FastDPI is a software product designed for Internet service providers, IPTV providers and other companies of telecom industry.
Save up to 25% of the bandwidth capacity by prioritizing traffic
Step 1: analyze
Analyze your network with the QoE option. Estimate network load by traffic type and peak load time.
Step 2: prioritize
Classify the traffic on the basis of used protocol with the FastQoS option. Label the services you agree to limit during peak hours, for example, torrents and updates, to be of the lowest priority. Webcasts, web traffic, games, and IP-telephony belong to a higher priority class.
Based on priority classes, the DPI limits the speed of traffic when the inbound traffic approaches the threshold value.
Saves up to 25% uplink capacity and improves service quality during peak hours.
Take care about your subscribers with smart ACL
Step 1: do not limit, control
- Do not block your subscribers when they run out of money. Allow them to pay debts through available payment systems.
- Give your subscribers an opportunity to log into public Wi-Fi networks via portal, SMS or Call ID.
Step 2: use the Captive Portal option
Traditional network Access Control Lists (ACL) define service ports or domain names on L3 devices, the services of which can or cannot be accessed. Vas Experts DPI controls traffic up to L7. Meaning that you can restrict or allow access to specific services, applications and websites for certain users or groups of users.
Subscribers will not leave you when they run out of funds, users of public Wi-Fi networks may become your clients, and the load on your tech support will go down.
Secure your subscribers from illegal content
Step 1: choose the connection option
- In-line: at L2 of the OSI model, between the edge router and the subscriber termination y gateway (BRAS)
- Mirroring: work with a traffic copy through SPAN ports or optical splitters
- Asymmetric scheme: only for filtering web traffic based on policy-based routing
Step 2: use different tools
- Filtering by operator’s list
- Filtering by URL with non-Latin characters
- Filtering traffic from proxies and mobile devices
- Blocking HTTPS traffic on the basis of SSL Common Name and Server Name Indication (SNI)
- Blocking traffic at nonstandard ports
- Filtering by specific users
- Redirecting to the parked page
Illegal traffic blocked 100%.
Time to go for IPv6 with CG-NAT
Step 1: isn’t it time?
There are not enough IPv4 addresses today—people use more than 4.3 billion devices. Time to go for IPv6.
Step 2: carrier-grade NAT
Use the CG-NAT option of the Vas Experts DPI platform as part of a seamless migration strategy to IPv6 and support for Dual Stack. NAT will work simultaneously for IPv4 and IPv6. CG-NAT provides:
- Full RFC 6888 and RFC 4787 compliance
- provides transparent operation of P2P protocols (torrents, games)
- allows to limit the number of TCP and UDP ports for the subscriber (DDoS protection)
- supports functions of Hairpinning, Paired IP address pooling and Full Cone
- NAT logging can be exported via IPFIX protocol (NetFlow v10)
No more costs for IPv4 addresses. You will also ensure extra network security without loss of service quality.
Innovate your network with DPI-based BRAS
Step 1: control access
The main task of BRAS service gateway is to authorize subscribers and apply billing plans to them. Registering the first subscriber’s package, BRAS generates a request to the billing system through the Radius server and learns about subscriber’s services. The function works in L3 (IPoE) and L2 (DHCP, PPPoE, ARP) modes.
Step 2: give your network new possibilities
- Providing Quality of Service (QoS) within the billing plan
- Controlling Internet access of your subscribers
- Applying billing plan policies
- Interacting with the Radius server
- IPoE, PPPoE authorization
- Assigning additional billing options
- Redirecting to Captive Portal
- Operating on L2 and L3
- Dual Stack IPv6 / IPv4, Radius CoA support
- Multi-users: one login is connected with multiple IPs
- Supporting domain’s whitelists, regardless of IP address
- Increasing speed for local resources or P2P networks
Step 3: full implementation support
For technical advice, fill out the contact form.
Increase ARPU with no extra costs
Step 1: use extra income tools
- When a subscriber visits a specific HTTP page, they will be redirected to a special landing page with your offer. The redirection policy can be configured through a convenient graphical interface or CLI.
- An option to replace or block advertising content. Allows you to selectively change the content of HTTP pages with banner ads, and control subscriber access to the service.
