Uploaded by minhkhang269

GigaPROPRO Architecting 4 ServicePro

advertisement
Gigamon Professional
E-Learning Guide
Module- Architecting for Service Providers
Ver. 1.0
SW REL. 5.X
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
COPYRIGHT
Copyright © 2019 Gigamon. All Rights Reserved. No part of this publication may be reproduced,
transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by
any means without Gigamon’s written permission.
TRADEMARK ATTRIBUTIONS
Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries.
Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the
trademarks of their respective owners.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
GigaPRO Professional
Architecting for Service Provider
Welcome to the Gigamon Professional module describing how to Architect for Service
Provider environments.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Service Provider Challenges
• Massive customer base
• Diverse network topologies
• Oversubscribed tools
• Monitoring the Customer
• Monitoring Internal Operations
• Rapid Response to degraded
performance and outages
• Protecting sensitive customer
information and metrics
• Analytics and Trending
©2017 Gigamon. All rights reserved.
As the number of subscribers continues to increase, service provider networks must
increase network capacity and the rollout of network technology in order to keep up with
demand. However, service providers face many challenges including:
The sheer volume and type of traffic as demanded by a massive customer base and
billions of transactions.
The use of many diverse technologies in their networks, such as: 2G, 3G, HSPA, LTE,
and VoLTE among others.
Tool oversubscription, as the tools are inundated with traffic.
The constant need to reduce churn and increase customer satisfaction. Gigamon also
removes information that is not needed, thereby relieving the tools of unnecessary
processing.
Monitoring internal operations is extremely critical so there are real-time monitoring
tools that alert the operator whenever there are any faults. For example, if a core device
goes down, the operator must know about it straightaway.
Traffic is monitored at points than in typical Enterprise networks. For instance, traffic is
monitored on either side of many devices. If there is degraded performance or outages
in the network, a rapid response is a must.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Carrying out network operations, monitoring and increasing performance without
violating the customer’s privacy.
And finally, the ability to perform analytics and usage trend at any time.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
What Is the Triple Challenge?
UNDERSTANDING THE RESOURCE CRUNCH
Interdependencies
• Deploying IP Voice leads to 100Gb
• Deploying 40 / 100Gb leads to CNV
• Deploying IP Voice leads to CNV
IP Voice & VoLTE
100Gb
Network Virtualization
Risk
Risk
Risk
©2017 Gigamon. All rights reserved.
Service providers are faced with three interdependent technology upgrades:
• deploying IP Voice as well as Voice over LTE services
• * high-bandwidth data and
• * network virtualization.
This requirement for high-bandwidth data and packetized voice services as well as
other cloud –based data services in the mobile device network is driving the need to
increase data bandwidth across the air-interface to the mobile device.
This, in turn, is pushing the service providers to increase bandwidth on the backhaul of
the network as well as in the network core. The backhaul is commonly being increased
to accommodate 40 gigabit data transfers and the Core speeds are increasing to 100
Gigabit.
To be more flexible in providing services on demand, service providers are being
pushed towards virtualizing their networks.
In the past, operators have been able to deploy new technologies in series. With the
current new technologies, due to the interdependency on each other, they are linked.
Therefore, instead of deploying new technologies in series, the deployment of one new
technology forces the deployment of another new technology, and so on.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
These inter-relationships are making it difficult for the operator to gain confidence in
rolling out each new technology, as well as making it difficult to pinpoint source problem
areas.
When deploying these new technologies, the operator is faced with a number of
decisions to make:
•
•
Upgrade the core beforehand due to worries about quality of service issues in
general, or wait until bandwidth requirements placed upon the 4G/LTE force the
move of voice services from the existing circuit switched 2G?
Upgrade core routers in anticipation of rising traffic, or virtualize the core routing
network elements first?
Virtualize the core first, then deploy VoLTE as a virtualized network function, or deploy
VoLTE as a legacy function in their traditional network since the network is already in
place?
Due to the three technologies being interdependent, deploying any one will result in
either of the other two technologies also being deployed. Independent of the starting
technology, the interdependencies and technology interrelationships will cause the
rollout of all three.
