TPRC45 has ended
Back To Schedule
Friday, September 8 • 9:34am - 10:07am
An Empirical Evaluation of Deployed DPI Middleboxes and Their Implications for Policymakers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Middleboxes are commonly deployed to implement policies (e.g., shaping, transcoding, etc.) governing traffic traversing ISPs. While middleboxes may be used for network management to limit the impact of bandwidth-intensive applications, they may also be applied opaquely to limit access to (or degrade) services that compete with those offered by the network provider. Without regulation or accountability, such practices could be used to raise the barrier to entry for new technologies, or block them entirely. Further, by breaking end-to-end system design principles, these practices can have negative side-effects on reachability, reliability and performance.

This paper presents evidence of deployed middlebox-enabled policies that provide differential service to network applications affecting subscribers of T-Mobile US, Boost Mobile, and others. We used rigorous controlled experiments and statistical analysis of the performance of popular online services to identify traffic differentiation. The observed policies include throttling bandwidth available to video streaming and VPN traffic, transcoding video, and selectively zero-rating traffic such as video and music streaming. Such policies appear to violate the “No Throttling” and/or “No Unreasonable Interference” provisions of the Open Internet Order (OIO), and potentially violate rules in different jurisdictions. Some of these policies were not transparent to consumers and/or were presented in misleading ways, violating the transparency requirement of the OIO. We recommend that providers concerned about traffic loads use application-agnostic techniques to throttle, thus meeting the “reasonable network management” clause of the OIO. Such policies are also easy for consumers to understand, thus providing better transparency.

We find that the observed policies are implemented using deep packet inspection (DPI) and simple text matching on contents of network traffic, potentially leading to misclassification. We validate that misclassification occurs, causing unintentional zero-rating or throttling. For example, video-specific policies can arbitrarily apply to non-video traffic, providing another example of “Unreasonable Interference” barred in the OIO. In fact, we show that current approaches to implementing network management policies are fundamentally vulnerable to unintentional behavior; i.e., the DPI-based approach to network management cannot guarantee 100% accuracy. We recommend that policymakers and network operators adopt alternative rules and approaches to network management that avoid such flaws and vulnerabilities.

Last, network management policies currently lack auditing provisions, and we argue that this hinders enforcement and compliance with rules. Further, network providers’ policies evolve over time, requiring constant vigilance. We recommend that regulators incorporate auditing technologies such as those presented in this work as part of future policies.


Patrick Sun

Industry Economist, FCC


David Choffnes

Assistant Professor, Northeastern University
Net neutrality, network measurement, QUIC, privacy Find me on Twitter: @proffnes


Alan Mislove

Northeastern University

Friday September 8, 2017 9:34am - 10:07am EDT
ASLS Hazel Hall - Room 329