Carrier Grade DNS: Not your Parents DNS
Domain Name System (DNS) is one of the overlooked systems in the deployment of 4G and Next Generation All IP Networks. The focus tends to be on revenue-generating applications that provide ROI for these major investments. For these to be successful the CSP's have first got to be able to deploy these networks, and provide a high quality of experience in order to be sure that these services are truly revenue generating. However, most CSP’s have overlooked some of the basic IP functions in order to provide these revenue generating applications. The building blocks for these applications are a quality, efficient, scalable, and feature-rich IP architecture. One of the key items that are required for this IP architecture is Carrier Grade DNS. DNS has been a long-standing requirement for Internet services for CSP's. However with these all IP networks, DNS is being used for new capabilities along with supporting increases in data traffic for standard content and Internet services. For years CSP's and employed cheap, inexpensive, and basic DNS systems on their network. This was done to provide basic DNS services and to minimize cost. However with and developing networks, these basic DNS deployments will not support the requirements of the future. DNS services are starting to be used for new and unique capabilities, which include managing traffic on both the internal network along with external content that is located on the Internet. Along with this new functionality, DNS is also required to provide security of DNS transactions and have the ability to mitigate against DNS attacks, along with providing for authoritative DNS zone management, resolution, and non-authoritative support, such as caching. The significant challenge for communication service providers is to provide these DNS capabilities while still maintaining a manageable Capex and Opex. This challenge can only be met by deploying a carrier grade DNS solution. The carrier grade DNS solution comprises all the basic capabilities of DNS, along with including a logical scaling capability, security for DNS transactions, and an ability to intelligently manage authoritative zones. Historically, traditional DNS solutions have addressed scaling by simply adding more hardware. This method is a Capex nightmare. With the increases in data and data demands, these problems with DNS scaling will grow exponentially. The only solution to this problem is the ability to deploy an intelligent DNS system that allows the communication service provider the ability to manage how DNS queries and how DNS authoritative responses are managed and delivered to subscribers. Since DNS is key in the ability to identify the location of web content it is vulnerable to both DNS hijacking attacks and denial of service (DoS) or distributed denial of service (DDoS) attacks. To prevent DNS hijacking attacks, carrier grade DNS solutions must be incorporated DNSSEC. By incorporating DNSSEC, responses to subscribers are guaranteed the identity of the answering authoritative DNS. DoS/DDoS attacks cannot be prevented. The only strategy they can be taken against DoS/DDoS is to mitigate the impact of these attacks. The best way to address the mitigation the impact of DoS/DDoS attacks is through a distributed carrier grade DNS architecture. By using such technologies as Global Server Load Balancing (GSLB) and IP Anycast, a distributed carrier grade DNS architecture can isolate and limit the impacts of DoS/DDoS attacks. GSLB allows the communication service provider to manage how DNS requests are answered based upon the location of the contents and the requester. IP Anycast allows for multiple systems to share the same IP address thereby distributing the number of systems answering request. By using these distributed systems DoS/DDoS attacks can be isolated and minimize the number of systems impacted. As we have seen over the past year, data use on CSP networks is going to continue to increase. To provide a successful ARPU model, a Carrier Grade DNS that provides for high availability, economical scalability, subscriber security, and high performance in essential. With all of the many challenges in a CSP network, basic IP infrastructure can be overlooked. An intelligent management system of these IP essential systems is the first step in reducing an ever expanding Capex and providing for a high quality of experience for your subscribers. Related Articles DNS is Like Your Mom F5 Friday: No DNS? No … Anything. Audio White Paper - High-Performance DNS Services in BIG-IP ... DevCentral Weekly Roundup | Audio Podcast - DNS F5 Friday: When the Solution to a Vulnerability is Vulnerable You ... F5 News - DNS DNS Monitor Using Dig - DevCentral Wiki The End of DNS As We Know It F5 Video: DNS Express—DNS Die Another Day Ray Vinson – DNSWhat is Intelligent Roaming?
