bsn monitoring fabric lte wp v2 - big switch...

©2014 Big Switch Networks 1

WHITE PAPER

Next-‐Generation Monitoring Fabrics for Mobile Networks SDN Enabled, Ultra Low Cost Network Visibility

2 ©2014 Big Switch Networks

WHITE PAPER | Next-‐Generation Monitoring Fabrics for Mobile Networks

Table of Contents Overview .......................................................................................................................................................................................................................................................................... 3

Monitoring Fabrics in Mobile Networks: Illustrative Example ................................................................................................................................................................ 4

Big Tap Monitoring Fabric: SDN-‐Based Next-‐Gen Solution for Mobile Core ........................................................................................................................................... 5

Conclusion ................................................................................................................................................................................................................................................................ 7

Addendum A: Industry Terminology and Acronyms .................................................................................................................................................................................... 8

About Big Switch Networks ..................................................................................................................................................................................................................................... 9



Overview Over the last few years as demand from new and ever evolving mobile applications has exploded, network operators have invested heavily in infrastructure upgrades to meet that demand. The transition towards the Long Term Evolution (LTE) architecture represents a significant technical advancement in that direction. Yet today, despite these massive investments, operators are still struggling to keep up with customer demands and service expectations. There are various contributing factors for the current situation, including:

• Coexistence of 2G, 3G, and 4G Technologies: It is expected that the evolution to high data rate, low latency LTE networks will continue for years. During this time, operators will need to expand their LTE footprint while ensuring transparent roaming between existing 2G/3G (e.g., HSPA/HSPA+/HRPD) and 4G technologies.

• Need for Differentiated Services: In addition to the traditional voice and SMS services, operators have increasingly focused on new and differentiated revenue generating data services. These services not only put additional requirements on the control traffic but also require tighter audit and monitoring of user data traffic.

• Unpredictable Data Network Traffic Patterns: Unlike voice traffic, data traffic from the ever-‐growing list of applications is highly unpredictable.

• Security and Compliance Challenges: Bring-‐your-‐own-‐device (BYOD) trends in the enterprise have firmly taken root and (corporate) consumers have become more demanding in their quest to access time-‐sensitive and critical information over public mobile networks.

To deliver the expected service quality in LTE networks, operators need to adopt an advanced service assurance solution for the entire LTE deployment lifecycle.

One of the ways mobile operators have tried to address these challenges is through significant investments in network operations management. Among other things, this includes extensive network health checks, automated traffic monitoring, fault detection and correction, and advanced capacity planning exercises. As a result, the critical network-‐monitoring infrastructure within the LTE core networks has expanded at an enormous rate. This infrastructure consists of farms of network packet brokers, packet and flow analyzers, security, audit and compliance tools, in addition to the already complex operational structure of the business.

In this paper, we describe a highly scalable, centrally managed, agile and cost-‐effective, SDN-‐based solution to address those challenges: Big Switch Networks Big Tap™ Monitoring Fabric.



Monitoring Fabrics in Mobile Networks: Illustrative Example

With today’s deployments of LTE hitting peak data speeds of 100Mbps, it is already clear that current monitoring infrastructure is at a breaking point. The upcoming LTE Advanced specification – with 10x speed improvement – makes the need for a new approach even more urgent.

The leading mobile network operators are now looking for an evolution of their monitoring fabric simply to keep pace as they evolve their core networks. In discussions with some of the largest global mobile operators, they have highlighted an array of use cases and deployment architectures that require extensive dedicated optical taps or Switched Port Analyzer (SPAN) ports to monitor traffic at a scale that is well beyond the limits of traditional monitoring solutions.

The figure below provides an example of one such network topology, outlining key nodes and associated control and data plane interfaces. The Big Tap Monitoring Fabric solution as shown scales with the overall mobile core architecture.