To de-risk Triple Challenge deployments and understand technology interactions,
monitoring will become critical. No longer can monitoring solutions operate in silos for
each technology independent of each other.
• IP Voice is a very sensitive service, complete visibility from edge to core is needed to
debug complex transport/service layer inter- related issues
• Bonded 10 gigabit, 40 gigabit, and 100 gigabit /400 gigabit Transport needs
advanced processing across the fabric, but cost effective tools capable of connecting
to and monitoring 100 gigabit /400 gigabit transport pipes are not available.
• Network virtualization is a complex new technology with no built-in monitoring
capability. To deploy NFV is to remove the visibility from a large part of your existing
network
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
NFV Design Challenges
Network Function Virtualization
The market for server virtualization
infrastructure has matured, surpassing
75% of all server workloads, and this
trend is increasing.
Data from Gartner report
©2017 Gigamon. All rights reserved.
Network Function Virtualization - or NFV - aims to transform the way that service
providers architect their networks because software that emulates the network functions
can be dynamically moved to various locations in the network as required, without the
need for installation of new equipment.
NFV transforms network operations. Virtualization eliminates the dependency between
a network function and its hardware by creating a standardized execution environment
and management interfaces for the Virtualized Network Functions.
This results in the sharing of the physical hardware by multiple Virtualized Network
Functions in the form of virtual machines. Further pooling of hardware facilitates a
massive and agile sharing of NFV Infrastructure resources. This creates new business
opportunities analogous to the cloud computing service models of: Infrastructure as a
Service, Platform as a Service, and Software as a Service.
Functions which normally run on proprietary hardware in a mobile core can be
virtualized using commercial off-the-shelf servers in a cloud environment and easily
deployed as redundant services that can be rolled out at a moment’s notice to improve
availability and uptime. Providers leverage NFV to reduce their operational costs
because virtual versions of these network functions are easier to manage, configure and
deploy.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
NFV Architecture Will Drive East-West
Traffic Growth, But There’s a Problem….
Virtualized
DB Server
NFV
Virtualized
DB Server
Virtual Switch
Virtualized
App Server
Virtualized
App Server
Virtual
AAA
AAA
Virtual Switch
Virtual
WEB
NFV
Virtual
WEB
Virtual
AAA
WEB
Virtual Switch
Central, Core Router
©2017 Gigamon. All rights reserved.
Service providers have years of experience in monitoring and securing a physical
environment. Since Network Function virtualization is both new and evolving their
experience in there is also new and evolving, while visibility is often limited and much of
the traffic never leaves the virtual space. At the same time NFV is still in its early stages
- which means the overall architecture and implementation is still evolving. There is
much debate around the standards and capabilities that need to be included in NFV
solutions.
Suppose an organization needs to enforce a policy for a subset of east-west traffic such as filtering traffic between two workloads or virtual machines.
For the network to enforce this policy, packet filters or rules must be configured
manually on various devices. Should one of the workloads migrate without network
team intervention, the required configuration may not reside at the new device where
packets enter the network.
It is easy to tap onto a physical link and gain access to traffic flowing north-south as we
have seen in other modules. But what about dealing with traffic that never leaves the
physical server? How do we tap onto traffic flowing east-west between virtual
machines, or see traffic that might be part of different tenant’s that we do not have direct
administrative control over?
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
The Solution – Unified Tool Rail
THE UNIFIED VISIBILITY PLATFORM ARCHITECTURE DRIVES THE UNIFIED TOOL RAIL
©2017 Gigamon. All rights reserved.
This diagram shows the interconnectivity between different parts of the network as well
as the connectivity between the traditional network core and virtualized network
functions. All of the new and old technologies need to be properly monitored such that
the impact of one upon another is minimized, and where there are unknown or
misunderstood interactions this behavior can be quantified and resolved.
A Unified Tool Rail provides visibility to each new technology and to all the places in the
network where issues could manifest.