Roaming means you connect with an operator in the country in which you are visiting: What can make it intelligent? When you are traveling abroad the last thing you want to worry about is loss of service from your mobile phone. And you also don’t want to start worrying about your next bill. Now that LTE is here, why can’t you just enjoy fabulous data speeds while downloading or watching a video and forget about the costs. Wouldn’t it be great if you could simply enjoy the local culture, exotic cuisines, colorful scenes and sit back and chat, talk and video about all these with your friends and family back home?!! Many people don’t realize what roaming entails and what it means for both the user and the telco operator. Apart from the basic concept of throwing your smartphone or other devices in your carry-on luggage there is a lot of technology that supports their operation. Currently, there are over 100 networks live with 4G capabilities offering subscribers rich experiences while at home. Undoubtedly, 4G subscribers expect the same quality and level of service to continue while they travel abroad. However, if you would have looked “behind the scenes” even way before 4G, enabling roaming required SS7 supported signaling for just voice and text messages in visited networks. With the evolvement of 2G/3G data, these roaming capabilities have become even more complex. For SS7- based roaming, there are some very good intelligent roaming solutions available. Many, if not most, operators use them. Typically they are based on so-called OTA (over the Air) mechanisms to remotely control the preferred visited network list. They are often enhanced with SS7-based network traffic steering. The OTA mechanism tells the SIM what is the order of network preferences for logging on. Usually, the SIM memory for this list is limited, so that in practice, the selection of visited networks can change frequently. Therefore to direct the roamer’s selection, a network traffic steering mechanism is often used which ignores attempts of a roamer to locate a specific network that is not among the top preferences of the home operator, forcing the handset to select another network until it either gets to the preferred network or selects the second best available network. This solution works because the signaling is sent back to the home network, enabling the home operator to decide the preferred network in real-time for each subscriber. Customers benefit as the best quality can be selected. However, the main driver behind this mechanism however, is that the home network can select the visited network chosen for the best negotiated price (even if this price can change on a daily basis in theory, but usually every few months contracts are agreed upon for a price per minimum volume). One important note is that with always-on services, like Blackberry email push, once the visited network has been selected, there is minimal chance that the roamer can update to another network. The selected network is completely invested in keeping roamers hooked in. And typically this happens with high usage, always on, high value roamers. Now we are entering the LTE/4G roaming era in which we have a fundamentally different situation. For the subscriber with a 4G smartphone, it doesn’t mean that much changes as the phone also supports the frequencies of the visited network. Operators want it to look simple and “just make it work.” The important technical change is that in LTE there is no longer use of SS7 signaling. Now Diameter is the chosen signaling protocol for mobility management (and for other functions like policy control, charging and more). Another major technical difference in LTE is that there is always a default bearer active, so that all smartphones/devices will be always on. Diameter-based Intelligent Roaming Take the scenario of a visited LTE network and assume the visiting customer has an LTE/4G supported device for that network. Also assume that there is a commercial LTE roaming agreement in place, and the roamer wants to use his smartphone just as he did in 3G technologies. The <!--ZZZLinkBegZZZ-->GSMA <!--ZZZLinkEndZZZ-->has defined how roaming for LTE should work commercially and technically. So in theory, there is nothing else needed other than implementing what the GSMA has defined. But now we get to the real unique value that can be added to the roaming experience. Here is how in a very intelligent way, the home network can remotely control the selection of the visited network by a specific subscriber. Here is how to force the device to reselect the network it originally selected, even overruling attempts by visited networks to capture the revenue generating customer. In addition to what was already possible in an SS7 based network, where a specific device could be steered to register to a preferred network, now there are customer, device and service-aware intelligent roaming capabilities. Since the intelligent roaming solution is configured as an application on the Diameter Agent functionality (DRA) that is required per GSMA guidelines (as per IR.88), it has full visibility of what’s going on in a specific device. It “sees” what services are being used and how “active” those services are. In other words, a network operator has real-time access to the signaling supporting policy control (typically Gx and/or S9 interfaces) and charging functions (typically Gy or related interfaces) while roaming. In addition, it has visibility to the service quality and the availability of all potential visited networks at any given moment. Simply put, we have a complete set of information to make the smartest decisions at any specific moment. So the operator can make decisions as to the best service selection for every roaming smartphone/device given all the business and operational alternatives available. The criteria used to decide to which network to connect is a real differentiator for the home network. The different factors can range from best quality to best price. The home network now has the power to control the redirection of high value traffic. This is possible even following the initial selection of a visited network. So at any given moment the home network can decide to interrupt the active default bearer or any other active link. With this capability the home network has full control of the revenue it can generate on a specific visited network. This capability of controlling the assigned traffic also allows the home network to negotiate a better price than when the home network will generate revenues almost at random for the visited network. With this capability, we’ve made a major jump in the roaming value chain. And keeping in mind that the global roaming market size is about 45 Billion (see reference 1 by <!--ZZZLinkBegZZZ-->Visiongain<!--ZZZLinkEndZZZ-->), the value of controlling the use of a specific visited network or minimizing the use a specific network is huge. Operationally speaking, when other traffic on the visited network, either generated by the visited networks’ own subscribers or by other visitors, cause the visited network to behave below a certain expected level, the home network can select an alternative network. In this way an operator can deliver a truly premium service to its own customers, according to the service agreements, customer and application experience for any individual customer, device and service. By deploying a Diameter Router (DRA) with intelligent roaming capabilities in addition to the GSMA required Diameter Edge Agent (DEA) functionality, operators can benefit from real-time control of the user experience while roaming abroad. And this benefit continues regardless of the time or service used by customers and devices. Diameter signaling and its unique position in the network for total visibility make this possible. 1 Visiongain has determined that the value of the global roaming market in 2012 will reach $45.1billion.
