WHITE PAPER Choosing a Virtual Path to Carrier-Grade Wi-Fi Services Affirmed Networks, Inc.,
Carrier Wi-Fi services will clearly be a key part of the mobile mix going forward. What remains to be seen is how mobile carriers will integrate Wi-Fi into their networks and monetize that investment. Network Functions Virtualization (NFV) provides the key to both Wi-Fi integration and monetization. This paper will examine how virtualization can accelerate Carrier Wi-Fi service deployment and reduce the total cost of ownership (TCO) of the Wi-Fi solution versus traditional network transformation methods. CARRIER WI-FI: THE MARKET OPPORTUNITY While carriers have invested heavily in 4G and LTE initiatives, it is clear that these technologies alone will not be enough to meet the rising demands of broadband wireless communications. Instead, the industry is betting on the convergence of 4G/LTE and Wi-Fi technologies to deliver seamless mobile broadband to subscribers. COMPETITIVE DIFFERENTIATOR Until recently, Wi-Fi was largely seen as an alternative wireless technology for carriers. Ubiquitous and inexpensive to deploy, Wi-Fi has now become a competitive differentiator for mobile carriers that have integrated Voice over Wi-Fi services into their network as a way to: 1. Extend their coverage; 2. Compete with larger carriers with wider RAN coverage areas. Wi-Fi is a unique, complementary technology to 3G/4G wireless that resolves long-standing issues, such as indoor coverage, and provides a cost-effective method for Internet backhaul that could solve one of the biggest issues facing mobile carriers today: limited network bandwidth. 2
% of hotspots CARRIER-GRADE WI-FI Key to this trend is that Wi-Fi is evolving from a best effort service to carrier-grade service. Between 2015 and 2017, according to Maravedis Rethink calculations, 82% of operators plan to start upgrading at least part of their Wi-Fi networks to carrier-grade, and this will result in two-thirds of public hotspots being carrier-grade by the end of 2018. 1 100 90 86 80 70 60 75 58 60 71 50 40 30 25 42 40 29 20 10 0 14 2014 2015 2016 2017 2018 Best Effort Carrier Grade Figure 1: Installed base of Wi-Fi hotspots accessible to MNOs and MSOs, with split between best effort and carrier-grade 2 1 Towards 2020: Emerging opportunities for wi-fi services. Wireless Broadband Alliance. 2015. 3
WHAT S DRIVING CARRIER WI-FI ADOPTION IN YOUR NETWORK? The value of integrating Wi-Fi into the network experience varies from carrier to carrier. This is one of the reasons why Wi-Fi technology has largely flown under the radar, while initiatives like Voice over LTE (VoLTE) have gained more traction in the industry. Today, there are no fewer than five unique scenarios where Carrier Wi-Fi can enhance the carrier network experience: Offload: For mobile network operators (MNOs), the ability to offload voice and data traffic over Wi-Fi is an extremely attractive option. This does require new network elements notably a Trusted Wireless Access Gateway (TWAG) and creates additional network issues around session handoffs between the cellular and Wi-Fi networks, but the benefits are too compelling to ignore. Wi-Fi Calling: In addition, MNOs are moving toward Voice over Wi-Fi (VoWiFi) as a way to improve both indoor coverage and keep the subscriber experience on network a key monetization strategy in a world where subscribers spend 70-80% of their day within range of a Wi-Fi network. As some MNOs have shown, VoWiFi can cost-effectively extend their network services range. In fact, for mobile virtual network operators (MVNOs), VoWiFi is often the first step in rolling out wireless voice services. Fixed access operators also have a potentially large Wi-Fi footprint via their installed base of customer premise equipment (e.g., wireless gateways), which can be leveraged to deliver VoWiFi services in the home. Location-based Services: Wi-Fi has been seen as a way to deliver content, notifications, and advertisements based on location. This has now gone one step further to proximity-based applications or services where subscribers could automatically discover each other when they are within a particular range. This would be very powerful for gaming and content share type applications. Figure 2: Why users find Wi-Fi calling appealing 2 2 Wi-fi calling finds its voice. 2015. 4
