Mobile Gi LAN Consolidation. Bart Salaets Solution Architect

Similar documents
Business Case for S/Gi Network Simplification

Powering the Internet of Things: SDN/NFV Architectures

Dynamic Service Chaining for NFV/SDN

Using SDN-OpenFlow for High-level Services

Cisco ACI and F5 LTM Integration for accelerated application deployments. Dennis de Leest Sr. Systems Engineer F5

Unified Threat Management, Managed Security, and the Cloud Services Model

Service Automation Made Easy

Application centric Datacenter Management. Ralf Brünig, F5 Networks GmbH Field Systems Engineer March 2014

NetScaler carriergrade network

OVERVIEW. Virtual Solutions for Your NFV Environment

Challenges and Opportunities:

ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE

Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26

SDN PARTNER INTEGRATION: SANDVINE

Affording the Upgrade to Higher Speed & Density

The Distributed Cloud: Automating, Scaling, Securing & Orchestrating the Edge

Use Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor. Sandeep Shah Director, Systems Architecture EZchip

VIRTUALIZING THE EDGE

What is SDN all about?

The promise of SDN. EU Future Internet Assembly March 18, Yanick Pouffary Chief Technologist HP Network Services

Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start?

SDN Architecture and Service Trend

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

Management & Orchestration of Metaswitch s Perimeta Virtual SBC

Delivering Managed Services Using Next Generation Branch Architectures

A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.

Application Defined E2E Security for Network Slices. Linda Dunbar Diego Lopez

APPLICATION DELIVERY CONTROLLERS AND THEIR ROLES IN THE MOBILE NETWORK

Service Provider Solutions for Growth in Managed and UnManaged Video

464XLAT in mobile networks

Enabling Application Aware Networks The Next Generation Data Centre with Citrix NetScaler & Cisco Nexus. Ralph W. Lorkins Lead Systems Engineer

CARRIER LANDSCAPE FOR SDN NEXT LEVEL OF TELCO INDUSTRILIZATION?

Presented by Philippe Bogaerts Senior Field Systems Engineer Securing application delivery in the cloud

Virtualization, SDN and NFV

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks

Adoption of SDN: Progress Update

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Orchestrating the next generation data center

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

SDN and NFV in the WAN

Conference. Smart Future Networks THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF EVERYTHING

Building Access Networks that Support Carrier Ethernet 2.0 Services and SDN

The F5 Handbook for Service Providers. 24 Use Cases to Secure, Optimize, and Monetize Your Network

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

APPLICATION-AWARE ROUTING IN SOFTWARE-DEFINED NETWORKS

Security Overview and Cisco ACE Replacement

Network functions Virtualisation CIO Summit Peter Willis & Andy Reid

Leveraging SDN and NFV in the WAN

Threat-Centric Security for Service Providers

The Benefits of SD-WAN with Integrated Branch Security

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

Multi-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures

NFV and SDN Answer or Question?

Getting More Performance and Efficiency in the Application Delivery Network

Service Chaining in Carrier Networks

White Paper - Huawei Observation to NFV

THUNDER ADC MEETS MOBILE SERVICE PROVIDER NETWORK CHALLENGES Safeguard and Optimize Service Availability with A10 Networks

SSL Inspection Step-by-Step Guide. June 6, 2016

Business Case for Data Center Network Consolidation

SIP Trunking with Microsoft Office Communication Server 2007 R2

APV9650. Application Delivery Controller

Strategies for Getting Started with IPv6

Definition of a White Box. Benefits of White Boxes

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Business Case for Brocade Network Analytics for Mobile Network Operators

Secure Cloud-Ready Data Centers Juniper Networks

How To Make A Cloud Bursting System Work For A Business

Acme Packet Net-Net SIP Multimedia-Xpress

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: Mob.:

Understanding the Business Case of Network Function Virtualization

A Mock RFI for a SD-WAN

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

ALEPO IN THE VIRTUALIZED CORE NETWORK

Application Delivery Networking

Network Function Virtualization & Software Defined Networking

Network Services in the SDN Data Center

ADC의 진화 WDC (Workspace Delivery Controller) 시트릭스 코리아 허재홍 부장 September 17, 2015

Business Case for NFV/SDN Programmable Networks

Looking Ahead The Path to Moving Security into the Cloud

Implementing Cisco IOS Network Security

Network Functions Virtualization (NFV) for Next Generation Networks (NGN)

Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Strategies for Capturing

Cloud, SDN and the Evolution of

Introduction to Quality Assurance for Service Provider Network Functions Virtualization

Intelligent WAN 2.0 principles. Pero Gvozdenica, Systems Engineer, Vedran Hafner, Systems Engineer,

Saisei FlowCommand FLOW COMMAND IN ACTION. No Flow Left Behind. No other networking vendor can make this claim

The Virtual Ascent of Software Network Intelligence

Control Plane Elasticity & Virtualization in the 4G Core

SDN-NFV: An introduction

VoLTE and the Service Delivery Engine

Intelligent Policy Enforcement Solutions for Mobile Service Providers

a new sdn-based control plane architecture for 5G

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Business Case for a DDoS Consolidated Solution

ByteMobile Adaptive Traffic Management Product Family

Driving SDN Adoption in Service Provider Networks

Datacenter Transformation

Transcription:

Mobile Gi LAN Consolidation Bart Salaets Solution Architect

Agenda The Requirements Challenges with current approach Traffic growth The need to re-architect Uncertain market trends The need to adapt Future evolution The need to virtualize The Solution Re-architecting the Gi LAN with F5 A Consolidated Approach Optimize the Gi LAN Monetize the Gi LAN Secure the Gi LAN Conclusions F5 Agility 2014 2

The Challenges with current approach

Complex architectures in the S/Gi network Value-added services (VAS) Control Plane Video optimization Transparent caching URL filtering DNS PCRF IMS AAA HSS OCS DRA Mobile Devices Static port80 based steering into VAS complex PGW/ RTR L2 Switch DPI/TDF LDNS GGSN Multiple point product solutions inline in the data path LDNS FW CGNAT Challenges RTR Internet Complex architecture, hard to scale Resulting high CapEx and OpEx Difficulty adding new services F5 Agility 2014 4

The new Gi LAN should focus on Optimize Monetize Secure Intelligent steering to VAS Consolidate L4-L7 functions TCP Optimization Migrate to NFV-based solution Quality of Experience mgmt Easy opt-in/opt-out modules OTT partnerships & flexible charging Network Security (Gi FW) Dynamic subscriber security IPv4/IPv6 Transition F5 Agility 2014 5

A changing environment NET NEUTRALITY The principle of "net neutrality" means that traffic should be treated equally, without discrimination, restriction or interference, independent of the sender, receiver, type, content, device, service or application. A "specialised service" means an electronic communications service optimised for specific content, applications or services, or a combination thereof, provided over logically distinct capacity, relying on strict admission control, offering functionality requiring enhanced quality from end to end Providers of internet access services and end-users may agree to set limits on data volumes or speeds for internet access services. F5 Agility 2014 6

A changing environment SSL INCREASE In Europe, the usage of SSL encrypted traffic quadrupled from 1.46 percent a year ago to 6.1 percent today (*) HTTP 2.0 being standardized in IETF with browsers requiring TLS encryption when setting up HTTP 2.0 connections (*) Sandvine Global Internet Phenomena report 1H2014 IPV6 ADOPTION European carriers and Google Fiber are leading the IPv6 charge (*) In Europe operators such as Deutsche Telekom shows 22% IPv6 and France's Free shows 37% IPv6 (*) Akamai state of the internet report F5 Agility 2014 7