Step 2: maximize advantages
Possible use cases:
- Monetizing free Wi-Fi access points
- Social billing plans
- Providing ad blocking service
- Replacing third-party banner ads with your own ad
- Creating an additional subscriber communication channel
- Polling, notification on service interruptions, payment reminders
- Increasing income per subscriber due to native ads without making subscribers uncomfortable
Protect your network with Mini-Firewall & Anti-DDoS
Step 1: arm yourself
Use the Mini-Firewall option
- To prevent hacking users through open system ports
- To block malicious behavior from subscribers
Use the Anti-DDoS option
- To protect subscribers from TCP SYN flood
- To protect subscribers from Fragmented UDP flood
- To stop a DDoS attack with CAPTCHA
Step 2: simply turn it on
Vas Experts DPI is equipped with a high-performance mechanism against TCP SYN flood and Fragmented UDP flood attacks. The module can process up to 20 million packages per second. The Turing test (CAPTCHA) is used to protect against DDoS. The Mini-Firewall option ensures extra security.
Comfort and safety for your subscribers without the need to purchase additional equipment.
Get to know your subscriber and improve Quality of Experience
Step 1: who is who
Use the Quality of Experience (QoE) option to classify your subscribers, solve their problems and find additional opportunities.
QoE is a software product for collecting statistics and assessing the quality of experience.
Step 2: use QoE for different tasks
- When setting up the connection, the DPI exports information on delays and losses between the client and the DPI, as well as between the DPI and the host. Round Trip Time (RTT) and TCP Retransmits values help you identify and solve network problems.
- Fighting resale traffic. The DPI exports unique User-Agent data which is transmitted in the HTTP request. The QoE module aggregates data for each IP (login). For statistical purposes, the subscriber’s NAT includes each device. One household usually has up to 20 unique User-Agents. A bigger number indicates a possible contract violation.
- Fighting outflow. The DPI exports ClickStream—all HTTP / HTTPS user requests. QoE aggregates data for each IP (login). If your subscriber often visits competing websites, the QoE module will notify you on this, helping you retain the client.
- Search for Smart TV. The QoE module shows all Smart TV devices, that your subscribers have. You can offer subscribers your own OTT service.
A free QoE Lite option will help you find out who your subscribers are and offer them what they really need.
How FastDPI looks inside
Quality of Service (QoS)
The Quality of Service (QoS) module enables bandwidth management based on application layer protocols, data flows and bandwidth usage. It saves up to 25% of the bandwidth capacity by prioritizing traffic, which improves the operator’s quality of service in general.
Quality of Experience (QoE)
Quality of Experience (QoE) is a DPI module that gathers statistics and evaluates QoE. The data that it collects are compared with the preset metrics to evaluate the quality of telecom services and Internet connection for a single user. Based on this information, the module initiates steps required to improve the quality of service.
Access Control Lists (ACL)
Access Control List (ACL) is an option in VAS Experts DPI designed to create intelligent access control lists, unlike the standard ACLs. Such ACLs control and manage traffic at higher layers of the OSI model by limiting or allowing access to services, applications and resources. You have control over both—single users and user groups.
The CG-NAT option enables network address and port translation and provision of a single public IPv4 address to several users. CG-NAT is introduced to deal with IPv4 address exhaustion and simplify transition to IPv6.
The “classic” NAT with port translation on Linux or FreeBSD is a port-restricted NAT that allows inbound connections only on a specific port. As a result, for example, two gaming consoles behind such a NAT gateway won’t be able to communicate with each other, because the port number will be changed. Similarly, it prevents the connection of torrent trackers and other peer-to-peer protocols. CG-NAT addresses these issues by allowing inbound connections on any port.
Example of VAS Experts DPI being used as a NAT gateway with redundancy:
Firewall and Anti-DDoS
VAS Experts DPI comes with a firewall that protects users from being hacked on open ports and blocks any illegal subscriber activity. The firewall protects your network from DoS and malware attacks, improves the quality of service, ensures reliable and secure operations. You can use the firewall together with the QoE module to reveal the perpetrator and the victim and quickly notify users about any suspicious activity.
Marketing and Redirecting
With Marketing and Redirecting, operators receive a tool to notify subscribers about new offers or future network maintenance. When an operator activates the service, instead of being redirected to the home page, the subscriber is redirected to the operator’s information page, which contains all the necessary data.
The software solution doesn’t depend on a particular server hardware supplier and can be flexibly adapted to business requirements.
