Community Blog


5G – The Perfect Storm Endangering DPI Approaches to Subscriber Services

Over the past decade, many service providers have used Deep Packet Inspection (DPI) or proxy-based approaches to deliver subscriber services such as content filtering/parental control and end-user security services.  It’s a relatively simple concept to understand – all user traffic flows through the DPI tool, and pre-defined filtering and security policies are applied.


Simple right – so what’s the issue? 


The biggest issue is the simple statement of “all user traffic flows through the DPI tool.”  Before we had billions of mobile devices using latency-sensitive applications consuming massive amounts of bandwidth, the DPI or proxy approach was viable and relatively cost-effective.


However, over the past several years, the explosion in the number of mobile and IP-enabled devices and the bandwidth they consume have put extreme pressure on DPI solutions.  Most service providers cannot afford to simply keep throwing more capacity at the problem (and this doesn’t even include the management challenge and cost of dealing with growing number of DPI appliances spread across the SP core).


And just when you thought it couldn’t get worse, here comes 5G.  If you thought the growth of the past several years has been challenging, you haven’t seen anything yet.  A recent McKinsey & Company report predicts that the growing demand driving an upgrade to 5G will increase network-related capital expenditures by approximately 60 percent from 2020 through 2025. 


The strain 5G deployments will put on service providers will be tantamount to an ever-growing tornado of pain; enhanced mobile broadband will increase the growth of the Internet of Thing (IoT) devices, which will, in turn, drive new applications that increase bandwidth consumption.  So the simple approach of “sniff all traffic” cannot keep up without extreme investments of DPI capacity. 


Let’s take a simple look at the economics with some rudimentary calculations.  If the service provider has close to a 100% adoption rate for value-added parental control or security subscriber services, the fact that all traffic is analyzed regardless of whether the traffic stems from a paid subscriber is less important.  The reality, however, is that no provider is close to that penetration rate. 


Assume a European provider has an “opt-out” approach and an atypically high 35% of its customers are paying for content filtering.  In the DPI approach, for every million dollars in DPI investment, $650,000 is wasted analyzing traffic for non-paying customers.  And if you look at other markets such as North America where “opt-in” is more prevalent, and penetration rates hover around 10%, 90 cents of every dollar is spent monitoring traffic where the SP gets no incremental compensation. 


If you are a service provider today using a DPI or proxies approach for subscriber services, there are a few areas of consideration for you to address:

  • How much will my DPI investment cost go up with anticipated increases in usage and devices?
  • What magnitude of cost increase will occur when we begin deploying 5G?
  • Where will the new and bigger DPI/proxies be placed and how will I manage them?
  • If all traffic doesn’t get monitored, will QoE and latency improve?
  • Can I increase customer penetration with lower prices if the cost of delivering content filtering drops?


While the legacy approach with DPI worked in traditional environments, a new DNS-based approach works much better in today’s world and is ready to help meet tomorrow’s even greater needs.  You can check our earlier blog on the ins and outs of a DNS-based approach for subscriber services


Infoblox is the market leader in service provider-grade secure DNS, DHCP, and IP address management (DDI) solutions. And with our pre-packaged subscriber service capabilities including Parental Control, Subscriber Insight, and Policy Enforcement, service providers can deliver content filtering in a more scalable and cost-effective manner.


No matter if you’ve deployed 5G or NFV yet, Infoblox provides the most scalable DDI infrastructure that supports on-premises, virtual, private/public cloud, so you can meet your needs today while planning for tomorrow.  In addition to cost savings and scalability improvements compared to DPI, Infoblox also provides a faster return on investment (ROI) by reducing the upfront capital requirements with a pay-as-you-grow or subscription model.


Service providers can take advantage of Infoblox’s market leadership and create more powerful subscriber services in a more cost-effective, scalable approach. To learn more, visit

Showing results for 
Search instead for 
Do you mean 

Demo: Infoblox IPAM plug-in integration with OpenStack Newton