New challenges in 5G network visibility

5G Network

5G deployments are moving beyond enhanced mobile broadband and fixed wireless access and are beginning to enable a wider range of use cases.

5G is the 5th generation mobile network: it is designed to connect virtually everyone and everything together including machines, objects, and devices. 5G wireless technology is meant to deliver higher multi-Gbps peak data speeds, ultra-low latency, more reliability, massive network capacity, increased availability, and a more uniform user experience to more users.

But: what about 5G Network Visibility? New challenges must be solved, and Microtel Innovation is here to help.

5G Network

The user plane traffic is continuously growing

Mobile traffic is growing more than expected, this is a clear trend of the past decades, and 5G networks will only accelerate it. Consumers and business users worldwide continue to create new demands and expectations for mobile networking. This ongoing trend is clearly highlighted by the adoption and use of mobile applications: social networking, video streaming and downloads, business productivity, e-commerce and gaming will drive the continued growth of mobile traffic.

According to the latest Ericsson Mobility Report, global mobile data is estimated to reach around 680EB per month by the end of 2021, and is projected to grow by a factor of around 4.6 to reach 370EB per month in 2027.

Global mobile network data traffic (EB per month)

How to handle all this traffic, in the Monitoring and Security space?

Microtel Innovation new Packet Brokers A-640 are the solution: they support session based traffic balancing to the security and monitoring tools, thanks to their capability to forward the traffic based on inner packet parameters. This is a key task to enable high volume user plane analysis. And they are future proof solutions: no problems with the growing traffic, since A-640 NPB can manage up to 3.2 Tbps of traffic.

Big infrastructure vendors tent to use their virtual TAP to provide virtual traffic to be monitored

 One challenge with the 5G Service-Based Architectures (SBA) is the encrypted nature of the communications between the 5G Core Network Functions.

NEM are proposing to do themselves the job of tapping the 5G network traffic, by means of their own virtual TAP, and to forward clear traffic (not encrypted) outside of the virtual infrastructure, usually by means of GRE tunnels, with the goal to feed monitoring and security tools. The format and transport of these data are still not standardized, but this seems to be a promising way to overcome the issue. 

A-640 NPBs are a perfect choice to actively handle GRE and VXLAN tunnel. They act as an active tunnel endpoint, with their own MAC/IP setting, they do tunnel termination and inside tunnel filtering and load balancing. In summary, they get the info from the vTAP, and they aggregate, filter and load balance them to the monitoring and security tools.

Additionally, the traffic sent by vTAPs can have multiple level of tunnels, since data coming from the virtual infrastructure are usually encapsulated using tunnels GRE, but also MPLS, VXLAN, VLAN, … in multiple levels: Microtel A-640 may strip partially or totally those encapsulations, in a configurable way depending on what the tools need, and filter and load balance original IP packets both on inner and outer parameters.

Related products:

5G User Plane Balancing

THE CHALLENGE

Mobile networks are experiencing a continues traffic growth in last years: data traffic continues to grow at an exponential rate, driven by mobile video and OTT services. 

This is creating challenges for mobile operators, as they seek to keep up with traffic analysis and monitoring of all of the data on their network that needs to be processed and analysed.

Furthermore, the disaggregation of the control plane and physical separation of the control and user planes, actually used in modern networks like LTE CUPS and 5G deployments, adds additional complexity. 

For mobile carriers, efficiently and effectively monitor performance, Quality of Experience (QoE) and security for their services and subscribers, as well as identify and monetize new offerings is critical to success. But actual network probes that provide visibility into wireless core networks have limited capacity and may not cope with the exploding mobile subscriber traffic. Additional probes need to be added, and GTP User Plane traffic has to be balanced between them, granting that the whole IP Flow related to one particular session is sent to the same tool.

THE SOLUTION

Microtel Innovation Aster A-640 and A-648 gives the solution to this problem.

Balancing the GTP User Plane is not an easy task: it needs to be done in a way that grant that all the IP Flow traffic related to the same session is sent to the same probe, and assure best performances, so that the solution is future proof, ready for the growing data traffic that will be in the coming years.

