FastDPI is a software product designed for Internet service providers, IPTV providers and other companies of telecom industry.


Detecting more than 6000 application protocols

All-in-one: one solution for all functions

Working with any hardware

Various connection methods

Free QoE module

Free trial version

Save up to 25% of the bandwidth capacity by prioritizing traffic

Step 1: analyze

Analyze your network with the QoE option. Estimate network load by traffic type and peak load time.

Step 2: prioritize

Classify the traffic on the basis of used protocol with the FastQoS option. Label the services you agree to limit during peak hours, for example, torrents and updates, to be of the lowest priority. Webcasts, web traffic, games, and IP-telephony belong to a higher priority class.

Based on priority classes, the DPI limits the speed of traffic when the inbound traffic approaches the threshold value.


Saves up to 25% uplink capacity and improves service quality during peak hours.

Take care about your subscribers with smart ACL

Step 1: do not limit, control

  • Do not block your subscribers when they run out of money. Allow them to pay debts through available payment systems.
  • Give your subscribers an opportunity to log into public Wi-Fi networks via portal, SMS or Call ID.

Step 2: use the Captive Portal option

Traditional network Access Control Lists (ACL) define service ports or domain names on L3 devices, the services of which can or cannot be accessed. Vas Experts DPI controls traffic up to L7. Meaning that you can restrict or allow access to specific services, applications and websites for certain users or groups of users.


Subscribers will not leave you when they run out of funds, users of public Wi-Fi networks may become your clients, and the load on your tech support will go down.

Secure your subscribers from illegal content

Step 1: choose the connection option

  • In-line: at L2 of the OSI model, between the edge router and the subscriber termination y gateway (BRAS)
  • Mirroring: work with a traffic copy through SPAN ports or optical splitters
  • Asymmetric scheme: only for filtering web traffic based on policy-based routing

Step 2: use different tools

  • Filtering by operator’s list
  • Filtering by URL with non-Latin characters
  • Filtering traffic from proxies and mobile devices
  • Blocking HTTPS traffic on the basis of SSL Common Name and Server Name Indication (SNI)
  • Blocking traffic at nonstandard ports
  • Filtering by specific users
  • Redirecting to the parked page


Illegal traffic blocked 100%.

Time to go for IPv6 with CG-NAT

Step 1: isn’t it time?

There are not enough IPv4 addresses today—people use more than 4.3 billion devices. Time to go for IPv6.

Step 2: carrier-grade NAT

Use the CG-NAT option of the Vas Experts DPI platform as part of a seamless migration strategy to IPv6 and support for Dual Stack. NAT will work simultaneously for IPv4 and IPv6. CG-NAT provides:

  • Full RFC 6888 and RFC 4787 compliance
  • provides transparent operation of P2P protocols (torrents, games)
  • allows to limit the number of TCP and UDP ports for the subscriber (DDoS protection)
  • supports functions of Hairpinning, Paired IP address pooling and Full Cone
  • NAT logging can be exported via IPFIX protocol (NetFlow v10)


No more costs for IPv4 addresses. You will also ensure extra network security without loss of service quality.

Innovate your network with DPI-based BRAS

Step 1: control access

The main task of BRAS service gateway is to authorize subscribers and apply billing plans to them. Registering the first subscriber’s package, BRAS generates a request to the billing system through the Radius server and learns about subscriber’s services. The function works in L3 (IPoE) and L2 (DHCP, PPPoE, ARP) modes.

Step 2: give your network new possibilities

  • Providing Quality of Service (QoS) within the billing plan
  • Controlling Internet access of your subscribers
  • Applying billing plan policies
  • Interacting with the Radius server
  • IPoE, PPPoE authorization
  • Assigning additional billing options
  • Redirecting to Captive Portal
  • Operating on L2 and L3
  • Dual Stack IPv6 / IPv4, Radius CoA support
  • Multi-users: one login is connected with multiple IPs
  • Supporting domain’s whitelists, regardless of IP address
  • Increasing speed for local resources or P2P networks

Step 3: full implementation support

For technical advice, fill out the contact form.

