DPI with IPv6 and IPSec?

[golom]

I searched the forum and FAQ and other resources already, but I couldn't quite find an answer.

I'm also not entirely sure that this is the right forum to ask but, I think it is very much related to P2P traffic (not uTorrent in particular, though):

Is DPI (Deep Packet Inspection) still possible with IPv6/IPSec?

I understand that the current net-neutrality debate in some countries is (partly) based on the ability of using DPI to give priority to certain types of traffic.

Now IPv6 comes optional IPSec. While DPI is obviously possibly with unencrypted IPv6, using IPSec should prevent any DPI. I know little about this stuff, but I understand that the IPv6 headers do contain a protocol identifier, but that should only contain the TCP or UDP identifier. The actual content can be encrypted with IPSec and should then be indistinguishable from random bit (the very definition of secure encryption), which would prevent and successful DPI.

So are there some people here that would agree/disagree that enabling IPSec in IPv6 would solve the DPI issue once and forever?

[paintball9]

I've not heard of any DPI able to immedietly unencrypt IPSec at this point, but keep in mind that they use other methods to detect as well. Some start throttling as soon as they detect something unfamiliar (encrypted) others look at packet frequency and number of connections, Eg torrents use many connections and very fast and thus might set something off.

[Switeck]

Ask yourself what BitTorrent traffic LOOKS like...and you'll understand you can probably spot "probable BitTorrent traffic" without reading the packets past ip+port in and out.

ISPs don't care very much if they do some or a lot of collateral damage to your other traffic...just as long as they disrupt and throttle most BitTorrent traffic.

[golom]

Yep, thanks.

The traffic pattern could obviously stem from other things as well, like a skype-conference or a web service (imagine the pattern of an email host). I'm also thinking of YaCy, which would probably look extremely similar.

But I agree, in most likely origin is BitTorrent.

But my original question seems to be answered, DPI may be a thing of the past, if people decide to use IPSec (which they should anyway).

[Switeck]

A skype-conference won't likely max out the connection, certainly not in both directions consistently at the same time for extended duration.

A web service, such as an email host, also won't be as taxing bandwidth-wise. Anything email-wise that could even VAGUELY resemble p2p file sharing traffic is likely strictly forbidden on consumer internet lines.

DPI has changed from PACKET inspection to aggregate FLOW inspection. If there's any information it can gather from packet inspection, it will do that to, to better classify the traffic.

IPSec is not going to solve OUR problem if ISPs remain violently insistent (in the forms of punishments ranging from throttling, disruptions, and permanent disconnection from service) on their customers being limited to averaging effectively less than 1/10th the rated speeds of their lines. ...And those rated speeds have been "pinned down" especially badly on the upload side, where it is extremely unusual for anyone other than those on fiber optic lines having >2 mbit/sec sustainable upload speeds.