How to do that? his can be achieved balancing the User Plane traffic using the Inner IP key, and doing that in hardware to avoid performances problems.

In fact, in GTP protocol the Inner IP is the Subscriber IP address, and balancing the traffic using such key will create User Plane traffic flows belonging to the same User IP sessions

Fig. 1 Inner IP in GTP frame (inner IP=IP packet sent by the phone)

Since the Control Plane traffic consists usually in a small percentage than the User Plane, there is no need to balance it. It can be forwarded to the Probes in different ways, depending on how the probe works: 

  • some monitoring systems have a Control Plane dedicated probe, in this case the Control Plane traffic is separated and sent only to the Control Plane probe (see fig2).
  • In other cases, User Plane probes require the Control Plane data too: in this situation the Network Packet Broker can replicate the Control Plane traffic and send it (all the Control Plane data) to each probe for further elaboration.

Fig. 2 GTP User Plane balancing using inner IP - example with 400G Input Traffic

Important to note, the solution described above makes no use of Control Plane-User Plane correlation, which is a very heavy activity to be done, and is in same cases difficult to implement, due to the fact that in modern networks, for example CUPS and 5G, Control Plane signalling and User Plane data are not always in the same location. 

To summarize, using Aster A-640 and Aster A-648 to balance User Plane traffic is the perfect solution when:

  • High performances are needed: Aster A-640 can cope with up to 3,2 TB traffic, with 32×40/100G input/output ports, each one of them can be used as 4×10/25G
  • Control Plane and User Plane data are not available in the same location, as it happens for example with CUPS and 5G Networks

Related products:

Why Header Stripping?

THE CHALLENGE

In IP data communication networks, router and switches may create a tunnel between two points on a network that can securely transmit any kind of data between them. Tunnelling involves the encapsulation of an IP packet within another packet, adding a packet header. This encapsulation enables the packet to reach its destination through intermediary networks that do not support the packet’s protocol.

Different type of header may be used, depending on the place in the network and / or on the type of the network. A few examples are GRE, VLAN, MPLS, VN-Tag, VXLAN and GTP-U headers.

One example in telecommunication networks is GTP-U tunnel: it is used for efficiently carrying large volumes of user data within the mobile core network and between the radio access network and the core network.

In IP networks, one key application for MPLS tunnelling is switching traffic for a large enterprise across the service provider backbone, where MPLS labels keep the traffic distinct from other enterprises. In this case we may be in the following condition, when tapping MPLS tunnels between two routers, where they may be also the case that multiple stacked tags or labels might be present:

Tools that are not MPLS–aware nor VLAN-aware will not be able to analyse traffic received

The problem is that monitoring tools do usually not recognize tunnel headers, and the consequence is that they discard these packets as wrong packets, making impossible to properly analyse such networks. 

Header stripping is a useful feature also if the monitoring tools are able to recognize the tunnels and do the stripping, because doing that in an external appliance may provide greater efficiency for the tool where this process would degrade performances.

WHAT WE DO

Microtel Innovation NPB and Visibility Appliances analyses the input traffic, identifies specific headers such as MPLS, VLAN, VXLAN, VN-TAG, GTP-U and GRE, and removes them before sending the packets to the appropriate security and analysis tools. 

In this way analysis and monitoring tools are able to process traffic flows that they otherwise could not recognize because of an unreadable header type.

The solution is highly performant and scalable. Moreover, Microtel Innovation header stripping restores the inner frames: after this manipulation the resulting frame is a valid IP packet with a correct checksum.

Here is an example on how our system works: 

  • In Fig1 GTP-U header stripping is enabled, using the NPB GUI
  • Fig2 shows the result of the operation on the output traffic: since only frame 360 is GTP-U, this is the only one de-tunneled by the device.

Fig1: GTP-U header stripping is configured in the NPB GUI

Fig2: GTP-U frame header is stripped and the de-tunneled frame is sent to the NPB output port

Related products:

IMSI filtering and subscribers visibility

How to offload the GTP User Plane traffic which does not belong to a list of subscribers?