A changing environment SOFTWARE DEFINED NETWORKING (SDN) NETWORK FUNCTION VIRTUALIZATION (NFV) Separate control plane from data plane in forwarding elements API-driven forwarding rules in data plane Focused on L1-L4 forwarding Decoupling software from hardware (deploy control plane and data plane functions in a virtualized environment) Flexibile network function deployment Dynamic operation Focused on L3-L7 layers of OSI stack F5 Agility 2014 8

Current Gi LAN architecture may not fit tomorrow s needs The European Union may severely limit the use cases in which the mobile operator can deploy traditional DPI and intelligent charging techniques The increasing amount of encryption used on the public internet will severely limit the ability to inspect subscriber flows using traditional DPI technologies. Video encryption will also reduce or even eliminate the benefits of traditional web & video optimization technologies The introduction of IPv6 and the growing adoption will require intelligent IPv4/IPV6 transition technology that also secures the infrastructure and the end users (CGNAT/GiFW) NFV initiatives will drive mobile operators to look into solutions that can help them to seamlessly migrate in a stepwise approach from a pure physical to a full virtual environment on the Gi LAN AN UNCERTAIN FUTURE NEED FOR A MORE FLEXIBLE/ADAPTIVE SOLUTION ON THE GI LAN F5 Agility 2014 9

The Solution Re-architect the Gi LAN with F5

F5 in the S/Gi network A Consolidated Approach Simplifying the delivery of network services BEFORE F5 Static port 80 steering VAS layer PGW/ GGSN RTR LDNS Policy Enforcement URL Filtering CGNAT Firewall Internet WITH F5 Dynamic intelligent steering VAS layer VIPRIO N PGW/ GGSN Internet F5 Agility 2014 11

Key F5 network services Optimize, Monetize, Secure A unified platform and single management framework Intelligent traffic management CGNAT and IPv6 migration ICSA certified network firewall Policy enforcement Header enrichment and TCP optimization Local DNS URL filtering (HTTP URI / HTTPS SNI) F5 Agility 2014 12

Optimize the Gi LAN INCREASE VAS LAYER EFFICIENCY CONSOLIDATE NETWORK FUNCTIONS TCP OPTIMIZATION NFV-READY (VAS BURSTING) VAS Context-aware and policy-enabled traffic steering to offload VAS & optimization services complex Consolidation of L4-L7 functions into a single platform (steering, DPI, firewall, CGNAT,... ) Increase throughput and web page load times on the radio network As traffic increases, scale to meet demand with VAS service bursting and improve end user experience and application performance F5 Agility 2014 13

Optimize the Gi LAN Increase VAS Efficiency INTELLIGENT STEERING Diameter Gx PCRF PGW/ GGSN RTR VIPRION Internet CONTEXT SUBSCRIBER DEVICE-TYPE RAT-TYPE CONTENT (VIDEO, URI,... ) CONGESTION Video Optimization Transparent Caching Data Center Context-aware & policy-driven steering & intelligent service chaining Parental Controls WAP Gateway F5 Agility 2014 14

Optimize the Gi LAN Consolidate Network Functions 2005 2010 L2 L3 L4 L7 2010 2014 Multi-service router L2 switching MPLS L2 PE IP ROUTING MPLS L2 PE Full Proxy (TCP opt, HHE) Policy Enforcement TCP OPTIM DPI/PCEF L3 routing MPLS L3 PE MPLS L3 PE BRAS/BNG Firewall L7 STEERING FW/CGN CGNAT HTTP HE BRAS/BNG L3/L4 Steering Dedicated platforms, different vendors Single platform, L2 L3 consolidation Dedicated platforms, different vendors Unified platform, L4 L7 consolidation F5 Agility 2014 15

Optimize the Gi LAN TCP Optimization High Goodput Minimal Buffer Bloat Flow Fairness 2G/3G LTE VIPRION INTERNET Mobile Client PGW/ GGSN RTR Cell-optimized TCP stack TCP EXPRESS WAN-optimized TCP stack Origin Server F5 Agility 2014 16