Increase ARPU with no extra costs

Step 1: use extra income tools

  • When a subscriber visits a specific HTTP page, they will be redirected to a special landing page with your offer. The redirection policy can be configured through a convenient graphical interface or CLI.
  • An option to replace or block advertising content. Allows you to selectively change the content of HTTP pages with banner ads, and control subscriber access to the service.

Step 2: maximize advantages

Possible use cases:

  • Monetizing free Wi-Fi access points
  • Social billing plans
  • Providing ad blocking service
  • Replacing third-party banner ads with your own ad


  • Creating an additional subscriber communication channel
  • Polling, notification on service interruptions, payment reminders
  • Increasing income per subscriber due to native ads without making subscribers uncomfortable

Protect your network with Mini-Firewall & Anti-DDoS

Step 1: arm yourself

Use the Mini-Firewall option

  • To prevent hacking users through open system ports
  • To block malicious behavior from subscribers

Use the Anti-DDoS option

  • To protect subscribers from TCP SYN flood
  • To protect subscribers from Fragmented UDP flood
  • To stop a DDoS attack with CAPTCHA

Step 2: simply turn it on

Vas Experts DPI is equipped with a high-performance mechanism against TCP SYN flood and Fragmented UDP flood attacks. The module can process up to 20 million packages per second. The Turing test (CAPTCHA) is used to protect against DDoS. The Mini-Firewall option ensures extra security.


Comfort and safety for your subscribers without the need to purchase additional equipment.

Get to know your subscriber and improve Quality of Experience

Step 1: who is who

Use the Quality of Experience (QoE) option to classify your subscribers, solve their problems and find additional opportunities.

QoE is a software product for collecting statistics and assessing the quality of experience.

Step 2: use QoE for different tasks

  • When setting up the connection, the DPI exports information on delays and losses between the client and the DPI, as well as between the DPI and the host. Round Trip Time (RTT) and TCP Retransmits values help you identify and solve network problems.
  • Fighting resale traffic. The DPI exports unique User-Agent data which is transmitted in the HTTP request. The QoE module aggregates data for each IP (login). For statistical purposes, the subscriber’s NAT includes each device. One household usually has up to 20 unique User-Agents. A bigger number indicates a possible contract violation.
  • Fighting outflow. The DPI exports ClickStream—all HTTP / HTTPS user requests. QoE aggregates data for each IP (login). If your subscriber often visits competing websites, the QoE module will notify you on this, helping you retain the client.
  • Search for Smart TV. The QoE module shows all Smart TV devices, that your subscribers have. You can offer subscribers your own OTT service.


A free QoE Lite option will help you find out who your subscribers are and offer them what they really need.

How FastDPI looks inside


Available Options

Quality of Service (QoS)

The Quality of Service (QoS) module enables bandwidth management based on application layer protocols, data flows and bandwidth usage. It saves up to 25% of the bandwidth capacity by prioritizing traffic, which improves the operator’s quality of service in general.

Read More

Quality of Experience (QoE)

Quality of Experience (QoE) is a DPI module that gathers statistics and evaluates QoE. The data that it collects are compared with the preset metrics to evaluate the quality of telecom services and Internet connection for a single user. Based on this information, the module initiates steps required to improve the quality of service.

Read More

Access Control Lists (ACL)

Access Control List (ACL) is an option in VAS Experts DPI designed to create intelligent access control lists, unlike the standard ACLs. Such ACLs control and manage traffic at higher layers of the OSI model by limiting or allowing access to services, applications and resources. You have control over both—single users and user groups.

Read More


The CG-NAT option enables network address and port translation and provision of a single public IPv4 address to several users. CG-NAT is introduced to deal with IPv4 address exhaustion and simplify transition to IPv6.

The “classic” NAT with port translation on Linux or FreeBSD is a port-restricted NAT that allows inbound connections only on a specific port. As a result, for example, two gaming consoles behind such a NAT gateway won’t be able to communicate with each other, because the port number will be changed. Similarly, it prevents the connection of torrent trackers and other peer-to-peer protocols. CG-NAT addresses these issues by allowing inbound connections on any port.