Figure 2: Scalable Big Tap Monitoring Fabric solution for LTE Evolved Packet Core (EPC)1

1 This diagram highlights only a small subset of nodes that might actually exist in an evolving LTE EPC. Additionally, the geographical and operational scale of such networks typically covers large metro areas with tens of data centers handling traffic from thousands of cell routers and millions of end user device

As shown above, bearer traffic may originate from 2G, 3G, or 4G capable user devices and will traverse the core network over a different set of nodes (SGSN/GGSN, MME, S-‐GW, P-‐GW, etc.). It can also use a range of control and data plane tunneling protocols (TCP, UDP, GRE, GTPv1, GTPv2, SCTP, PMIP, etc.). Additionally, the Layer 3 networks within the core are typically a mix of IPv4 (core) or IPv6 (end node) traffic. A sample user data flow would be as follows:

• An end User Equipment (UE) device sends an IP packet to an eNodeB through a radio link with its destination IP address set.

• The eNodeB, on receiving the user data IP packet, encapsulates this payload in a GTP tunnel header and forwards it to the Service Gateway (S-‐GW). The GTP tunnel header includes an outer IP and a UDP encapsulation as well as the GTP specific header fields which include the Tunnel Endpoint Identifier (TEID).

• The S-‐GW, upon receiving the IP packet from the eNodeB, modifies the IP information in its GTP tunnel header and sends the packet to Packet Data Network Gateway (P-‐GW).

• The P-‐GW then removes GTP tunnel header from the packet and delivers the original packet sent by the UE device to the IP-‐based Packet Data Network.



The TEID for the GTP tunnel created for a user data connection is unique. The TEID/tunnel is also unidirectional. It can only serve for one direction, either uplink or downlink. So, the traffic from the Internet to the UE would use a different tunnel (and TEID). Thus, from a TEID, an operator would not only identify the UE, but also the tunnel as well as the direction of the packet flow. A sample set of data traffic taps in such an environment would include:

• Tap on Serving Gateway (S-‐GW) and Cell Router optical links for monitoring traffic load spread over 2G/3G/4G spectrums or usage density in specific geographical locations or cell towers

• SPAN ports on S-‐GW and Packet Data Network Gateway (P-‐GW) for easier point troubleshooting without impacting production traffic as long as monitored traffic levels are not service impacting

• Tap S-‐GW to P-‐GW Interface for monitoring, auditing, or troubleshooting the signaling interface for establishing bearers between the serving gateway and the PDN gateway, or for user plane for bearer traffic

• Monitor SGi Interface traffic towards PDN to allow for bearer-‐level compliance, lawful intercept, etc., as SGi is where visibility into UE IP address(es) is exposed in an LTE environment

Similarly (not shown), various other data and control plane interfaces require monitoring and audits to ensure voice over LTE (VoLTE) quality, data-‐ and application-‐level policy enforcement, and so forth.

If we extrapolate the above requirements to a large-‐scale mobile network, it becomes quite obvious why existing monitoring architectures using network packet brokers (NPBs) fall well short of expectations. Expanding the monitoring infrastructure in lock step with the exponential increase in mobile data traffic is not only cost prohibitive, it also presents an operational nightmare.

Big Tap Monitoring Fabric: SDN-‐Based Next-‐Gen Solution for Mobile Core The Big Tap Monitoring Fabric solution (outlined with dotted box in Figure 3) is designed from its inception to address some of these challenges.



Big Tap Monitoring Fabric’s Deeper Packet Matching (DPM) feature enables advanced troubleshooting solutions for analyzing services quality and user experience for LTE networks. With the ability to match up to 128 bytes into the packet using DPM, the operator can:

• Filter GTP traffic and send it to an analysis tool or, o Match on TEID, GTP version (v1/v2), UDP/TCP, or GTP message types o Match on SCTP port numbers (SCTP is used between eNodeB and MME)

• Replicate GTP traffic across multiple analysis tools or,

• Balance GTP packets based on TEIDs (in part or whole) across multiple tools or tool instances.

Based on an advanced third-‐generation architecture, it leverages software-‐defined networking (SDN) principles to provide a cost-‐effective monitoring capability. At its heart, it consists of the Big Switch Networks Big Tap Controller Software that manages a highly scalable Ethernet fabric (1/10/40Gbps) built using bare metal switches. These switches utilize powerful forwarding ASICs and run a very lightweight Big Switch Networks Switch Light™ Operating System.