Optimizing mobile VAS service platforms with intelligent traffic steering
One of the challenges introduced by the rollout of LTE is the enormous increase in data traffic that gets transported across the mobile core network. Studies have shown that LTE users, in addition to enjoying higher bandwidths, also consume considerably more data than 3G users. These scalability challenges are forcing mobile operators to review their Gi LAN network architecture and how the value added services (VAS) infrastructure elements plug into that. Traditionally mobile operators have been steering traffic into their VAS platforms (e.g. video optimization, web optimization, transparent caching, parental control, etc.) in a very static way using policy based routing (PBR) as presented in the figure below. The advantage of this traditional port-based steering approach is that it is relatively simple to manage and configure. The disadvantage however is that economically this model is difficult to maintain with the constant increase of data traffic in mobile core networks. The VAS platforms are among the most expensive data processing components in the entire network, so mobile operators are currently looking for ways to optimize the utilization of these platforms in their networks. In the current architecture each of these VAS platforms are receiving data for which they are not providing any value. As an example, the video optimizer platform will receive traffic that isn’t video (a lot of port 80 traffic is plain web traffic), plus the mobile operator may have use cases where some video streams don’t need to be optimized. Instead of pushing all that decision logic into the different VAS systems, a better approach is to change the static port 80 steering logic into a more dynamic context-aware intelligent steering logic (please see figure below). This intelligent steering logic is able to take contextual decisions on a per flow or even on a per HTTP transaction basis about which VAS service(s) each flow or HTTP transaction needs to be forwarded to. Some flows may actually have to be passed through multiple VAS platforms which results in service chaining. The goal of this new architecture is to make optimum use of the VAS services that are deployed. The intelligent steering logic is fully controlled using operator defined business policies that can take inputs from a PCRF (subscriber-based steering logic), from Radius transactions (e.g. radio access type steering, device type steering, … ), from third party APIs (e.g. congestion based steering) and from the data packet content (e.g. content-based steering) all of which provide ‘context’ to the flow. An example of a statically configured intelligent steering policy that applies to all traffic on the Gi LAN is shown below. The goal here is to bypass the video optimizers whenever the subscriber is connected to the LTE radio network. As soon as the subscriber falls back to 2G or 3G coverage, his video streams will be steered through the video optimization platform. This architecture allows the mobile operator to keep the network as it was functioning before for their 2G and 3G users, without having to pass through all the LTE traffic through the same VAS services if that is deemed to be unnecessary. Another example which includes service chaining for some subscriber traffic flows is the following scenario. In this use case the mobile operator wishes to continue using traditional port 80 forwarding for all mobile traffic to a video optimization platform, while adding a parental control service which needs to be activated only for subscribers that have opted in to that service. A PCRF is used in this architecture to push down the subscribers’ traffic management policies into the intelligent steering device. User A has subscribed to a parental control service and therefore the PCRF will point to a service chaining policy that will steer that particular subscriber’s port 80 traffic to both video optimization and parental control platforms. User B on the other hand will only have his port 80 traffic steered through the video optimization VAS service. There are many other use cases but the above examples clearly demonstrate the flexibility of having an intelligent traffic steering platform inline on the Gi LAN interface. Not only do these advanced steering policies help mobile operators to cost optimize the utilization of their VAS platforms, they also allow for a rapid introduction of new services without having to re-engineer the entire network. The intelligent steering platform takes a central role by managing, steering and orchestrating all traffic flows in the mobile packet core towards the VAS services infrastructure and helps to reduce the total cost of ownership of the Gi LAN architecture. In addition to intelligent traffic steering other functionalities that are typically present on the Gi LAN could be consolidated. But that’s the subject of another article.Looking for gold under a standard DRA
