5Brendan Leitch Juniper

Document Sample
5Brendan Leitch  Juniper Powered By Docstoc
					                           Data Transport and Security
                        Challenges in Delivering Mobile
                                            Broadband


                                                            Brendan Leitch
                                                          bleitch@juniper.net

        Mobile Broadband Asia
       Kuala Lumpur, May 6, 2009




1 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
         Global & Asia Mobile Market Trends


                                  Worldwide Mobile subscribers                                     Asia Pacific Mobile subscribers
                                  and ARPU*1                                                       and ARPU*1
                                            131
                                                                                                       127

                Revenue per Subs                     116                         3.6                               113
                                                                                         Revenue per Subs
                in USD                                                     3.4
                                                           100   3.2                     in USD                                             1.7
                                                                                                                                     1.6
                                                        2.9                                                         93         1.5

                                              2.5                                                                        1.4
                                                                 87
                                                                                                             1.2                81
                                                                            77                                                         72
                                      2.0
                                                                                   68                                                         63
                                                                                                     0.9
                       Subscribers
                       in B
                                                                                             Subscribers
                                                                                             in B



                                    2005 2006 2007 2008 2009 2010                                   2005 2006 2007 2008 2009 2010
                                                                   Forecast                                                      Forecast




Source: Infonetics in 2007: revenue per subs
includes initial and monthly pay. 2007-2010 are
        2 | Copyright © 2009 Juniper
forecast.                                         Networks, Inc.       |   www.juniper.net
 Data ARPU is the one?




3 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Two Key Transformations
 Business & Architectural
                 Old Mobile World
                                                                                                     New Mobile World
                                                                                         Content                    Consumer
                                                                                         Rights                     Electronics
                                                                                Search
                                                                                                                     Ad
                                                                                             Game                    Enabler/Server
                                                                                             Producer
                                                                Business:                                                Operator
                                                                Simplicity to   Content
                                                                                Aggregator
                                                                Complexity
Network                                                                         IT Vendor
                  Handset                      Operator                             Network         Brand
Equipment         Provider                                                          Equipme         Advertiser              Media
Provider                                                                            nt                                      Company
                                                                                    Provider
                                                                                                                  Internet
                                                                                                                  Portal/Site

                                  Hosted
       Internet Services                              IMS                                                    Hosted
            Gi
                                         Gi                                                  Internet        Services             IMS
                                                      Gi,                                                           Gi
                                  IP                  Gx                                       Gi                                Gi, Gx
                                                                                                             IP
                                          GGSN              4                                                            SAE Core
                   UTMS PS Core




                                                                                             Mobility
                                               Gn                                            Management
                                   IP          (IP)                                          Entity (MME)
                                                                                                      S11
                                                                                                      (Ctrl)
                                              SGSN          3                                                          S1                 2
                                              lu-PS             Architecture:                                        aGW
                                                                                                                       (Data)
                                   IP                                                               S1-MME
                                              (IP)              Complexity to                       (Ctrl)     IP
                                                                Simplicity                                                S1
                                  lub
                                              RNC           2                                                             (Ctrl+Data)
                                  (IP)
                                    IP
                                                            1                                Enhanced NodeB (eNodeB)                      1
             Node B                            Node B
                              UTRAN                                                                     LTE

                                  3G                                                                      NGMN
4 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  The Three Challenges of Mobile Operators

                                                                   New services or applications
                                                                   that increase SP’s revenue more.




                                                      New Source
                                                      of Revenue
                                                      Generation



                                                                  Security
                                      Bandwidth                     And
                                                                 Operations

How to handle sky-rocketing                                                   Simple operation reduce any
traffic against cost pressure.                                                cost as OpEx and service
                                                                              availability.


 5 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Mobile Operator’s Backhaul Challenges
           Operational Efficiency and Cost Control                                                                           Bandwidth



           Raise the ARPU, offer new data services




              Cost of increasing cell capacity*2                               Backhaul traffic growth
                         (Opex + Depreciation)


               Interconnect
                                                 Cell Site
       Core




                        Backhaul

                                                                      Traffic in the RAN keeps growing – up to 400% yoy
                                                                Gradual shift from TDM to ATM to IP traffic especially with HSPA

6 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Solution Priorities: Technical

               Fix the legacy backhaul capacity bottleneck
               Support for multi-generation, multi-transport
               Provide future proof-ness (Path to 4G)
               Address network synchronization