THE CHALLENGE

Mobile data traffic continues to grow at an exponential rate, driven by mobile video and OTT services. Also if 5G is going to be deployed in many Telecom Operators networks, existing LTE mobile networks still have a high burden to carry, and it will continue to grow.

Monitoring this high volume traffic is a problem for the operators: they need it for troubleshooting and also for granting the best user experience to their customers, but the data traffic is growing at so high speed that they are not able to cope with it. 

In particular, for troubleshooting issues, sometime the information which are available in the GTP control plane is not enough: this is the case for example of a customer where the connection works perfectly, but OTT services, like skype, whatsapp, video, …, have some issues. 

In this case Telecom Operators need to analyse the User Plane traffic too: but they should do only for those subscribers who have the problems, otherwise they will kill probe processing capabilities. How to do that? The solution is to filter the User Plane traffic and forward it to the probes only for the subscribers who need that, and who belong to a specific list.

To identify uniquely the subscriber, the IMSI code may be used: IMSI is a unique number rigidly tied to the subscriber SIM card, and the operator can easily refer to its subscriber data base to identify such code.

This way the monitoring tools load will be highly reduced, and also privacy and legal issues will be solved.

THE SOLUTION

The solution which Microtel Innovation provides is robust, and do not require any difficult operator tasks: our Aster GTP Packet Brokers may filter the GTP User Plane traffic based on IMSI White and Black lists, by correlating GTP Control and User plane data. 

One specific Use Case is related to do User Plane troubleshooting, and in the same time to grant the compliance with the privacy regulations: some Operators, due to GDPR rules, have put in place a strict process which prevent them from forwarding subscribers User Plane traffic to the Monitoring Probes, without subscribers’ approval. User Plane traffic analysis can be done only if and when the subscriber authorizes such activity.

Using Microtel Innovation Aster GTP Packet Brokers, this is a very easy task to implement. While all Control Plane traffic is send to the monitoring tools for generic troubleshooting purposes, the following process can be used for the User Plane data:

  • Customer approval is required before sending the User Plane data to the tools, for troubleshooting or any other agreed purpose 
  • Through the Operator’s customer portal such approval is registered in the Operator’s data base
  • At this point, the customer IMSI may be added to the Aster GTP Packet Broker White List: just few clicks on our seamless and easy to use Graphical User Interface, and this is done
  • From now on, the Aster GTP Packet Broker send the customer user data to the tools
  • It will stop when the IMSI is removed from the Aster White List.

Fig1: How to make GDPR and user data analysis coexist: an existing implementation

Related products:

Why to extend IP monitoring to TDM networks

THE CHALLENGE

Telecom Operators are migrating from Legacy network infrastructures to more scalable, flexible and efficient Internet protocol (IP) networks, to support the new IP services, but mixed architectures TDM (dedicated to rural areas or international connections) and IP still coexist in the telecommunication world, becoming a strong barrier to Service Providers who need to monitor end to end connection.

Monitoring this high volume traffic is a must for the Operators: they need it for troubleshooting and also for granting the best user experience to their customers, but often in some cases old TDM tools are going out of production, so creating a lack of visibility for TDM networks.

So, while on one side Telecom Operators have the strong need to monitor the legacy networks, at least in the critical points, on the other side they are reluctant to invest in TDM tools, which are gradually phasing out and have high maintenance costs, preferring to monitor the whole infrastructure using IP monitoring tools.

THE SOLUTION

Microtel’s Ethernizer family products are the solution to this challenge, enabling operators to manage mixed infrastructures with the same IP probe, bringing all-locations and all-layers visible to the Centralized Monitoring System.

The solution allows to convert both TDM Signalling and Voice to IP, so giving a general solution capable to feed different types of IP probes, used for several purposes like troubleshooting, customer experience, performance management, security, … 

Important to note, Ethernizer does not require any customization to the IP tool it interface with, since it uses standard SIGTRAN and RTP output protocols.