Example of VAS Experts DPI being used as a NAT gateway with redundancy:

Read More

Firewall and Anti-DDoS

VAS Experts DPI comes with a firewall that protects users from being hacked on open ports and blocks any illegal subscriber activity. The firewall protects your network from DoS and malware attacks, improves the quality of service, ensures reliable and secure operations. You can use the firewall together with the QoE module to reveal the perpetrator and the victim and quickly notify users about any suspicious activity.

Read More

Marketing and Redirecting

With Marketing and Redirecting, operators receive a tool to notify subscribers about new offers or future network maintenance. When an operator activates the service, instead of being redirected to the home page, the subscriber is redirected to the operator’s information page, which contains all the necessary data.

Read More

The software solution doesn’t depend on a particular server hardware supplier and can be flexibly adapted to business requirements.

years on the
Telecom market
identifiable protocols
100 Gbps
per one CPU

Who use FastDPI

Traffic Lab

Do you want to test VAS Experts DPI in real-time and see how it processes collector analytical data, monitors the network, enhances subscriber loyalty by leveraging metrics, and increases revenue per subscriber using our products? Try Traffic Lab—free for any telecom operator to perform various evaluations, such as:

NetFlow analysis is used to report on network traffic at the session level and generate detailed network statistics. Reports can be exported and visualized. NetFlow analysis also yields statistics on subscriber ping, including peak and medial values.


Customer Success Stories

  • Identify subscribers with high ping and lower connection quality in real time
  • Troubleshoot CPE, wireless routers, access and aggregation switches
  • Export statistics to the specialized monitoring system and dashboard of the technical support team
  • Export Full NetFlow statistics on transport and application layer protocols, with traffic presented by flow and AS
  • Prioritize (QoS) based on bandwidth allocation
  • Search for the best Internet exchange points and uplinks
  • Detect malware and DDoS attacks, develop your own security system
  • Gather statistics on repeat requests
  • Collect session retransmit statistics
  • Troubleshoot Wi-Fi routers and physical channels
  • Sell equipment with the best coverage and functionality parameters

Clickstream analysis is used to collect statistics on the number of generated sessions and subscriber devices. It is used to identify the most visited resources, including at endpoint client devices.


Please fill out the form to perform Clickstream analysis

  • Prevent negative feedback and subscriber churn
  • Determine household types based on filters
  • Prevent Internet reselling
  • Automate feedback collection after on-site repair works
  • Notify about network failures and reduce the load on the support team
  • Inform subscribers about new services, offers and discounts

Please fill out the form to test VAS Experts DPI

We invite you to join the free testing of VAS Experts DPI. Our testing lab has enough equipment power to support testing for any purpose in close-to-real-life conditions. Our engineers ensure full support of your testing effort and work together with you on releasing your project to production.

Network stress test at OSI L2–L7 with traffic generation of up to 100 Gbit/s.


Please fill out the form to perform stress testing

  • Emulate traffic flow and as many simultaneous sessions as you need
  • Use a wide range of parameters and protocols for traffic generation management
  • Emulate failures and recovery
  • Emulate traffic packet allocation within a time interval
  • Replay pre-recorded traffic with modified IP addresses or sending/receiving ports


Available Editions
VAS Experts DPI options
Filtering by the blacklisted internet sites
L1 Bypass mode support
NetFlow statistics collection on protocols and flows
Protocol-based traffic prioritization (QoS)
External access channel usage optimization (QoS)
Marketing company and user notifications
White list, Captive Portal
IPv4 and IPv6 address allocation
BRAS L3 (IPoE), IPv4/IPv6 Dual Stack, Radius CoA
BRAS L2 (PPPoE, DHCP), Dual Stack IPv4/IPv6
CG-NAT — network address translation and NetFlow export
Mini-firewall for blocking traffic over specific ports
Ad blocking and replacement
Banner integration
Resource category selector for black and white lists
QoE Lite
QoE Standart (web resources by categories, custom reports, notification triggers, DDoS and botnet detection)
Trade-In (SCE8000 and SE100-600-1200)

Get in Touch

Have a question or interested in learning more how IT
can help your business? Please connect with us.

By clicking on the button, you agree to the terms «Privacy Policy»