                                 Legacy Backhaul
                                    Bottleneck                                     Off-net
    Air interface:
 HSPA, LTE, WiMAX                   2G BTS
                                                                                   On-net

                             Mobile Backhaul                    IP/MPLS-based
     SIP
                                    N x T1/E1                     Mobile Core
                                                                                    OTT
                     3G node B

                                                                                Content
                          4G eNodeB




7 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Analyzing the LTE Requirements :
 Long Term Evolution
    LTE Characteristics
      – Flat IP architecture, Higher throughput, Lower latency
      – Users experience expectation: 10+ Mbps, Latency
        <10ms
      – Carrier expectation: 100+ Mbps / sector, spectrum
        efficiency
    LTE Requirements on backhaul infrastructure
      – Direct communication between base stations (eNodeB)
      – Shift from a pure hub and spoke metro backhaul
        architecture (2G/3G)
      – Backhaul needs to support much higher traffic from
        LTE alone
      – Network must be highly available to support latency
        sensitive applications such as Video
8 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Multi-Generation Backhaul Architecture

                        Cell Site
                                                                                  TDM


                                                                                             2G
                        2G                                                                  BSC
                   GSM / CDMA
                                      $
                                                                                   ATM /
                                 $                                                  IP

                                                                L2/L3 Backhaul               3G
                        3G
                  UMTS / CDMA         $                                                     RNC
                   1x EV-DO
                                                Key Attributes:
                                                • Seamless Aggregation              IP/
                                  IP/                                            Ethernet
                               Ethernet
                                                • Efficient Transport                        4G
                                                                                            RNC
                        4G
                     LTE and                    • Flexibility At Scale
                     WiMAX
                                                • High Performance
9 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
   Considerations for LTE Reference
   Framework

        UE               EUTRAN                                   EPC                              Applications

                                                                                                    IMS
                                                                                                     IMS    Apps
                                                                                                            Apps
                         eNB
                         eNB                     S10                         HSS
                                                                             HSS

                                                        MME
                                                        MME
                                                                      S6a                             Rx
                                                                                      PCRF
                                                                                      PCRF
                       X2
                                  S1-MME                          S11                Gx
                                                                             S5/S8           SGi
                         eNB
                         eNB                                          S-GW
                                                                      S-GW           P-GW
                                                                                     P-GW                  PDN
                                               S1-U
                                                                 S5



               X2 interface transport between eNodeBs
               S1 interface between eNodeBs and SAE GW
               Extending IP/MPLS capabilities in access/metro
               network to support X2 and S1
10 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Unified Transport: MPLS in Backhaul (I)

    MPLS in widely deployed in wire line and mobile core
    networks
      –   Expand towards cell site

    Backhaul requires co-existence of multiple transport
    options
      –    MPLS is proven mechanism to support ATM, TDM, Ethernet, HDLC emulation (IETF PWE3)
      –   Allow legacy RAN equipments to utilized (CAPEX protection) while leveraging the advantages of
          new packet transport options

    Supporting multi-media traffic
      –   Voice/VoIP, Video, SMS, LTE enables mobile broadband in large scale
      –   MPLS –TE enables advanced QoS capability, RSVP-TE
      –   Improved network utilization, Better ROI

    Reliability is critical
      –   MPLS offers fast and deterministic reroute around link or node failures -- faster convergence
      –   MPLS supports multi-vendor interoperable mechanisms for failure detection and recovery
      –   Advanced OAM tools



11 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Unified Transport: MPLS in Backhaul (II)

  Backhaul is increasingly becoming a strategic
  asset
   – MPLS at cell site enabled carriers to offer new revenue
     generating services (i.e. L2/L3 VPNs)

  Future proof architecture for LTE
   – Support intra-base station communication and all-IP
     architecture
   – MPLS offers powerful network design options such as L3-
     VPN, VPLS
   – Flexibility with deploying various LTE components anywhere
     in Access/Metro network without a re-design
   – Multicast optimization for IP multicast services


12 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 MPLS In The Mobile Network


                                                                            Web
                                   OSS/BSS                       IMS      Services




                                   AAA + Policy and Resource Control



                                                   High-Performance
                                                 Network Elements with
                                                Node/Link/Path Monitoring
                                                                                         Mobile Content

 Consumer          Access           IP Edge         Metro Core         Super Core

                                                                       • MPLS LSPs are configured between
                                                                       ingress and egress routing points
                                                                       • Creates well defined circuit paths
                                Mobile Content        Mobile Content   across the transport network

