrival of HTML5, that will all change. Many apps and plugins that are required today for activities like VoIP, or OTT video will simply run on an HTML5-based web browser – essentially disappearing from signature databases almost overnight.

Recent announcements by a number of major players in the Internet point heavily in this direction. Netflix recently announced it is looking to ditch its Silverlight-based video player for an HTML5 version that would work pretty much anywhere. At Mobile World Congress Mozilla launched Firefox OS, built entirely on HTML5 and other open web standards like Linux and JavaScript. It has the support of a number of mobile device manufacturers and operators, and sees possibilities to offer an option to the current duopoly of Apple and Google for both handset manufacturers as well as consumers. Then there is WebRTC (real time communications), whose mission is to enable rich, high quality, RTC applications to be developed in the browser via simple Javascript APIs and HTML5. WebRTC APIs are already available for Google Chrome’s Stable and Firefox Nightly versions.

Detecting intent
Our analogy does not sound quite so far fetched anymore does it? Broadband traffic is converging on “web”, and network operators need more intelligent solutions to help them understand what is driving their network usage. Deep Packet Inspection solutions must continue to improve their capabilities, investing in more sophisticated methods and techniques to detect the core application or even “intent” of a network conversation, helping to ensure a quality broadband experience for subscribers. There have been a number of initiatives (Software Defined Networking and Self Organising Networks are two of the better known) that are trying to simplify how broadband networks look at traffic, bringing applications and other factors like content and destination into the equation to ensure consistent and predictable network quality. Deep Packet Inspection technology must also evolve to be more sophisticated. For example, there are many different ways to look at network traffic.

In our analogy, if we knew where the cars were going to, that would help us manage traffic flow much more efficiently. Cars headed home might have a different urgency than those headed to work, or those going to a restaurant (Stay out of the way of hungry drivers!). By better understanding the destination, we could ensure that traffic that needed speed was given speed, and even create HOV lanes for public transportation and carpoolers (which happens even today). BUT – you still need police to ensure that people are not cheating in the HOV lanes (Knew I would get back to that eventually!).

A new breed of DPI-based systems called Intelligent Policy Enforcement solutions is evolving to support not only application-based classification, but also content-based classification.

Intelligent Policy Enforcement
DPI technology is performing this function in many networks today. As network traffic has become more homogenous in “look”, the purpose of that traffic has become more important. The performance of their network connection’s access to Social Networking, Streaming Media, and Messaging is often how consumers judge their broadband experience.

A new breed of DPI-based systems called Intelligent Policy Enforcement solutions is evolving to support not only application-based classification, but also content-based classification.

Content Intelligence (which is very different from Application Intelligence) allows an operator to differentiate between sites offering social networking to one offering blogging or news. Operators can now use this additional metric when managing capacity, quality, and even service plans. The added value of content intelligence is that sophisticated IPE systems can even determine the content classification of traffic even if the traffic is encrypted using SSL or other web-based security protocols. For example, traffic to mail.google.com is obviously mail traffic, and search.google.com is search traffic.

This level of intelligence will ensure that broadband networks can continue to flow, efficiently delivering quality services even during times of congestion. IPE systems will be the engine that enables network operators to continue to deliver high quality broadband services and maintain profitability by managing capex investments for years to come

Cam Cullen is VP of Global Marketing, Procera Networks