Consolidating L4-L7 functionality on the Gi LAN
In a recent article we discussed the value of having an intelligent traffic steering platform on the Gi LAN to optimize the utilization of VAS platforms such as video optimizers, transparent caching platforms, parental control systems, etc. In this post we will review the other platforms on the Gi LAN, and what is happening in the industry to get to a much simpler, more scalable and more cost effective architecture. Inline between the PGW/GGSN and the internet peering router mobile operators have been deploying point product solutions from different vendors addressing a variety of business as well as technical requirements. DPI platforms are used for application analytics and policy enforcement, firewalls are used to protect the radio network and the subscribers, CGNAT platforms are used to address the IPv4 address exhaustion issue and routers are used for static port forwarding towards the VAS services complex. With the continuous growth of data traffic in mobile networks, operators are starting to face some challenges with the scalability of these Gi LAN architectures. In the current environment each of these different platforms will reach it’s capacity limit at a different point in time, leading to constant upgrades and redesigns to keep the network up and running. Clearly, having less platforms inline in the data path would result in clear benefits, provided such a consolidated platform meets the necessary scalability and performance requirements for each of the functions it provides. A consolidated L4-L7 platform that embeds all these functionalities such as firewall, CGNAT, intelligent traffic steering, policy enforcement, header enrichment, TCP optimization and DPI/URL classification in a highly scalable solution is what mobile operators are looking for. Depending on operator business policies, sometimes not all functionality can be collapsed onto a single physical platform. For example an operator’s internal security policy may dictate that security functions have to remain on a standalone platform. But even in those environments going from 4-5 platforms to just 2 platforms is a big step forward. Less platforms means less operational overhead and fewer operating systems and vendors to manage. It also means a simplified architecture which is less prone to errors and hence leads to increased stability. And last but not least new services are also much easier and faster to introduce in this architecture. Consolidation is not a new concept. In the 2005 to 2010 period the routing industry has gone through a massive transition, moving from dedicated platforms for L2 services, L3 services, BRAS/BNG, etc. to a consolidated “service router” model that embeds all of these functionalities in a single platform. The L4-L7 industry is now going through a similar transition and F5 is one of the leaders in this transition, consolidating the most commonly deployed L4-L7 functionalities on the same platform and giving mobile operators the tools to significantly simplify their Gi LAN architecture. The service provider industry has completely embraced and adopted the “service routing” concept in the last couple of years, so there is no reason why this industry wouldn’t embrace the L4-L7 consolidation concept going forward. In some ways the L4-L7 consolidation concept provides even more benefits than the L2-L3 consolidation. In the L2-L3 consolidation model a subscriber’s traffic stream typically only gets processed by one of the L2-L3 functions (e.g. you get either an L2 VPN service or an L3 VPN service but not both at the same time). In L4-L7 architectures a subscriber’s traffic stream may pass through multiple devices in series, like a DPI platform,a firewall and a header enrichment proxy. Each of these platforms have to go all the way up the protocol stack to provide their specific part of the L4-L7 functionality. In a consolidated L4-L7 platform you only have to walk up the protocol stack once, and the system will plug in the desired functionality at each level of the protocol stack on either side of the platform. The rise of LTE and the effects it has on the traffic volumes are driving mobile operators to rethink their Gi LAN architectures, both from the perspective of the VAS services complex as well as from the perspective of consolidating some of the L4-L7 functionality that is present today. And with NFV around the corner, things will only get more interesting.
Simplifying your S/Gi Network with a consolidated architecture
Guest blog post by Misbah Mahmoodi, Product Marketing Manager, Service Providers Service providers are constantly challenged with ensuring their networks are running at optimal performance, especially as they cope with the increasing usage of mobile data traffic which leads to increased CapEx and OpeEx. At the same time, revenue has not kept pace with increasing data consumption, yielding in declining profitability as total cost of ownership continues to rise. As a result, service providers are looking for solutions that will allow them to scale more efficiently with traffic growth yet limit cost increases and at the same time accelerate revenue growth. Many of the services which operators use to deliver to their subscribers, such as video optimization, parental control, firewall and Carrier-Grade NAT reside on the S/Gi network, which is the interface between the PGW and the internet. Along with these services, service providers have deployed load-balancing solutions coupled with intelligent traffic steering and dynamic service chaining capabilities to steer traffic to the relevant VAS solutions based on a subscriber-aware and context-aware framework. This ensures, for example, that only subscribers using video are steered to a parental control service to check if the subscriber can watch the video, and subsequently on to a video optimization server, whereas, all other traffic are sent straight on through to the internet. Typically, service providers have deployed these services using point solutions. As traffic increases, service providers continue to expand these point solutions leading to an increase in the overall network footprint, but also results in an overwhelmingly complex network, making it more difficult to manage as well as increasing risk of network failures due to different vendor solutions being incompatible with each other. Continuing down this path is becoming less viable, and service providers need a solution that not only simplifies their S/Gi Network, but also reduces the total cost of ownership. Service providers need a solution that can consolidate core services onto a single