Optimize the Gi LAN NFV-Ready A stepwise approach : From VAS bursting to full NFV solution ADC DNS Policy Enforcement TCP Optimization CGNAT Firewall PGW/ GGSN RTR VIPRION Internet Gi VAS VM Management and Orchestration VNF VNF VNF VNF VNF VNF VNF VNF VNF VNF VNF VNF Hypervisor Hypervisor Hypervisor Hypervisor Transparent Caching URL Filtering Parental Controls Video Optimization F5 Agility 2014 17

Monetize the Gi LAN From flat fee to value based pricing models BANDWIDTH CONTROL & QUALITY OF EXPERIENCE MANAGEMENT OPT-IN / OPT-OUT VALUE ADDED SERVICES OTT MONETIZATION & FLEXIBLE CHARGING Bandwidth controls, TCP optimization and context-aware traffic steering to optimization platforms for enhancing the subscriber s quality of experience Intelligent and context-aware traffic steering to value added service platforms based on a subscriber opt-in/opt-out model Monetizing OTT services by flexible charging mechanisms and OTT partnerships for service differentiation Monetizing the subscriber relationship using big data (targeted ads, mobile payment)

Monetize the Gi LAN Bandwidth and QoE management PER-SUBSCRIBER BANDWIDTH CONTROL Gold Subscriber (20 Mbps) Silver Subscriber (10 Mbps) Bronze Subscriber (5 Mbps) PCRF PGW/GGSN VIPRION PER-SUBSCRIBER PER APPLICATION BANDWIDTH CONTROL Gold Subscr total (20 Mbps) Even if subscriber is entitled for more by subscriber bandwidth policy his P2P traffic gets reduced to configured value (512kbps) Gold Subscr p2p (512 kbps) PGW/GGSN VIPRION

Monetize the Gi LAN Opt-in / Opt-out Services INTELLIGENT STEERING & SERVICE CHAINING Diameter Gx VIPRION PCRF PGW/ GGSN RTR Internet PCRF controls steering and service chaining on a per subscriber basis (dependent on subscription) Data Center Subscriber-aware (PCRF controlled) Traffic steering & Service chaining Any combination of services is possible Cloud Storage Security Services Parental Controls Streaming Services

Monetize the Gi LAN OTT & Special Svc Monetization OTT MONETIZATION & FLEXIBLE CHARGING Gold Subscr total (acct only) OTT Service (acct + DSCP mark) PCRF PGW/GGSN VIPRION SPECIALIZED SERVICE (MNO BRAND) Subscription models / bundles for OTT or specialized service Bundled into subscription for a lower fee OTT traffic excluded from volume bundle OTT traffic marked/tagged for differential treatment at radio layer

Secure the Gi LAN IPV4 CENTRIC NAT44 IPV6 CENTRIC NAT64 / 464XLAT GI FIREWALL (IPV4/V6) & NETWORK DDOS NAT 44 Solving the IPv4 address exhaustion problem with NAT44 (with CGN acting as FW) Migration to IPv6 only architecture using NAT64/DNS64 and/or 464XLAT Protect network infrastructure and radio resources against outside threats F5 Agility 2014 22

Secure the Gi LAN IPv4 centric / NAT44 NAT44 PGW/ GGSN RTR Private IPv4 address space VIPRION NAT44 Internet Public IPv4 address space Dynamic NAPT, Deterministic NAPT, Port Block Allocation Extensive ALG, hairpinning and EIF/EIM support Unprecedented scale & performance (Gbps, cps, max conns) High-Speed logging with flexible log field inclusion/exclusion F5 Agility 2014 23

Secure the Gi LAN IPv6 centric / NAT64 & 464XLAT NAT64/DNS64 & 464XLAT DNS64 PGW/ GGSN RTR VIPRION NAT64 Internet Public IPv4 address space Public IPv6 address space 464XLAT IPV6 FW Public IPv4 address space Public IPv6 address space NAT64/DNS64 and 464XLAT support for IPv4-only destinations Gi firewall for native IPv6 traffic Unprecedented scale & performance (Gbps, cps, max conns) for both NAT and Gi firewall F5 Agility 2014 24