The unified tool rail is superimposed on top of the Gigamon Unified Visibility Platform
architecture and offer visibility across the new technologies, eliminating any barriers or
silos. All parts of the network are being monitored in unison - including the Network
Function Virtualization layer and the more traditional virtualized data center layer allowing for understanding and analysis of how each of the Triple Challenge technology
deployments affects the other technologies.
Operators can see interactions between the user-generated East/West traffic and
interactions with the North/South virtual transport traffic.
Visibility allows operators to de-risk the deployment of new technologies, maintain
network uptime, deploy technologies faster with the same amount of resources, reduce
network and service down time, reduce customer support service call costs and
ultimately reduce churn.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Gigamon Solves the Triple Challenge
100Gb
Too Much Traffic
VoLTE
Complex, Sensitive
RTP issues
Intelligence
at the Edge
De-Risk
& Simplify
UNIFIED
TOOL RAIL
Network
Virtualization
Lack of Visibility
Pervasive
Visibility
©2017 Gigamon. All rights reserved.
With all of the changes, service providers are fundamentally transforming how they
manage and monitor their networks to keep up with escalating amounts of traffic, new
handsets, new real-time services and complex subscriber behaviors. The approach to
add more analytic and performance management tools has been difficult due to variable
rate interfaces and variable throughput processing capabilities - making it problematic to
integrate, scale, or aggregate disparate traffic to achieve a holistic view of a
subscriber’s daily services and device use.
The following high-level summary shows how Gigamon helps with the triple challenge:
First and foremost, Visibility matters. A Unified Tool Rail is the best way to manage and
monitor the risks represented by the Triple Challenges; and to reduce risk for all of
these deployments, whether they deploy at the same time or whether they deploy one
after the other.
Only the Gigamon Visibility Platform has the “depth of monitoring “, power and features
to provide a Unified Tool Rail to solve the Triple Challenge issue.
Service providers are advised against relying on spot or “thin-layer” monitoring as a
complete and all-encompassing monitoring solution. Those solutions are not suitable,
and the service provider will soon find itself buying a “thick-layer” monitoring solution.
Proposing a robust and extensible monitoring solution up-front will improve credibility
with senior management, and because of the modularity and extensibility of the platform
the solution is able to grow and expand to accompany new and expanded services.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
It becomes faster to deploy new technologies as now the new technologies are fully
monitored allowing for better understanding of the impacts of one technology on another
as well as between various traffic types.
It becomes cheaper to deploy monitoring within a well-architected and unified tool rail,
and to use that unified tool rail for all three new technologies.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Service Provider Architectures
This section covers the different deployment architectures deployed by service
providers.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Design Considerations in 3G Networks
Subscriber
Devices
Base Station
Subsystem
Mobile Core
PDN
MSC / HLR
Network
Performance
Management
GGSN
PCU
Application
Performance
Management
Gr / Gs
SGSN
S3
Customer
Experience
Management
S4
RNC
Security
LTE MME
LTE S-GW
©2017 Gigamon. All rights reserved.
This diagram shows the network architecture and components in a 3G network. 3G is
being phased or integrated into 4G networks. An LTE gateway is included in this
architecture to illustrate where 4G interconnects with the older 3G technology.
Since 3G networks consist mostly of proprietary nodes and proprietary network control
protocols there are not many places where Ethernet traffic is accessible.
• Data in the Base Station Subsystem is often not packet based.
• Data in the Mobile Core, along with connections to the Base Station Subsystem are
IP packet based, but may not be Ethernet.
Marked by an orange tapping point, the Gn interface is where GTP version 1 Control
Plane and User Plane traffic used by GigaSMART GTP Correlation crosses between
the SGSN and GGSN. When integrated with 4G networks the GTP traffic also crosses
between the SGSN and MME.
The blue tapping points can be used to obtain any other Ethernet traffic for aggregation
and filtering before forwarding to tools.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Design Considerations in 4G / LTE Networks
Subscriber
Devices
Access
Network
Evolved Packet
Core
PDN
HSS
Network
Performance
Management
MME
eNodeB
UE
P-GW
Application
Performance
Management
X1 / X2
S2
S3
S-GW
Customer
Experience
Management
S4
UE
eNodeB
CDMA 2000
PDSN / FA
Security
3G SGSN
©2017 Gigamon. All rights reserved.