Some of the key benefits of this approach in LTE/EPC environments include: • Architected for Scale-‐out Deployments: The choice of where to tap is fully decoupled from the size or location of the tools. Ideally tap everywhere and deliver the relevant data as needed.

• Big Tap Monitoring Fabric can be designed and configured to cater to the requirements of any large network. It supports 1-‐Tier, 2-‐Tier, or 3-‐Tier fabric architectures to support various traffic loads and range of tools.

• Adding more taps, tools, or service nodes (NPBs) simply requires extending the monitoring fabric with Ethernet switches with the requisite capabilities (1/10/40Gbps) and desired port density or switch form factors. Unlike single box designs, the Big Tap Monitoring Fabric does not require all capacity needs to be purchased and provisioned on day one, nor does it put any restrictions on how different fabric ports are provisioned.

In scale-‐out designs,

• A 3-‐layer topology is recommended in which the 3rd “core” layer of switches may be used between the “filter” and the “delivery” switch layers. These switches aggregate traffic from the filter switches and send them to requisite delivery switches to forward to the necessary tools.

• “Service interfaces” may be configured where packets can be sent to one or multiple NPBs for specific packet modification services, like de-‐duplication or data obfuscation, in a chain prior to delivery to the security or performance monitoring tool. As the deployments shift from NPBs to next generation Big Tap architecture, customers can re-‐purpose their existing high-‐priced NPBs in an even more efficient manner, by using them as services nodes attached to the Big Tap Monitoring Fabric.

Big Tap Monitoring Fabric also has some advanced features requested by customers:

• Tap (Monitor) Every Location: Big Tap Monitoring Fabric can be extended across L3 WAN to enable monitoring of remote DCs/POPs, colo facilities, campus/branch locations, as well as retail sites. This allows centralization of monitoring tools and staff in few data centers, thus dramatically reducing CapEx and OpEx cost while allowing operations teams to monitor networks across the entire organization.

• Application Protocol Recognition: Big Tap Monitoring Fabric enables HW-‐based deeper packet matching capability to recognize application protocols and their attributes. With ability to match up to 128 bytes of each packet at line rate, Big Tap allows more sophisticated monitoring policies to be written that can match on inner header fields for encapsulated packets such as MPLS, VXLAN and GRE and/or mobile 4G/LTE protocols such as GTP and SCTP.

• Designed for Multitenant Operation: Network infrastructure teams can provision physical assets (taps, tool farms, NPB service nodes) as shared resources and then offer On-‐Demand Monitoring-‐as-‐a-‐Service to their internal customers (e.g., security team, network ops team, and so forth).

o With Big Tap Monitoring Fabric solution, operators can use the advanced filtering capability of Big Tap Controller Software to dynamically filter and route desired traffic to specific tools. The software also provides advanced capabilities to handle overlapping policies, packet replication, and a range of protocols/packet formats.

o Fine-‐grain role-‐based access control (RBAC) capabilities of Big Tap ensure that only authenticated users get access to certain tools. A management GUI can be used as a tenant self-‐service portal.



• Massive Operational Simplification: One of the core tenets of SDN is to simplify network management through a centralized and programmable interface.

o All switches in the Big Tap Monitoring Fabric solution are managed from a central place – the Big Tap Controller (via CLI or GUI). This centralized deployment, configuration, and troubleshooting, as well as single place for policy authoring and provisioning provides a true single pane of glass fabric management.

o Open REST APIs and interactive REST<>CLI mode in the Big Tap software enables rapid integration with existing operations/business support systems (OSS/BSS) for automated operation. Because CLIs and GUI are built on top of REST APIs, the entire solution is fully programmable (unlike traditional NPBs where APIs are an afterthought). Using these comprehensive REST APIs, operators can quickly develop innovative solutions to address their operational requirements (e.g., program the fabric policies based on external triggers such as traffic thresholds, flow patterns, etc.)