platform, which provides the scalability and capacity to accommodate increases in future mobile broadband traffic and also provides greater subscriber and application visibility and control than a solution using multiple point products leading to increased revenues and profitability. With a consolidated architecture, service providers can leverage a common hardware and software framework to deliver multiple services. Adding or removing services within this framework is done via licensing, and having a unified framework means that there is common technology to understand and manage, enabling simpler configuration and management of network resources, which significantly simplifies operations and reduces cost. As all the major functionality of the S/Gi network is consolidated on a unified framework, service providers now have the ability to scale performance on demand, or using software based virtualized solutions, provide the ability to create an elastic infrastructure that can efficiently adapt as business needs change. Recently, F5 has conducted a study with an independent research analyst firm to analyze the total cost of ownership of a consolidated architecture versus point products. Based on this study, it was found that the F5 unified solution has a 36 percent lower TCO than the alternative point products solution and a 53 percent to 88 percent lower TCO with intelligent traffic steering as compared to a solution with no intelligent traffic steering. With F5, service providers have a solution that can optimize, secure and monetize mobile broadband networks and provide a unified platform that simplifies the network, yielding improved efficiency, lower costs, and secure service delivery.Optimizing mobile VAS service platforms with intelligent traffic steering
One of the challenges introduced by the rollout of LTE is the enormous increase in data traffic that gets transported across the mobile core network. Studies have shown that LTE users, in addition to enjoying higher bandwidths, also consume considerably more data than 3G users. These scalability challenges are forcing mobile operators to review their Gi LAN network architecture and how the value added services (VAS) infrastructure elements plug into that. Traditionally mobile operators have been steering traffic into their VAS platforms (e.g. video optimization, web optimization, transparent caching, parental control, etc.) in a very static way using policy based routing (PBR) as presented in the figure below. The advantage of this traditional port-based steering approach is that it is relatively simple to manage and configure. The disadvantage however is that economically this model is difficult to maintain with the constant increase of data traffic in mobile core networks. The VAS platforms are among the most expensive data processing components in the entire network, so mobile operators are currently looking for ways to optimize the utilization of these platforms in their networks. In the current architecture each of these VAS platforms are receiving data for which they are not providing any value. As an example, the video optimizer platform will receive traffic that isn’t video (a lot of port 80 traffic is plain web traffic), plus the mobile operator may have use cases where some video streams don’t need to be optimized. Instead of pushing all that decision logic into the different VAS systems, a better approach is to change the static port 80 steering logic into a more dynamic context-aware intelligent steering logic (please see figure below). This intelligent steering logic is able to take contextual decisions on a per flow or even on a per HTTP transaction basis about which VAS service(s) each flow or HTTP transaction needs to be forwarded to. Some flows may actually have to be passed through multiple VAS platforms which results in service chaining. The goal of this new architecture is to make optimum use of the VAS services that are deployed. The intelligent steering logic is fully controlled using operator defined business policies that can take inputs from a PCRF (subscriber-based steering logic), from Radius transactions (e.g. radio access type steering, device type steering, … ), from third party APIs (e.g. congestion based steering) and from the data packet content (e.g. content-based steering) all of which provide ‘context’ to the flow. An example of a statically configured intelligent steering policy that applies to all traffic on the Gi LAN is shown below. The goal here is to bypass the video optimizers whenever the subscriber is connected to the LTE radio network. As soon as the subscriber falls back to 2G or 3G coverage, his video streams will be steered through the video optimization platform. This architecture allows the mobile operator to keep the network as it was functioning before for their 2G and 3G users, without having to pass through all the LTE traffic through the same VAS services if that is deemed to be unnecessary. Another example which includes service chaining for some subscriber traffic flows is the following scenario. In this use case the mobile operator wishes to continue using traditional port 80 forwarding for all mobile traffic to a video optimization platform, while adding a parental control service which needs to be activated only for subscribers that have opted in to that service. A PCRF is used in this architecture to push down the subscribers’ traffic management policies into the intelligent steering device. User A has subscribed to a parental control service and therefore the PCRF will point to a service chaining policy that will steer that particular subscriber’s port 80 traffic to both video optimization and parental control platforms. User B on the other hand will only have his port 80 traffic steered through the video optimization VAS service. There are many other use cases but the above examples clearly demonstrate the flexibility of having an intelligent traffic steering platform inline on the Gi LAN interface. Not only do these advanced steering policies help mobile operators to cost optimize the utilization of their VAS platforms, they also allow for a rapid introduction of new services without having to re-engineer the entire network. The intelligent steering platform takes a central role by managing, steering and orchestrating all traffic flows in the mobile packet core towards the VAS services infrastructure and helps to reduce the total cost of ownership of the Gi LAN architecture. In addition to intelligent traffic steering other functionalities that are typically present on the Gi LAN could be consolidated. But that’s the subject of another article.