People have often told me that I should share some of the content of my discussions with customers. So here goes: While speaking to a customer I begin to reflect on why DRAs (Diameter Routing Agent) usually interest core network signaling engineers as they are the ones who are building the Diameter signaling network and require a solution for optimal network scaling. Our conversation focuses on how much more efficient, smarter, flexible, cost effectively, and securely we can manage the signaling load for Diameter messages and other protocols. Most people who are involved in mobile broadband or LTE are not that interested in Diameter signaling. At least I find this to be true when I address Diameter directly in pure technical language. However, when I speak about what great things we can do by using the information contained in every signaling message, you get a complete different conversation, and an interested audience. Typically, when discussing Diameter signaling the interest is in terms of what a DRA and DEA (Diameter Edge Agent) should be able to do according 3GPP and GSMA specifications. But as there are now more vendors claiming to have a DRA/DEA (although only a few are actually deployed) … customers are usually surprised at the possibilities of adding services, increasing security, and optimizing the network when deploying a DRA. If we rename DRA/DEAs to more of a smart proxy (or charging controller), meaning a function that can look inside a message and make decisions on message content, while looking from the application level downward (remember Diameter is an application layer protocol), you get a completely new field of opportunities. The people working on an operator’s commercial services side understand that their customers are generating more and more traffic. And they have been notified that this traffic congestion can be a huge challenge for their network people to manage properly. (In fact this is the ‘standard’ technical DRA discussion) However, when an element like a DRA is inserted in their network to manage the signaling load, here we see the added value of a DRA to look into application specific aspects. Here are some examples that have been well received by services/commercially oriented people. Example 1: Offloading from OCS resources When a prepaid customer is out of credit, it usually takes quite a few re-attempts before the customer or application realizes that there is no credit left and that is the reason the requested service is not working. However, during this process, there has been lots of signaling messages generated to communicate in “Diameter language Gy” that there is zero balance left, and these messages use the resources of an OCS (Online Charging System). But by looking at the Diameter message in a smarter way (e.g. with application view) you can proxy the OCS for this very simple function and optimize its resources for use by only revenue-bearing messages. This is what our SDC does, the Signaling Delivery Controller for Diameter management. Example 2: Rollout special campaigns at lightning speed If a DRA is deployed to sit in front of an OCS to protect it for problems like overloading, this same DRA node can enable a quick rollout of special marketing campaigns without even touching the existing OCS and its surrounding provisioning system. This news would make your marketing team extremely happy as currently, they must wait for long development times plus each new service is weighed against high costs. For example, if you want to offer a specific segment of customers or devices a special offer such as free minutes on a public holiday there no need to bother the OCS. A smart DRA can do the job quickly and at minimal cost. Example 3: Speak all dialects of Diameter Our customers know that our SDC “speaks” all the Diameter dialects that the various vendors have implemented (more than 50 at this writing). And if that wasn’t already enough, it also “speaks” to other protocols like SS7, RADIUS, LDAP, etc…. All this information is all very interesting to technical people but not to marketing services and commercial people. However, I explain that by speaking the same language, new services and promotions can be offered much faster and more cost efficiently. Plus the fact that these offerings will also increase signaling traffic without any negative impact on the network so the network engineers won’t get angry. In fact, it’s a pure “win/win” as it is the traffic you want to generate because it brings revenues and creates customer loyalty. In summary, my discussions usually leave people pleasantly surprised with the knowledge of the added value of our smart Diameter solution, known as the SDC. . It is not just another award winning DRA/DEA but a platform that is the starting point of application-relevant signaling management by giving you access to the gold that is inside the signaling messages… so don’t hesitate and contact us, surprise us and we will surprise you!