• Dramatic Cost Savings: Costs for monitoring systems stem from the ever expanding and costly NPB infrastructure as well as the underutilization (or over-‐procurement due to organizational silos) of the expensive monitoring tools. With Big Tap Monitoring Fabric running on bare metal (white-‐box) switches, the Big Switch solution allows for a multi-‐fold reduction in total costs.

o Economics associated with the production of bare metal switches at some of the largest original design manufacturers (ODMs) ensure that the costs-‐per-‐switch-‐port are significantly lower than traditional vendors. Build a sophisticated and high-‐performance (10/40Gbps) monitoring fabric at commodity switching cost points.

o Reduce NPB and tool costs by optimally sharing these devices when attached to the Big Tap monitoring fabric. Additionally, service node chaining can be used to leverage the long tail of important but less frequently used features found in today’s network packet brokers (NPBs), effectively extending their useful life by a few more years.

o Significantly reduce the operational cost of fabric provisioning and management through centralized controller and programmatic APIs, thus eliminating the high cost associated with box-‐by-‐box management of traditional NPBs.

Conclusion With the advent of SDN on bare metal Ethernet switches, ubiquitous network visibility is now a viable and attractive option from a CapEx, OpEx, and design transition perspective. Big Switch Networks Big Tap Monitoring Fabric solution focuses on sophisticated algorithms for overlapping policies and multi-‐tenant use cases, making the operational workflows around a shared-‐tap infrastructure practical in a way that was once out of reach. With the pay-‐as-‐you-‐grow economics for both hardware and software involved in the monitoring fabric, starting small scale and growing the fabric gradually is a low-‐risk approach for mobile operators to migrate to their next-‐generation network monitoring architecture.

To learn more about how Big Tap Monitoring Fabric solution can enhance your mobile core network, please contact [email protected]



Addendum A: Industry Terminology and Acronyms

APIs Application Programming Interface ODMs Original Design Manufacturers BYOD Bring-‐your-‐own-‐device OSS/BSS Operations/Business Support Systems CLIs Command-‐Line Interface OpEx Operating Expenses/Expenditures eNodeB Evolved Node B P+V Physical + Virtual EPC Evolved Packet Core PCRF Policy and Charging Rules Function GGSN Gateway GPRS Support Node PDN Packet Data Network 2G, 3G, 4G Mobile Communication Technology Standards P-‐GW Packet Data Network Gateway Gb Gigabyte PMIP Proxy Mobile IP GPRS General Packet Radio Service RAN Radio Access Network GRE Generic Route Encapsulation RBAC Role-‐Based Access Control GTPv1, 2 GPRS Tunneling Protocol (version 1 and 2) SCTP Stream Control Transmission Protocol GUI Graphical User Interface SDN Software Defined networking HLR Home Location Register SGSN Serving GPRS Support Node HRPD High Rate Packet Data S-‐GW Serving Gateway HSPA High Speed Packet Access SMS Short Message Service HSS Home Subscriber System SPAN Switched Port Analyzer IMS IP Multimedia Subsystem TEID Tunnel Endpoint Identifier IoT Internet of Things TCP Transmission Control Protocol

IPv4, IPv6 Internet Protocol version 4, 6 UDP User Datagram Protocol LTE Long Term Evolution UE User Equipment MME Mobility Management Entity VoLTE Voice over LTE NPB Network Packet Broker

About Big Switch Networks Big Switch Networks is the Bare Metal SDN company. The company’s SDN Fabric solutions embrace industry standards, open APIs, open source and vendor-‐neutral support for both physical and virtual networking infrastructure. Big Switch Networks SDN Fabric solutions support a broad range of networking applications, including Unified Physical + Virtual (P+V) Cloud Switching and Monitoring.

For more information, follow us @bigswitch or visit www.bigswitch.com.

Headquarters 100 West Evelyn Street, Suite 110 Mountain View, CA 94041, USA Phone: +1.650.322.6510 or: +1.800.653.0565 bigswitch.com

9

Copyright 2014 Big Switch Networks, Inc. All rights reserved. Big Switch Networks, Big Network Controller, Big Tap, Big Virtual Switch, Switch Light, Floodlight and Open SDN are trademarks or registered trademarks of Big Switch Networks, Inc. All other trademarks, service marks, regis-‐ tered marks or registered service marks are the property of their respective owners. Big Switch Networks assumes no responsibility for any inaccuracies in this document. Big Switch Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice. MF Mobile LTE WP-‐V2-‐EN DEC 2014

bsn monitoring fabric lte wp v2 - big switch...

Documents