M2M and Internet of Things: IoT applications will be a driver for Wi-Fi services. This includes applications such as video surveillance, asset tracking, connected cars, smart home devices, and wearables like Fitbit. Wholesale Wi-Fi: Finally, there is a wholesale opportunity for carriers to aggregate Wi-Fi networks both their own networks and on behalf of enterprise customers such as coffee shops or retail stores which can then be packaged as a more complete Wi-Fi experience. User Experience 3G/4G Roaming SGSN/ SGW Recommended Partner or 3 rd Party HLR/HSS AAA OCS PCRF Content 3G/4G 3G/4G Access SGSN/ SGW 3G/4G Trusted Trusted WiFi Untrusted Untrusted WiFi Figure 3: Affirmed Wi-Fi Gateway THE PATHWAY TO CARRIER WI-FI: A NETWORK PERSPECTIVE In order to support carrier Wi-Fi integration two network elements have been defined to serve as a secure gateway between the service provider s core network and Wi-Fi networks: TWAG-Trusted Wi-Fi Access Gateway epdg-evolved Packet Data Gateway 5
Millions Millions TWAG Trusted Wi-Fi Access Gateway (TWAG) The role of the Trusted Wi-Fi Access Gateway (TWAG) is to bring Wi-Fi communications into the mobile network experience seamlessly. The TWAG supports smooth handoff between cellular and Wi-Fi sessions as well as consistent enforcement of policies, authentication/identification, charging, etc. Since the TWAG is a gateway for trusted Wi-Fi endpoints, data that passes through the TWAG does not need to be encrypted. Evolved Packet Data Gateway (epdg) What happens if the Wi-Fi network is not trusted? In this case, MNOs would need to deploy an evolved Packet Data Gateway (epdg) to provide the necessary IPsec encryption in addition to the other gateway functions (session handoff, policy enforcement, AAA services, etc.). This is not a trivial task; in fact, IPsec encryption represents a very real chokepoint in the carrier network as carriers may now have millions of additional IPsec processes to perform at the gateway. WiFi calling is a main driver for epdg deployments. THE PATHWAY TO CARRIER WI-FI: VIRTUAL OR TRADITIONAL As MNOs look to deploy Carrier Wi-Fi services in their networks, they may choose a traditional path (i.e., adding hardware-based gateways to their network) or a virtual path. Network functions virtualization (NFV) offers a more attractive approach to carrier-grade Wi-Fi services, both in terms of cost containment and the rapid enablement of new services. In a recent study by ACG Research, an NFV-based approach to network transformation yielded significant savings over a five-year cost of ownership for an epdg and Evolved Packet Core (EPC) deployment: 40% reduction in capex spending; 54% reduction in opex spending; 45% lower Total Cost of Ownership. Cumulative TCO 45% lower TCO Year 1 Year 2 Year 3 Year 4 Year 5 Affirmed Traditional Five-Year Cumulative TCO 54% Lower Opex and 40% Lower Capex In addition, the study found a direct link between virtualization and higher monetization from new services, including: Nearly 3X faster time-to-market for new services, resulting in approximately 10 more months on the market; Significantly lower cost of service creation, leading to more niche and personalized services. Affirmed Capex Traditional Opex 6
The ability to quickly deploy Wi-Fi services across regions and cost-efficiently scale network capacity helps MNOs to capitalize on the Carrier Wi-Fi opportunity sooner, and differentiates their services in the market. An NFV-based architecture can also support service automation and orchestration, which dramatically lowers the cost and time of new service creation and enables MNOs to respond to changing market demands faster. It s important to remember, however, that not all virtualized solutions provide the same benefits and capabilities particularly those that are based on legacy code from pre-virtualized products. VIRTUALIZING WI-FI WITH AFFIRMED NETWORKS Affirmed Networks represents the next generation of mobile networks: purely virtual, software-defined networks built on standard Intel Architecture-based servers. The Affirmed Mobile Content Cloud (MCC), a fully virtualized EPC (vepc) solution, is natively