The State of the LTE Market Today
One of the main success factors of LTE roll out and LTE services is the quality of an operator’s Diameter signaling solutions. Allow me to explain. Today, LTE devices, including smart phones, tablets, dongles etc. are generating an unprecedented volume of signaling, up to 100x the amount of signaling we are used to experiencing in legacy networks. Signaling is the network’s internal communication system, and the language that signaling “speaks” in LTE is called Diameter Protocol, an IP-based stream control transmission protocol. The Diameter Protocol plays a connecting and routing function among LTE networks and inside the network between the different network nodes. Diameter exists everywhere in the network, for example among enabling elements for policy management and enforcement, billing & charging, authentication, mobility management, and roaming services. LTE was designed on the drawing board as greenfield technology, replacing existing legacy 2G, 2.5G, and 3G networks and building new 4G networks from scratch. Keep in mind however, that in telco there tends to be more evolution than revolution. So, in practice, next-generation elements are deployed side-by-side with existing legacy network functionalities. This two-generation hybrid complicates the network by filling it up with a patchwork of technologies, interfaces, and protocols. And this complication—referred to as network fragmentation—is extremely costly if not handled properly. Minimally, it requires connectivity between the LTE interfaces, protocols, and elements, as well as connectivity between the new and legacy components. In addition, there is the huge task of simplifying this network spaghetti, and only a robust Diameter signaling router can succeed here. Now back to the LTE devices. Many are designed with power-saving mechanisms to preserve battery life. However, simply touching the device catalyzes signaling. Many consumers leave several applications open, such as mobile games and social networking sites—and this causes constant, massive signaling. The “always-on” state of LTE devices is constantly pinging the network with signaling, creating a greater volume of signaling messages than ever experienced by a network. The high level buzz around LTE speaks about an enhanced multimedia, personalized, and interactive experience. More specifically, LTE is expected to deliver advanced services and charging schemes such as family data plans, tiered data plans, video optimization, and faster speeds of mobile data. Each one of these improvements involves complicated “back-office” support in the network. Each LTE service comes with a complex navigation route among network elements like PCRFs (policy charging & rules function) that tell the network what level of data plan has been purchased by the subscriber; OCS (online charging system) elements needed to serve prepaid customers; and BSS (business support systems) elements that are connected to data centers across vast geographic areas and require signaling to deliver the billing charges to the correct data center. In short, it is the Diameter signaling router (more commonly known as DRA) that ensures that the correct information about the right subscriber is transmitted to the designated server in the network. So, my take on the state of the LTE market is that we have witnessed a great beginning. And from our perspective, there are two types of service providers. The first is the service provider who plans for signaling routing and gateway solutions from the beginning, and the second is the service provider who doesn’t add it to the plan and ultimately experiences pain due to signaling surges and overloads. This second type of service provider quickly realizes its mistakes and rushes to deploy Diameter routers and load balancers to ensure network reliability and maximum performance. In both scenarios, LTE networks experience a bombardment of signaling at unprecedented levels. This signaling must be managed, or it will upset network performance significantly or bring network operations to a halt.
Mobile Service Providers are missing a Key Security Issue - And it is not DNS
#MWC15 Barcelona is a great city, but with 100,000 people coming to the city for Mobile World Congress, it is expected that the criminals will come in force to prey upon these unwary travelers. When I travel, I am careful to protect myself from unsavory acts such as pickpocketing or physical attack. I avoid areas that may be dangerous and I take care to protect my personal belongings from theft such as keeping my wallet in my front pants pocket. But it is easy to become complacent and forget about possible ways to become a victim. When I am walking down a street, it is natural for me to have my phone out to look at the map for directions or use another service. My expensive smartphone is now out in the open for someone to run by and grab it. They will be gone before I even have a chance to react. Smartphone snatch and grab theft via The Times Mobile service providers are concerned about protecting their networks from DDoS attacks and intrusions that either degrade the performance of their network or expose sensitive information about them or their subscribers. One of the most common points of concern for the service providers is the DNS infrastructure. Every mobile operator has been hit by some DNS attack in the past, whether they are willing to admit it or not. Most service providers have implemented some level of protection against DNS attacks. But it is not only DNS that mobile service providers should be worried about. Many mobile operators have rolled out, or are rolling out Voice over LTE (VoLTE) services to deliver voice calls over the data network. To enable the VoLTE service, they need to have an IMS infrastructure in place to handle the SIP signaling to connect and monitor the VoLTE call status. Traditionally, before VoLTE, this IMS network has been closed and not accessible from the subscriber devices directly. Unfortunately, VoLTE changes that. VoLTE requires the smartphone to generate SIP messages to initiate a phone call. These SIP messages are sent to the IMS infrastructure intact. This means it is just a matter of time for malicious hacker to generate fake SIP messages that can reach the IMS services to deliver a DoS attack, obtain unauthorized services, or possibly even gain intelligence about the service provider’s subscribers or network configuration. Mobile service providers need to take a hard look at this portion of their network. They need to determine what needs to be in place in terms of security services such as an application-aware firewall, and/or DDoS protection solution to protect this newly exposed critical component of their infrastructure. Using a smartphone has changed my vulnerabilities and habits in the same way is VoLTE is forcing mobile service providers to re-inspect all aspects of their network as it changes the fundamental models that they have become accustomed to.Policy: Not just QoS and Tiered Services.
