Why an Empty Glass is like a Key Mobile Service Provider Technology
"Speedy Gonzales (1955 short)" by Source (WP:NFCC#4) #MWC15 I was at a restaurant with some colleagues after the day of Mobile World Congress events today in Barcelona. Unfortunately, all the Spanish I learned was from the Warner Bros Speedy Gonzales cartoons. The people of Barcelona are great and most of them have a superb command of the English language. While we were ordering and eating our tapas which we selected off of the menu of options, one of our servers came by to refill our water glasses. I took this opportunity to ask the server for a separate empty glass so I could take some medicine I needed to mix with the water. The server looked at me with a puzzled look and I tried to explain again. ‘Please bring a cup. Empty,” I said as I used hand gestures to simulate an empty glass with the one he had just filled. Again, he gave me a look that signified he did not understand. “Cup. Empty,” I stated once again. He nodded this time and walked off. A minute later he was back with no cup, but our waiter was with him. The waiter said, “I am sorry. He does not understand you. What do you need?” “An empty cup, please.” I held up the medicine packet to show him why I needed it. “Ah. No problem. One moment.” And off they went as the waiter explained to the young gentleman what I needed. Finally, the server arrived with my empty glass. This brings up one of the issues that mobile service providers have that we sometimes gloss over or sweep under the table knowing it is being resolved in the future. The LTE networks need translation services like my waiter provided. Not for English or Spanish, but to switch the conversation from IPv6 to IPv4 and back again. The problem is that LTE networks are architected to use IPv6 addresses using 128 bits of IP address space while the Internet is still mostly IPv4, using 32 bits for each IP address. In addition, many service provider networks are not fully IPv6 either and they need this IP translation service to support the communications through their own infrastructure. Most LTE capable phones are designed to support IPv6. The Internet of Things, when it blows up to 50 billion devices by 2020 will have things with IPv6 addresses. This is necessary because there are not enough IPv4 addresses to support all of these devices. A carrier grade network address translation (CGNAT) solution is needed to provide IP address translation capabilities within the network. CGNAT may not have the buzz of IoT, nor does it have the public momentum of NFV, but it is still an essential technology to incorporate until the service provider networks and Internet fully support IPv6 addresses. CGNAT is deployed in most service provider networks to some extent, but it functionality and performance needs to be expanded to support this surge of new devices connecting to the LTE networks. A complimentary technology that I would be remiss to omit when talking about CGNAT is DNS64 services. DNS64 is the mapping of DNS addresses in IPv4 format to IP addresses in IPv6 format. This is critical because DNS is all about the mapping of names, or fully qualified domain names (FQDNs) to IP addresses which will be either IPv4 or IPv6. Service providers need to keep the CGNAT technologies in mind as they continue to build and expand their LTE networks, especially with the popularity of IoT. In my instance, I was lucky that I had my waiter to provide translation services between Spanish and English. The long term solution is for the server and/or me to learn each other’s respective languages. Only then will the waiter not be needed to always be around so we can have a conversation. In the service provider’s network the CGNAT solution (with DNS64) will always be needed until all of the devices and the Internet support a common a language, IPv6.305Views0likes0CommentsMobile Service Providers are missing a Key Security Issue - And it is not DNS
#MWC15 Barcelona is a great city, but with 100,000 people coming to the city for Mobile World Congress, it is expected that the criminals will come in force to prey upon these unwary travelers. When I travel, I am careful to protect myself from unsavory acts such as pickpocketing or physical attack. I avoid areas that may be dangerous and I take care to protect my personal belongings from theft such as keeping my wallet in my front pants pocket. But it is easy to become complacent and forget about possible ways to become a victim. When I am walking down a street, it is natural for me to have my phone out to look at the map for directions or use another service. My expensive smartphone is now out in the open for someone to run by and grab it. They will be gone before I even have a chance to react. Smartphone snatch and grab theft via The Times Mobile service providers are concerned about protecting their networks from DDoS attacks and intrusions that either degrade the performance of their network or expose sensitive information about them or their subscribers. One of the most common points of concern for the service providers is the DNS infrastructure. Every mobile operator has been hit by some DNS attack in the past, whether they are willing to admit it or not. Most service providers have implemented some level of protection against DNS attacks. But it is not only DNS that mobile service providers should be worried about. Many mobile operators have rolled out, or are rolling out Voice over LTE (VoLTE) services to deliver voice calls over the data network. To enable the VoLTE service, they need to have an IMS infrastructure in place to handle the SIP signaling to connect and monitor the VoLTE call status. Traditionally, before VoLTE, this IMS network has been closed and not accessible from the subscriber devices directly. Unfortunately, VoLTE changes that. VoLTE requires the smartphone to generate SIP messages to initiate a phone call. These SIP messages are sent to the IMS infrastructure intact. This means it is just a matter of time for malicious hacker to generate fake SIP messages that can reach the IMS services to deliver a DoS attack, obtain unauthorized services, or possibly even gain intelligence about the service provider’s subscribers or network configuration. Mobile service providers need to take a hard look at this portion of their network. They need to determine what needs to be in place in terms of security services such as an application-aware firewall, and/or DDoS protection solution to protect this newly exposed critical component of their infrastructure. Using a smartphone has changed my vulnerabilities and habits in the same way is VoLTE is forcing mobile service providers to re-inspect all aspects of their network as it changes the fundamental models that they have become accustomed to.262Views0likes0CommentsWhy Getting to Mobile World Congress needs TCP Optimization
#MWC15 I just arrived in Barcelona for Mobile World Congress, the premiere mobile industry event. This year, they expect up to 100,000 exhibitors and customers to attend the event, up from over 70,000 last year. I took three flights taking over 18 hours to get here. My flights were packed with other attendees all trying to get here like me. I had a significant delay at one point because they had to change the actual plane we were supposed to be flying on. There were long lines and it took quite a while to get through some of the lines for the plane, passport control, and getting my show badge. Every time, the system was not designed to handle such a large influx of people going through the system, and every time, I was delayed getting the expected service and reaching my final destination. This is much like our need for TCP optimization technologies on the Internet. Service providers have to manage congested networks due to seen (large scheduled events) and unforeseen (natural disasters and malfunctions) conditions. During these situations, they need to find ways to still deliver a quality service to their customers. Calls still need to be made. Application still need to update efficiently and in a timely manner. Currently, many service providers use technologies like video optimization and caching to maintain a high quality of experience for their customers. Unfortunately, these technologies may not be ideal as the Internet evolves. Traffic is growing at a high rate with the general availability of 4G LTE networks and 5G is around the corner. In addition, encrypted traffic is on the rise, increasing over four-fold in Europe in the past year because of security and privacy concerns. These solutions must see the content to be effective and the encryption prevents their use. TCP optimization, on the other hand, leverages the TCP protocol and does not depend on applications or content. It is designed to improve the flow of traffic through adjustments to the TCP protocol parameters based on expected and observed network conditions. This means that the flow from an application on the Internet to the subscriber can be optimized on one side for the low latency high speed characteristics of the Internet and given a different set of parameters based on high latency and slower access networks like cellular radios. The TCP optimization technology manages the optimal delivery of the content by acting as a TCP proxy to handle both sides of the connection separately. If I were able to somehow apply this technology to my trip to Barcelona and manage the flow of 100,000 people through the week-long event, it would feel like I got 120% increased efficiency (based on real improvements to content delivery over live wireless networks) out of my efforts surrounding this show. If you are interested in hearing more about TCP Optimization, please view our new Reference Architecture on our website or come visit our booth at MWC located at Hall 5, Booth G11214Views0likes0Comments