Short 2025 Roadmap: QoE, AI in Traffic Classification, Distributed Architecture, SuperNICs

Posted · Add Comment

As usual, we’re sharing some details about our 2025 roadmap. We have discusses several working items and distilled a few we can pursue in the coming months.

  • QoE (Quality of Experience)
    In the past few years we have focused on Cybersecurity and now we want to extend our measurements into a new dimension: quality. ntop tools monitor various metrics such as RTT, latency, jitter.. and now we want to combine them with DPI to creare a quality score that will report how good (from the user experience standpoint) the traffic is. In essence we will create a QoE score similar to the cyberscore you are familiar with. As protocols are different in nature (e.g. streaming and email have totally different requirements in terms of quality), this new quality indicator will take care of protocol properties to avoid false positives and report meaningful alerts.
  • AI (Artificial Intelligence) in Traffic Classification
    nDPI is great at detecting network protocols (it recognizes ~500 protocols) so while we keep adding new protocols, we believe we need to go deep into traffic content. For instance we would like to bind a traffic to a category not just for mainstream protocols (e.g. TikTok) that per-se are easy to classify, but for generic web browsing or for characterizing flows more in detail. For instance what does traffic from/to courier.push.apple.com or tether.edge.apple is about? AI/LLMs can definitively help and we’re making experiments since several months with the goal to automate traffic classification. We believe that merging this with signals coming from traffic fingerprinting can produce great results.
  • Distributed Architecture
    Modern networks are distributed and some of them very very large in traffic volume. We cannot handle all the traffic/flows from a single location, so we are currently deploying various ntop+nProbe/Cento monitoring sites. However some of our users reported that while this solution allows them to monitor the traffic, it does nor provide a single unified view of the whole network traffic. For this reason we’re enhancing our tools to provide a single entry point to a distributed monitoring system that allows users have a global overview of their large/distributed infrastructure.
  • SuperNICs
    In the past we’ve done a lot of work with SmartNICs and their support is integrated in PF_RING and monitoring applications. Now we’re exploring SuperNICs to see if we can benefit in some areas were SmartNICs do not help. During the week-end we’ll preview at FOSDEM what we have been able to do so far, challenges, and opportunities offered by this technology.

We’ve many other things in our mind, many of them triggered by comments coming from our community. As you know we’re organizing the PacketFest conference soon we’re we’ll go deep, explain what we’re doing. We’ll appreciate if you would join it so we can hear from you and get your advice.

See you at FOSDEM or PacketFest !