With the development of Internet Multimedia Services (IMS), the challenge of defining how the IMS infrastructure would deliver application services and control the user experience was answered with Policy. Policy is simply the application of business rules to define how a subscriber interacts with the network, application and services. Since 3GPP included Policy into the IMS standards,(3GPP TS 23.203) the market has viewed Policy as simply bandwidth management and subscriber tiered services. However, this view of Policy is limited and incomplete implementation of Policy in a Communication Service Provider (CSP) network. In order to truly implement a comprehensive policy architecture, policy must be integrated into the design and implementation of all network services. Creating rules to define how a subscriber connects to the network, authenticates, has an IP address allocated, along with all the interactions of network support services such as IPv6 translations, DNS, NAT, security services, etc. This Policy definition is the only way to truly define the subscriber interaction with services and applications. As CSP’s transition to all IP networks, maintaining the Quality of Experience (QoE) will determine the CSP’s success against competition. The ultimate challenge in transitioning to these technologies is still providing at least the same QoE as the previous networks (3G and traditional circuit switched voice) across all services. Since voice is still the largest impact on ARPU, delivering a quality VOIP solution (or VoLTE for wireless 4G) that is as stable and reliable as circuit switched voice is essential for success. Comprehensive policy across all IP services in the network provides a level of management related to these new technologies and the subscriber experience. IMS standards for Policy, specifically Policy defined at the Policy Control and Revenue Function’s (PCRF) relationship with the Policy Control Enforcement Function (PCEF), takes the first step in defining this policy architecture. The PCRF, by definition, defines the policy associated with the subscriber and sends policy updates to the PCEF, which will packet, shape (via Quality of Service (QoS)) the packet for that session. The PCRF makes these decisions based upon the subscriber’s tier of service, network origin, application, service definition and network status information. This Policy step is crucial, but it is incomplete for Comprehensive Policy across the network. For Comprehensive Policy, all network services need to be Policy aware and be able to enforce policy according to the specific network service. For example, as a device connecting to the IMS network, a DNS query is sent to determine the Call Session Control Function (CSCF) for the first SIP request. A standard DNS server will simply return the A or AAAA record (depending of if this is on an IPv4 network or IPv6 network) that it has for the appropriate CSCF. However, Policy can be used to define how that DNS server can determine which CSCF is returned based upon the network and subscriber. By defining this first interaction, the most available CSCF address can be returned to the device or, more specifically, a CSCF scheme can be defined based upon the location, network status, and subscriber. This is the first step in defining the experience that subscriber has with the IMS service. By defining Policy at the network services, the CSP takes control of the subscribers interaction at every point on the network. This makes all the network services a Policy enforcement point of the CSP’s business plan. These policies can be either dynamic or static, depending on the service or technology being deployed. Dynamic Policy allows for changes in the policy within the session without having dropping the session to make this Policy change. Static Policy is simply rules defined that do not change in mid-session. To provide for dynamic policy, a policy decision point is needed to pass policy changes to the policy enforcement point, this is the scheme that the PCRF and PCEF use to provide dynamic policy. However, using a combination of static and dynamic policy across all network services is the only way to offer comprehensive policy. As CSP technologies, applications and services evolve, the real challenge is maintaining ARPU and reducing, or managing, subscriber churn in order to maximize profit and stay competitive. The only way to achieve this is to maintain, and improve, the QoE as new applications and services are delivered to the subscriber. Understanding and managing the relationships between all services and the subscriber with the network is the only way to control the QoE. Comprehensive Policy across all network elements and services is the only way to manage these relationships between the subscriber and services. Related Articles New Service Provider BlogIPv6: Not When but How?
