US Patent 11716286 Collecting and analyzing data regarding flows associated with DPI parameters

Some embodiments provide a method for performing deep packet inspection (DPI) for an SD-WAN (software defined, wide area network) established for an entity by a plurality of edge nodes and a set of one or more cloud gateways. At a particular edge node, the method uses local and remote deep packet inspectors to perform DPI for a packet flow. Specifically, the method initially uses the local deep packet inspector to perform a first DPI operation on a set of packets of a first packet flow to generate a set of DPI parameters for the first packet flow. The method then forwards a copy of the set of packets to the remote deep packet inspector to perform a second DPI operation to generate a second set of DPI parameters. In some embodiments, the remote deep packet inspector is accessible by a controller cluster that configures the edge nodes and the gateways. In some such embodiments, the method forwards the copy of the set of packets to the controller cluster, which then uses the remote deep packet inspector to perform the remote DPI operation. The method receives the result of the second DPI operation, and when the generated first and second DPI parameters are different, generates a record regarding the difference.