Consolidating L4-L7 functionality on the Gi LAN
In a recent article we discussed the value of having an intelligent traffic steering platform on the Gi LAN to optimize the utilization of VAS platforms such as video optimizers, transparent caching platforms, parental control systems, etc. In this post we will review the other platforms on the Gi LAN, and what is happening in the industry to get to a much simpler, more scalable and more cost effective architecture.
Inline between the PGW/GGSN and the internet peering router mobile operators have been deploying point product solutions from different vendors addressing a variety of business as well as technical requirements. DPI platforms are used for application analytics and policy enforcement, firewalls are used to protect the radio network and the subscribers, CGNAT platforms are used to address the IPv4 address exhaustion issue and routers are used for static port forwarding towards the VAS services complex. With the continuous growth of data traffic in mobile networks, operators are starting to face some challenges with the scalability of these Gi LAN architectures. In the current environment each of these different platforms will reach it’s capacity limit at a different point in time, leading to constant upgrades and redesigns to keep the network up and running. Clearly, having less platforms inline in the data path would result in clear benefits, provided such a consolidated platform meets the necessary scalability and performance requirements for each of the functions it provides.
A consolidated L4-L7 platform that embeds all these functionalities such as firewall, CGNAT, intelligent traffic steering, policy enforcement, header enrichment, TCP optimization and DPI/URL classification in a highly scalable solution is what mobile operators are looking for. Depending on operator business policies, sometimes not all functionality can be collapsed onto a single physical platform. For example an operator’s internal security policy may dictate that security functions have to remain on a standalone platform. But even in those environments going from 4-5 platforms to just 2 platforms is a big step forward. Less platforms means less operational overhead and fewer operating systems and vendors to manage. It also means a simplified architecture which is less prone to errors and hence leads to increased stability. And last but not least new services are also much easier and faster to introduce in this architecture.
Consolidation is not a new concept. In the 2005 to 2010 period the routing industry has gone through a massive transition, moving from dedicated platforms for L2 services, L3 services, BRAS/BNG, etc. to a consolidated “service router” model that embeds all of these functionalities in a single platform. The L4-L7 industry is now going through a similar transition and F5 is one of the leaders in this transition, consolidating the most commonly deployed L4-L7 functionalities on the same platform and giving mobile operators the tools to significantly simplify their Gi LAN architecture. The service provider industry has completely embraced and adopted the “service routing” concept in the last couple of years, so there is no reason why this industry wouldn’t embrace the L4-L7 consolidation concept going forward.
In some ways the L4-L7 consolidation concept provides even more benefits than the L2-L3 consolidation. In the L2-L3 consolidation model a subscriber’s traffic stream typically only gets processed by one of the L2-L3 functions (e.g. you get either an L2 VPN service or an L3 VPN service but not both at the same time). In L4-L7 architectures a subscriber’s traffic stream may pass through multiple devices in series, like a DPI platform,a firewall and a header enrichment proxy. Each of these platforms have to go all the way up the protocol stack to provide their specific part of the L4-L7 functionality. In a consolidated L4-L7 platform you only have to walk up the protocol stack once, and the system will plug in the desired functionality at each level of the protocol stack on either side of the platform.
The rise of LTE and the effects it has on the traffic volumes are driving mobile operators to rethink their Gi LAN architectures, both from the perspective of the VAS services complex as well as from the perspective of consolidating some of the L4-L7 functionality that is present today. And with NFV around the corner, things will only get more interesting.