Ethernizer capabilities:

  • It works with several type of links: E1, T1, STM-1
  • It performs SS7 Signalling (MTP-2 or ATM) convertion to SIGTRAN (M2UA or M3UA)
  • It performs ISDN E1/PRI (LAPD-Channel D) convertion to SIGTRAN (IUA)
  • It performs VOICE (MTP-2) over STM-1 links convertion to RTP
  • It performs L2GRE/NVGRE tunnel encapsulation/decapsulation, so allowing to backhaul converted IP traffic to geographically remote IP probes

Additionally, the connection to the TDM network is not a problem, since the Ethernizers have several possibilities for doing that, by using specific Microtel tools such as:

Related products:

APN and other GTP filtering

The Network Visibility Challenge in Mobile Core Networks

THE CHALLENGE

Mobile data traffic continues to grow at an exponential rate, driven by mobile video and OTT services. Also if 5G is coming, existing LTE mobile networks still have a high burden to carry, and it will continue to grow, waiting for the new 5G networks to settle up.

Monitoring this high volume traffic is a problem for the operators: they need it for troubleshooting and also for granting the best user experience to their customers, but the data traffic is growing at so high speed that they are not able to cope with it. One solution is to reduce the User Plane data which have to be monitored, and do that only for specific geographical area or type of traffic: this will highly reduce the monitoring tools load and also solve privacy and legal issues.

Here are a couple of Use Cases where GTP User Plane can be efficiently filtered: first example deals with filtering mobile subscribers based on where they are, the second one is related to filtering IoT traffic based on specific APN.

Fig. 1 Filtering mobile subscribers on a geographical basis

Fig. 2 Filtering IoT traffic on a APN basis

THE SOLUTION

Based on the information included in the GTP Control Plane, Microtel Innovation GTP Packet Brokers can easily identify and filter GTP User Plane traffic based on several parameters, like:

  • APN type, for example to identify IoT traffic
  • VoLTE traffic, to filter this specific traffic and feed VoLTE quality systems
  • Geographical parameters (ULI), for example to deeply monitor all the traffic coming from a specific area
  • QCI, for example to analyse video quality

The NPB configuration is easy and fast, based on the easy to use Microtel Innovation Graphical User Interface.

Related products:

Drop GTP-U traffic to reduce probe workload

CHALLENGE

The customer, a European telecom operator, asked our support in order to reduce the amount of mobile traffic generated by a specific type of device. The device above-mentioned is a home station appliance, which grants internet services to customers through mobile network. This results in a significant increase of user data traffic within Telecom Operator mobile network.

The Operator’s request then was to filter home station GTP-U traffic at core level with no need to send it to the monitoring tools, while GTP-C traffic still proceeds to the monitoring probes for troubleshooting purposes.

MICROTEL INNOVATION SOLUTION

To solve customer’s needs the technical team proposed Microtel Aster A-630C, a powerful L2-L4 packet broker capable of filtering GTP-U Inner IP addresses, both IPv6  and IPv4 are supported.

By setting a simple filter on the management interface Microtel A-630C can identify the home station traffic, routing the user plane to a specific destination while the control plane can proceed to the usual troubleshooting probe.

Related products:

DNS filtering to secure your network

CHALLENGE

DNS represents a complex database that resolves human-readable host names into machine-readable IP addresses and it is fundamental to ensure a reliable and secure connection to internet.

Since it represents a threat vector for attacking networks it is crucial to monitor it in order to identify anomalies or malicious attacks. These attacks often occur through the redirection of DNS queries and cache poisoning toward malicious sites, digital footprint, denial of service or even data pull out.

Except security, other reasons for analysing DNS is to measure performances and generate usage statistics. 

MICROTEL INNOVATION SOLUTION

Microtel Innovation Aster Packet Brokers, A-618, A-620, A-630C, A-640, A-648 represent the right solution: a powerful range of Network Packet Brokers, capable to filter the network traffic up to layer 4.                                      DNS traffic runs on UDP or TCP Port 53thanks to our Aster Packet Brokers it is possible to filter it and forward the target traffic to the analysis tools. 

This is how the whole DNS traffic can be easily identified and isolated for further analysis.

Related products:

Subscribe to our newsletter

HEADQUARTERS

Via Armentera, 8
38051 Borgo Valsugana (TN)
Italy
Phone: +39 0461 753100
Padua office: +39 049 8286011

CONTACT US

FOLLOW US

Linkedin Youtube