13 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Emergence of Security Markets

                                                                              Explosion of
   $5B
                       IP-based                  B2B                          e-commerce
                       Client-Server             Applications                 over
   $4B                                                                        IP/Internet
                       Applications              over
                                                 IP/Internet
   $3B                                                                               IMS
                                                                                     deployments
   $2B
                                                                                   IP-NGN: Voice,
  $1B       IP/internet                                                            Video Moving
            EMAIL                                                                  to IP

                1990           1995          2000           2005   2010     2015


                     Enterprise (Infonetics)                          Service Provider (Juniper
                                                                      Estimates)


14 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Security: Legacy v/s IP-NGNs
           Control             Control             Control
           Plane               Plane               Plane
  Analog               2G                Leased                                                     Control
           Mgmt
           Plane
                               Mgmt
                               Plane
                                                   Mgmt
                                                   Plane                    3G                      Plane
  Voice    Data        Mobile  Data      Lines/FR  Data              VoIP          IP-VPNs
           Plane               Plane               Plane                    Mobile                  Mgmt
                                                                         Data                       Plane
                     Control             Control
                                                                  IPTV          IMS
         Analog
                     Plane
                     Mgmt       Analog
                                         Plane
                                         Mgmt
                                                                         Center                     Data
                     Plane               Plane                                                      Plane
         TV          Data
                     Plane
                                Voice    Data
                                         Plane


                                                                  IP- Next-Generation-Networks
     Legacy Networks                                               •   MultiService Converged IP Network
       – Service-Specific Network                                  •   Open Architectures
       – Closed Architectures                                      •   Automated End-to-End Provisioning
       – End-to-End Mgmt by the Service                            •   End-user Controlled Services
         Provider
                                                                   •   External & Internal Exposure
       – No Customer Controls
                                                                   •   OPEN IP-Connectivity to
       – No External Exposure
                                                                          • Internet    •Business
                                                                          • Consumer    •Mobile


IP-NGNs have a Large Exposure to Security Vulnerabilities
(Control Plane, Mgmt Plane and Data Plane IP-Based)
 15 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Example of Mobile Network Requirements
                                                                 Assumptions
                                                                 – 3G devices follow the
                                                                   growth of standard
                                                                   networking
                                                                 Real-world Requirement
                                                                 – US-based Service Provider
                                                                 – Plan to support 74 Million
                                                                   3G devices by 2009
                                                                 – Plan to support the network
                                                                   with 4 to 6 Datacenters
                                                                 The Math
                                                                 – >12 Million 3G devices per
                                                                   Datacenter (best case)
       Reality                                                   – Each 3G devices supporting
        • Google Map on iPhone can                                 multiple sessions
          require 24 Million Connections
          per Sec per Datacenter!
16 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
 Mobile Network Vulnerabilities
                                                                                     Application
                                                                                     Servers
                           Roaming                     PSTN
                                                                                     Protection
                           Partner                     Connection
                                                                                     (potentially
                           Protection                  Protection                    compromises
Security on the Mobile-                                                              LIG,HLR, VLR)
Handset (Mandatory in                                                   Billing                          Protecting IP
                                        Protecting                      Systems                          nodes (SGSN,
FMC/UMA)                                Access nodes
                                                                        Protection                       GGSN)
                                        (UNC, RNC
                                        etc.)
                                         GTP/Gp-
                                        Attacks

                                                           Billing
           1                                               Data

               RAN                                                                                   Critical servers
                                                                                                     like HLR/VLR

                                                              5

                                                                         6
                                               4

      Roaming Partner                      3       IP/MPLS
      Network (GRX)                                Mobile Packet Core          7
                                               2
                                                                                                         Internet


                          PSTN

 17 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Solutions for Mobile Security Threats

Major Issue                                               Defense Technology
Encrypting Data from Mobile Hand-Set                      SSL-Client on the Hand-Set
(Also a UMA Requirement)
GGSNs processing malformed GTP packets                    GTP Firewall Sanity checks
(GPRS Tunneling Protocol)


Protection & Isolation of Roaming partners                IPSec Site-to-Site VPN
& Application Servers                                     GTP Firewall with IDP

Signaling Protection in PSTN Connections                  IDP with SIP Signaling and SIP ALG

Protection of Application & Billing Servers               Firewalling with NAT and DMZ techniques