Secure the Gi LAN Gi Firewall & DDOS Mitigation GI FIREWALL & DDOS MITIGATION BIG-IQ PGW/ GGSN RTR VIPRION Internet Public IPv4 address space Public IPv6 address space IPV4 FW IPV6 FW Public IPv4 address space Public IPv6 address space Unprecedented scale & performance (Gbps, cps, max conns) for Gi firewall BIG-IQ for Centralized management of security policies & DDOS profiles Protection against device vulnerabilities (battery drain attacks, malware) and network vulnerabilities (RAN resource exhaustion, revenue leakage, policy violations) F5 Agility 2014 25

Conclusions

Advantages of S/Gi network consolidation with F5 36- $1.1 million Projected 5-year cost savings for 20M subscribers S/Gi Network Simplification: 5-Year Cumulative TCO 46% F5 Networks Alternative Point Products 36% Lower Cost $- $2 $4 lower TCO CapEx OpEx Millions F5 Agility 2014 27

Advantages of S/Gi network consolidation with F5 Big savings in your VAS infrastructure $80.8 million Projected 5-year cost savings for 20M subscribers 160.000.000 140.000.000 120.000.000 100.000.000 80.000.000 60.000.000 with intelligent traffic 40.000.000 steering from F5 20.000.000 53% Lower Cost With F5 VAS Service Only VASs include video optimization and transparent caching F5 Agility 2014 28

Take a phased approach to this architecture Immediate pain point Improve VAS 1 ITM Implementation phase 2 S/Gi FW 3 NFV 4 CGNAT 5 PEM Security at scale 1 S/Gi FW 2 CGNAT 3 ITM 4 PEM 5 NFV Target S/Gi network Address IPv4 depletion 1 CGNAT 2 S/Gi FW 3 PEM 4 NFV 5 HE Different approaches for different needs and priorities Flexibility and extensibility to future-proof your network F5 Agility 2014 29

... And benefit from our flexibility to adapt Net neutrality law not voted yet OTT partnerships (DPI for persubscriber application prioritization / free-rating) Intelligent traffic steering to video optimization based on subscriber profile, congestion levels, etc. Minority of traffic is SSL Use traditional DPI techniques for application detection and control Use TCP optimization + intelligent steering to video optimization Net neutrality law voted Per-subscriber volume limits and bandwidth control Intelligent steering to video optimization based on bandwidth URL filtering / parental control (?) Majority of traffic is SSL Use SSL SNI check against URL database for application detection and control Use TCP optimization only Majority of traffic is IPv4 Use CGNAT/NAT44 for IPv4 internet services Introduce dual-stack with IPv6 and enable IPv6 Gi firewall Majority of traffic is IPv6 Deploy NAT64/DNS64 with IPv6 Gi Firewall Alternatively deploy 464XLAT with IPv6 Gi Firewall F5 Agility 2014 30

F5 Consolidated Gi LAN solution Optimize Intelligent steering to VAS Consolidate L4-L7 functions TCP Optimization Migrate to NFV-based solution Monetize Quality of Experience mgmt Easy opt-in/opt-out modules OTT partnerships & flexible charging Secure Network Security (Gi FW) Dynamic subscriber security IPv4/IPv6 Transition If I can be of further assistance please contact me: b.salaets@f5.com +32 478 98 11 26

F5 for L4-L7 Consolidation Context-aware full-proxy architecture Context Subscriber-id, Device-type, Application, RAT-Type, Congestion level,... Context-aware Steering Service Chaining Bandwidth control Accounting/Charging HTTP hdr inspect filter HTTPS / SSL SNI check URL classification Client / Server Web application L7 Client / Server Web application HTTP hdr enrich HTTP hdr inspect - filter DPI analysis Application Application DPI analysis TCP optimization Session Network L4 Session Network Gi Firewall, CGNAT Physical Physical F5 Agility 2014 33

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information