architected for virtualized environments and currently deployed in some of the world s largest service provider networks. The Affirmed Wi-Fi Gateway has been developed on top of the MCC from which it inherits a wide range of mobile gateway functions, such as GGSN, SAE-GW, SP/DPI/Heuristics application detection, PCEF with Gx and Gy interfaces for QoS and offline/online charging, Lawful Interception; as well as its rich set of content services, such as HTTP(S) Proxy, web and video content optimization and adaptation, content caching, content filtering/parental control, subscriber firewall, NAT/ALG and more. Figure 4: Affirmed Mobile Content Cloud 7
The Affirmed Wi-Fi Gateway features complete TWAG/TWAP and epdg functions that can be deployed on commercial off-the-shelf (COTS) servers or within the vepc on virtually managed hardware. Affirmed Wi-Fi Gateway Features: Ultra-high performance on commercial x86 servers and blades; Open support for popular hypervisors from VMware, KVM and OpenStack; Full compliance with ETSI NFV standards; Easy integration with the Affirmed vepc or third-party EPC solutions; A uniquely engineered virtual epdg that delivers 5G levels of performance for high volumes of encrypted traffic; Seamless delivery of core network services including policy/charging, packet inspection, value-added service/content optimization and workflow orchestration. Enabled by Key Intel Technologies Through the Intel Network Builders program, Affirmed is able to leverage hardware and software advancements by Intel, including Intel AES New Instructions (Intel AES-NI) and Intel Multi-Buffer Crypto for IPsec Library to deliver a highly scalable Wi-Fi Gateway that supports millions of IPsec tunnels independent of other gateway functions. This is a key consideration when connecting Wi-Fi traffic to the mobile network and a core value of the Affirmed Wi-Fi gateway solution as it ensures that MNOs can support Wi-Fi traffic without compromising network performance and security. Wi-Fi EPC Integration There are several ways that service providers can leverage Wi-Fi access to enhance their services and improve network performance. These include offloading traffic onto trusted Wi-Fi networks, extending core network services through trusted (and untrusted) Wi-Fi networks, and providing VoWiFi or WiFi calling services, which includes seamless session handoff between Wi-Fi and cellular networks. Figure 5 is an example of untrusted Wi-Fi integration with an operator EPC network. 8
Figure 5: Untrusted Wi-Fi Integration with vepc In a world with millions of Wi-Fi access points, untrusted Wi-Fi networks are a common occurrence. By an untrusted network, we mean one in which the service provider cannot authenticate users or control the flow of traffic over the network. An example of an untrusted network could be a Wi-Fi network in a coffee shop or one hosted by a competitive provider. In order to safely bring untrusted Wi-Fi networks into the core network, service providers must deploy a different element: an evolved Packet Data Gateway (epdg). Communications over untrusted networks require an added level of security known as IPsec encryption. Industry standards mandate that all mobile devices must feature an IPsec client on the device. In this case, voice and data sessions pass securely through an IPsec tunnel. These tunnels often need to remain open in anticipation of incoming or outgoing calls, so that at any given time millions of IPsec tunnels may need to remain open in the network. Hardware-based epdgs are designed to handle this high demand for open IPsec tunnels, but these same high encryption requirements have historically proven problematic for virtualized epdg instances. The Affirmed epdg is the exception to that rule: a remarkably robust virtual epdg that can deliver 5G levels of IPsec-encrypted communications on a single server. With an Affirmed NFV platform for Wi-Fi services, MNOs can quickly deploy carrier-grade Wi-Fi services, creative new services easily, scale capacity up or down on demand, and do it all at a much lower total cost of ownership than with comparable, hardware-based gateways. For more information on our complete Wi-Fi solutions portfolio, visit us online at affirmednetworks.com. 9