Deep Packet Inspection (DPI) is an advanced method of examining and managing network traffic. The inspection allows software/hardware to access, analyse and modify payload (data) portions of network packets. DPI can be done actively or passively. Active inspection is mainly used for filtering and policing purposes, whereas passive one is for monitoring and analytics purposes.
Passive DPI:
This is just a monitoring approach where the data is coming from TAPs and SPAN ports. This data is then analyzed, and presented to the customer. The typical use case is monitoring and network optimization.
Semi passive DPI:
Semi passive DPI allows application blocking, but only complete blocking of an application and not per user.
Active DPI:
This solution is an active part of a network (inline) and is often called a service gateway. This solution can analyze traffic, block, and throttle applications on a user level. Active DPI is CPU-intensive and server-based. It is fully inline and can impact the network if it fails. Therefore, it requires bypass infrastructure.