4G/LTE is an IP-based and packet-switched evolution of 3G technologies capable of
speeds up to 1 gigabit per second.
Connections pass from the end user on the left, through the evolved base stations – or
eNodeB - and then to and between the MME and SGW – the Serving Gateway - to the
Home Subscriber Server, and ultimately to the Packet Data Network on the right. This
diagram shows the complex reality in which LTE exists, where it must interact with preexisting network elements, including 3G networks and Internet. The Mobility
Management Entity – or MME - authenticates wireless devices and is involved in handoffs between LTE and previous generations of technology.
This technology is designed to provide IP-based voice services, plus data and
multimedia streaming at speeds of at least 100 megabit per second and up to 1 gigabit
per second per user device.
Higher per-device speeds leads to ever increasing speeds in the core of the network.
Once past the cell site, it’s all IP and this migration to an all-IP architecture offers better
spectral efficiency, a seamless migration for earlier technologies, and a path to higher
performance.
As an all-packet network, there are many more points in the network where the data can
be accessed and where packet intelligence can be applied.
Orange tapping points again indicate where a visibility solution obtains traffic which can
be used for GigaSMART GTP Correlation and FlowVUE operations.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Blue tapping points can be used to obtain other Ethernet traffic for aggregation and
filtering, as well as traffic intelligence features before forwarding to tools.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
GTP User and Control Plane Correlation:
4G / LTE Networks with Flow
Load Sampling
Sampling/Whitelisting
Balancing
WITH GIGAMON VISIBILITY PLATFORM
Subscriber
Devices
Access
Network
Evolved Packet
Core
PDN
HSS
Centralized
Tools
MME
Flow Mapping®
UE
Application
Performance
eNodeB
P-GW
GTP
Correlation
S2
S3
S-GW
Load
Balancing
S4
eNodeB
Application
Management
Performance
Management
Network
Performance
Management
X1 / X2
UE
Network
Performance
Management
CDMA 2000
PDSN / FA
Customer
Experience
Management
Customer
Experience
Management
Security
FlowVUE®
Security
3G SGSN
©2017 Gigamon. All rights reserved.
Some network monitoring tools are required to see traffic from varying LTE/3G logical
interfaces,
S1-U, S1-MME or S11, on dedicated tool ports, but do not have the ability to process
traffic based on these varying logical interfaces
Utilizing LTE/3G Logical interface filtering, traffic flows from varying interfaces can be
directed to associated tool ports.
Gigamon Visibility Platform nodes can also discriminate between GTP version 1 and
GTP version 2 messages. In an LTE network, LTE sessions on the S1U/S11, S2, S3/S4
and S5/S8 interfaces are maintained using GTPv2 Control plane signaling while legacy
3G sessions on the Gn/Gp interfaces are maintained using GTPv1 Control plane
signaling.
Utilizing the GTP Version filter allows traffic from 3G networks to be forwarded to 3G
focused tools while directing LTE traffic to LTE specific tools. By correlating the control
and user-plane sessions, Visibility Platform nodes can identify, filter, and forward all
sessions specific to a GTPv1 or GTPv2 to one or more monitoring/analytic tools.
As traffic levels increase in LTE Mobile Core networks, tool capacity may not be able to
scale to support resulting traffic volumes. GTP correlation and other GigaSMART
features also provide Load Balancing across tools, which allows for the use of lower
speed tools for analysis of the session data for those subscribers.
GTP Correlation may be used together with GigaSMART FlowVUE to intelligently
choose a representative sample of a volume of traffic. Complete flows are sampled
rather than randomly picking packets for analysis. Sampling flows allows for statistically
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
accurate monitoring of the overall subscriber behavior and experience without having to
invest in enough tooling to fully monitor aggregated traffic from multiple links or from
higher speed 40Gb and 100Gb links.