Who use FastDPI
Do you want to test VAS Experts DPI in real-time and see how it processes collector analytical data, monitors the network, enhances subscriber loyalty by leveraging metrics, and increases revenue per subscriber using our products? Try Traffic Lab—free for any telecom operator to perform various evaluations, such as:
NetFlow analysis is used to report on network traffic at the session level and generate detailed network statistics. Reports can be exported and visualized. NetFlow analysis also yields statistics on subscriber ping, including peak and medial values.
- Identify subscribers with high ping and lower connection quality in real time
- Troubleshoot CPE, wireless routers, access and aggregation switches
- Export statistics to the specialized monitoring system and dashboard of the technical support team
- Export Full NetFlow statistics on transport and application layer protocols, with traffic presented by flow and AS
- Prioritize (QoS) based on bandwidth allocation
- Search for the best Internet exchange points and uplinks
- Detect malware and DDoS attacks, develop your own security system
- Gather statistics on repeat requests
- Collect session retransmit statistics
- Troubleshoot Wi-Fi routers and physical channels
- Sell equipment with the best coverage and functionality parameters
Clickstream analysis is used to collect statistics on the number of generated sessions and subscriber devices. It is used to identify the most visited resources, including at endpoint client devices.
- Prevent negative feedback and subscriber churn
- Determine household types based on filters
- Prevent Internet reselling
- Automate feedback collection after on-site repair works
- Notify about network failures and reduce the load on the support team
- Inform subscribers about new services, offers and discounts
We invite you to join the free testing of VAS Experts DPI. Our testing lab has enough equipment power to support testing for any purpose in close-to-real-life conditions. Our engineers ensure full support of your testing effort and work together with you on releasing your project to production.
Network stress test at OSI L2–L7 with traffic generation of up to 100 Gbit/s.
- Emulate traffic flow and as many simultaneous sessions as you need
- Use a wide range of parameters and protocols for traffic generation management
- Emulate failures and recovery
- Emulate traffic packet allocation within a time interval
- Replay pre-recorded traffic with modified IP addresses or sending/receiving ports
The Yota de Nicaragua is one of the leading operators in the emerging mobile market in Latin America. Yota de Nicaragua provides a wide range of communication services, including 4G.
- Current Cisco SCE2020 equipment couldn’t go beyond 2 Gbit/s
- there was no opportunity to activate new tariffs
- the operator needed to simplify network maintenance
- the operator needed to simplify network maintenance, improve the quality of the Internet connection and the download speed
- Yota also needed to migrate from WiMAX to LTE
Restructuring the current WiMAX networks; integrating VAS Experts DPI. Creating personalized billing plans for customers, improved quality of “heavy” content playback: games, online videos, communication applications (Skype, Zoom), and, as a result, greater brand loyalty.
Interdnestrcom (IDC) provides wired Internet access, mobile communication, including 3G and 4G, and television services in the Pridnestrovian Moldavian Republic (Moldova).
The provider needed a DPI solution capable of:
- Filtering websites according to the Ministry of Communications lists
- Billing subscribers having per-megabyte plans (3G-subscribers)
- DSCP prioritization of different protocols
- Quality of Experience (QoE)
- Analizing resources of those competitors, which subscirbers visit (for marketing needs)
In addition to Traffic Monitoring System, IDC considered Allot and Proteus DPI platforms. Allot was decided against due to its high costs, and the need for a license for additional functions and a separate hardware solution for which spare parts were necessary. Proteus was decided against because its services cost more than the services of DPI system, and it also needed a partial hardware implementation.
StarNet is one of the largest telecom operators in Moldova, working on the market since 2003. Its subscriber base is over 130,000 active users. StarNet is the first company in Moldova to provide fiber-optic Internet connection.
StarNet subscribers can access the web via GPON, FTTB, and Wi-Fi. Before modernization, the network traffic was managed with several Ericsson SE1200 BRAS.
The devices could not keep up with the traffic load and malfunctioned.
The need to gradually transition to IPv6 made it impossible to continue using SE1200 because it supports IPv6 for PPPoE sessions only, and using PPPoE for over 130,000 subscribers was out of the question.
The need for a new system was also triggered by extended downtime. It was evident that a modern traffic management solution with BRAS L3, CG-NAT and IPv6 Dual Stack support was required.
The existing Ericsson SmartEdge 1200 devices were replaced with a VAS Experts DPI 40 cluster installed on Huawei hardware.
The network was modernized, with added IPv6 and IPoE support, CG-NAT, RADIUS AAA; low performance and fault-tolerance were addressed.
Get in Touch
Have a question or interested in learning more how IT
can help your business? Please connect with us.