Over the last 10 years, there have been a lot of discussions about the depletion of IPv4 addresses. With development of the IPv6 standards, general consensus is that the Internet will eventually transition to IPv6. The real question has been “When will this transition take place?” For Communication Service Providers (CSP), increases in data usage and IP devices have caused industry standard’s bodies (such as 3GPP, TiSpan, 3GPP2 and CDG) to incorporate IPv6 in their high speed network architectures. This has caused CSP’s to include transition to IPv6 as part of their 4G and advanced network rollouts. The challenge is that with the majority of the Internet still being on IPv4, how is the best way to still give subscribers access to the content that they want and demand. So for the CSP’s, the question now is not when but how to transition to IPv6. There are several articles, blogs and discussions on the Internet about the different methods of transitioning to IPv6. Instead of re-hashing this information, I want to concentrate on the pros vs. cons of a few of the more prevalent methods. Dual Stack What is it? Dual stack is where a single system supports both IPv6 and IPv4 simultaneously. This is usually accomplished by both a hardware and software on the system. PROS This is a quick method to transition to a new IPv6 network while still supporting traffic on an IPv4 network. CONS This is extremely costly and can significantly impact performance of an individual system. DS –Lite What is it? DS – Lite requires the deployment of an IPv6 network and encapsulates IPv4 traffic in an IPv6 wrapper. This method was specifically designed for Cable networks interactions with set top boxes. PROS This method allows the deployment of IPv6 across the network and allows for IPv4 deployed protocols and applications that cannot use NAT to be integrated. CONS DS-Lite provides a significant overhead and is not all encompassing. Other solutions need to be incorporated in order to support IPv6 native protocols and traffic. 6RD What is it? 6RD uses pre-existing tunnels on an IPv4 network to transport IPv6 traffic. PROS This method is a fast way to support IPv6 traffic. CONS This does not deploy an IPv6 network at all. All the problems of IPv6 transition sill exist. Gateway and DNS64/NAT64 What is it? This method deploys a gateway to translate IPv4 traffic to IPv6, and back, and uses DNS64 to translate IPv4 records (A records) to IPv6 records (AAAA records) and coordinates with NAT64 to translate and manage IP addresses for both IPv4 and IPv6 traffic. PROS Allows for a complete migration to IPv6. Supports a complete interaction with both IPv6 and IPv4 Internet content. CONS Does not support IPv4 protocols that cannot interoperate in an NAT environment. Difficult to scale and manage performance These methods are not always independent and all inclusive. For example, if a CSP has a Quad Play offering (TV, Phone, Internet, and Wireless), DS-Lite may be a good solution for TV (Cable set top box) while still using an IPv6 Gateway, DNS64 and NAT64, and Dual Stack for other offering and systems. This architecture allows for a complete migration to an IPv6 offering while still supporting existing set top boxes at the customer locations. The ultimate challenge is for CSP’s to migrate to IPv6 with as little impact to the subscriber experience. The method chosen by CSP’s needs to be able to migrate to IPv6 and still support current IPv4 content and applications, and this needs to be done seamlessly to the subscribers. Related Articles F5 Friday: IPv6 Day Redux F5 Friday: 'IPv4 and IPv6 Can Coexist' or 'How to eat your cake ... IP::addr and IPv6 IPv6 and the End of the World DevCentral World IPv6 Day Live Podcast IPv6: Yeah, we got that Service Provider Series: Managing the IPv6 Migration Hackers, IPv6 and Denial of Service Attacks. Oh My! What is F5 Doing for World IPv6 Day? F5 Friday: Thanks for calling... please press 1 for IPv6 or 2 for ...Consolidating L4-L7 functionality on the Gi LAN
In a recent article we discussed the value of having an intelligent traffic steering platform on the Gi LAN to optimize the utilization of VAS platforms such as video optimizers, transparent caching platforms, parental control systems, etc. In this post we will review the other platforms on the Gi LAN, and what is happening in the industry to get to a much simpler, more scalable and more cost effective architecture. Inline between the PGW/GGSN and the internet peering router mobile operators have been deploying point product solutions from different vendors addressing a variety of business as well as technical requirements. DPI platforms are used for application analytics and policy enforcement, firewalls are used to protect the radio network and the subscribers, CGNAT platforms are used to address the IPv4 address exhaustion issue and routers are used for static port forwarding towards the VAS services complex. With the continuous growth of data traffic in mobile networks, operators are starting to face some challenges with the scalability of these Gi LAN architectures. In the current environment each of these different platforms will reach it’s capacity limit at a different point in time, leading to constant upgrades and redesigns to keep the network up and running. Clearly, having less platforms