  *Suport backward compatibility 3GPP R6 – RAT, RAI, IMEI IE removal, filtering




18 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Managing Performance Requirements
  Single Lane to Swim lane




                                                                 Inline solution unable
                                                                 to keep up
                                                                 Cannot support growth
                                                                 spikes
                                                                  – High Connection
                                                                    Rate
                                                                  – High Session Count


                                                                 Load-balanced or route
                                                                 spraying
                                                                 Configuration and
                                                                 management
                                                                 challenges




19 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Managing Feature Integration
  Network Intelligence to Physical Consolidation



                                                                 Provide stronger
                                                                 network intelligence
                                                                 Increasing
                                                                 Management
                                                                 Challenges
                                                                 Maintenance and
                                                                 support challenges


                                                                 Physical consolidation
                                                                 of multiple appliances
                                                                 Similar challenges as
                                                                 multiple appliance
                                                                 deployments
                                                                 Potential bottleneck at
                                                                 various functional
                                                                 “cards”
20 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
   Integration and Performance
   No-Compromise Solution
  Performance




                                                  Scale performance and integration
                                                  New service/application deployments
                                                    – Rapid time to market
                                                    – Tight integration between services
                                                  Simple management
                Integration
21 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Today’s Architecture


     Challenge                                 Challenge                     Challenge
         Limited CPU upgrades                     Cannot upgrade CPU           Each blade = separate
         Limited memory                           Restrictive I/O Options      appliance
         expansion                                                             CPU and I/O limitation
                                                                               at blade level

     Scalability Options                       Scalability Options           Scalability Options
         Upgrade CPU
                                                  Install I/O cards            Install more blades
         Install I/O cards
                                                  Upgrade Memory
         Upgrade Memory
                                                  Buy another router
         Buy a faster PC


                   PC/Laptop                                     Appliance                Chassis


         Fixed # of CPU                           Fixed CPU                    Fixed CPU and I/O
         Dedicated HW                             Dedicated HW                 on blades
         Expansion slots                          Expansion I/O slots          Flexible feature and
                                                                               performance


22 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Architectural Complexity:
  Barrier to Accelerating Service Deployment


                                   Static “Services” Delivery Only
               MGMT 1              MGMT 2               MGMT 3   MGMT 4   MGMT 5


                                                                 IPSec
               Routing             Firewall             IPS               NAT
                                                                 VPN




               OS 1                OS 2                 OS 3     OS 4     OS 5


                                                     Resources
     Service architecture must dynamically scale in all dimensions
23 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  SRX Services Gateway
  First in Family of JUNOS-based Dynamic Services Gateways



                                              Dynamic Services
               Consolidate Management Framework

               App Layer                         Threat
                                                                         Access Control
               Forwarding                        Prevention




                                                                 IPSec
               Routing             Firewall            IPS                       NAT
                                                                 VPN




                                     SRX Dynamic Services Gateway

24 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Break the Performance/Integration Tradeoff



                                                                 Services integration via
                                                                 JUNOS
                                                                 Processing scalability
                  Limited Services                               via SPC
                  Scalability via multiple                       I/O scalability via IOC
    Performance




                  appliances
                                                                 Management and
                  Management and                                 deployment simplicity
                  deployment challenges
                                                                 Services via dedicated appliances
                                                                 Management and deployment
                                                                 nightmare




                                                   Service Integration
25 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Juniper’s Service Enabling Network Infrastructure


             Applications & Services
             Applications & Services

                                       OPEN

              Network Intelligence
               Network Intelligence




                                                           Security
             Policy Control & Identity




                                                           Security
             Policy Control & Identity
               Network Intelligence
             Policy Control & Identity
                                   OPEN



      Cell
      Cell        Aggre-
                  Aggre-                 Packet
                                         Packet
                              Edge
                              Edge
      Site
      Site        gation
                  gation                  Core
                                          Core




26 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
  Juniper’s NGN Security Solutions
  in Global Service Providers
                                                      Mobile
                          VoIP                        Security
                          Security



                                                                                               Mobile
                                             Mobile                                            Security
                                             Security                       Mobile
                                                                            Security
                            Mobile                               Security
                            Security            Mobile           Services
IPTV                                            Security
Security


                                            IPTV
                                            Security
                                                                                 * This is not a complete list

27 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
                      THANK YOU

28 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net
29 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:6
posted:6/17/2010
language:English
pages:29
Description: Top Technology For 2010 Year
Sherin William Sherin William http://
About