inline in the data path would result in clear benefits, provided such a consolidated platform meets the necessary scalability and performance requirements for each of the functions it provides. A consolidated L4-L7 platform that embeds all these functionalities such as firewall, CGNAT, intelligent traffic steering, policy enforcement, header enrichment, TCP optimization and DPI/URL classification in a highly scalable solution is what mobile operators are looking for. Depending on operator business policies, sometimes not all functionality can be collapsed onto a single physical platform. For example an operator’s internal security policy may dictate that security functions have to remain on a standalone platform. But even in those environments going from 4-5 platforms to just 2 platforms is a big step forward. Less platforms means less operational overhead and fewer operating systems and vendors to manage. It also means a simplified architecture which is less prone to errors and hence leads to increased stability. And last but not least new services are also much easier and faster to introduce in this architecture. Consolidation is not a new concept. In the 2005 to 2010 period the routing industry has gone through a massive transition, moving from dedicated platforms for L2 services, L3 services, BRAS/BNG, etc. to a consolidated “service router” model that embeds all of these functionalities in a single platform. The L4-L7 industry is now going through a similar transition and F5 is one of the leaders in this transition, consolidating the most commonly deployed L4-L7 functionalities on the same platform and giving mobile operators the tools to significantly simplify their Gi LAN architecture. The service provider industry has completely embraced and adopted the “service routing” concept in the last couple of years, so there is no reason why this industry wouldn’t embrace the L4-L7 consolidation concept going forward. In some ways the L4-L7 consolidation concept provides even more benefits than the L2-L3 consolidation. In the L2-L3 consolidation model a subscriber’s traffic stream typically only gets processed by one of the L2-L3 functions (e.g. you get either an L2 VPN service or an L3 VPN service but not both at the same time). In L4-L7 architectures a subscriber’s traffic stream may pass through multiple devices in series, like a DPI platform,a firewall and a header enrichment proxy. Each of these platforms have to go all the way up the protocol stack to provide their specific part of the L4-L7 functionality. In a consolidated L4-L7 platform you only have to walk up the protocol stack once, and the system will plug in the desired functionality at each level of the protocol stack on either side of the platform. The rise of LTE and the effects it has on the traffic volumes are driving mobile operators to rethink their Gi LAN architectures, both from the perspective of the VAS services complex as well as from the perspective of consolidating some of the L4-L7 functionality that is present today. And with NFV around the corner, things will only get more interesting.
The Top Ten Requirements to look for when selecting your Diameter Signaling Controller (DSC) for your IMS/LTE Network
There are many important aspects, features and technologies to be aware of when you are deploying an IMS or LTE network. Here is a handy check list for key requirements to look for before you begin your “shopping” for Diameter signaling management solutions referred here as a DSC. 1. An intelligent signaling management solution that routes, manages, load balances and protects signaling from overloads in 4G LTE, IMS and 3G Networks by including a DRA, DEA, IWF (InterWorking Function, Gateway) and load balancer that operates between DRA/DEA instances for maximum scale and complete reliability. 2. A DSC that supports all Diameter interfaces (to date 52) and seamless support for new ones. 3. A DSC that supports the full range of message-oriented protocols for routing and transformation (e.g. SS7, RADIUS, HTTP/SOAP, LDAP, GTP’, JMS). 4. The greater number of IOT with other vendors and the widest range of interworking functions (Diameter — Diameter and Diameter — legacy protocols). 5. The highest performance and value/cost ratio. 6. Get maximum routing flexibility that can be based on any field (AVP) and scalability to grow your network seamlessly. 7. Comprehensive network protection with enhanced congestion, flow control and signaling prioritization mechanisms. 8. Full visibility at the message level into your control plane for network analytics, an integrated management system that prevents traffic congestion and offers you network KPIs, and a full Diameter testing suite for operational continuity. 9. Context-aware intelligent routing that works seamlessly with subscriber management elements for dynamic subscriber data that can be deployed in an Active/Active mode. 10. Any Diameter solution you select should be backed by a financially strong company that offers expertise in carrier deployments delivery and ongoing support both globally and locally, and deep experience in both network and IP to ensure smooth integration between IT and core networks. ****And most importantly, make sure all you can check on all the above features in the field or lab, and not just on paper.