Up to 500,000 high-value subscribers, or subscribers who need extra monitoring can be
identified by IMSI in a named whitelist to ensure that these subscribers are monitored
with a higher priority and outside of FlowVUE sampling.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Key Design Tapping Points
UTRAN
SGSN
Uu
Um
GERAN
S4
2G
S3
S12
3G
PCRF
Gx
eNB
S5/S8
SGW
S1-U
PGW
SLc
CBC
SLg
GMLSC/
LRF
S1-U
S11
X2
SLs
MME
UE
Uu
eNB
Ub
S1-MME
S10
MME
S6aE
HSS/SLF
Sv
E-SMLC
Rx
SGi
PDN
APN
Operator
Network
Services
IMS, PSS,
etc
MSC
©2017 Gigamon. All rights reserved.
This diagram indicates the key locations or interfaces that need to be tapped in order to
accurately capture the GTP control and user data as they enter the core. These
interfaces are the S1-MME, S11, and S1-U interfaces.
The S1-MME interface sits between the eNB and the MMEs. The MME communicates
with the SGW (Signaling Gateway) using GTP-c messages along the S11 interface.
These messages are some of the most important messages looked at from a monitoring
perspective. The S1-U interface sits between the eNodeB and the SGW. All user or
GTP-u traffic is forwarded using the S1-U interface.
Gigamon uses GTP Correlation and whitelisting to obtain specific signal messages on
all these interfaces. Note that there are specific tools that can inspect S11 traffic, S1-U
traffic, and S1-MME traffic. However, with the Gigamon Visibility Platform, all can TAP
these interfaces and the Visibility Platform can then deliver the aggregated traffic to the
tools as required.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
S1-MME
GigaVUE-HD8
UE
MME
eNB
SGW
PCRF
PGW
PDN
HSS
Attach Request
Attach Request
GigaVUE-TA40
GigaVUE-TA40
Uu
Authentication Information Request
S1MME – S1AP
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
S6a - DIAMETER
Authentication Information Response
Authentication/Security
S6a - DIAMETER
NAS
Update LocationRequest
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
S6a - DIAMETER
Update LocationResponse
Create Session
Request
S11 – GTP-C
S6a - DIAMETER
Create Session
Request
S5/S8 – GTP-C
Initial Context
Setup Request –
Attach Accept
Create Session
Response
Create Session
Response
Create Session
Request
Gx - DIAMETER
S5/S8 – GTP-C
S11 – GTP-C
Attach Accept
Attach Complete
Uu
QXDM
ASCOM
Other
S1-AP
S1-AP
SC-TP
SC-TP
S1MME-S1AP
Uu
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
IP
IP
L2
L2
L1
eNB
L1
S1-MME
eNB
©2017 Gigamon. All rights reserved.
This signal flow diagram identifies which interfaces are tapped and the how the
aggregation of this traffic can be filtered and forwarded through a GigaVUE architecture
for inspection.
Tapping the S1-MME traffic is critical as the MME is responsible not only for attaching
the user that has contacted the eNodeB but also for assigning GTP-c data for a
particular session with the SGW via the S11 interface.
The MME is also involved with the authentication and update location request for the
user against the HSS in order to determine whether or not the user can access the
network.
In general, operators will look at all the messages related to a user: between an
eNodeB and an MME, an MME and an SGW, and between an SGW and PGW. They
operators will correlate all the messages together to understand traffic from a users
perspective.
In this example traffic is aggregated from between an eNB and an MME and sent to a
GigaVUE-TA10, which is configured with a passall traffic map. Several GigaVUE-TA10’s
are aggregated to another GigaVUE-TA10 and then onto a GigaVUE-T40. In this
diagram the GigaVUE-TA40 is clustered with a GigaVUE-HD8.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
S11
GigaVUE-HD8
UE
MME
eNB
SGW
PCRF
PGW
PDN
HSS
Attach Request
Attach Request
GigaVUE-TA40
GigaVUE-TA40
Uu
Authentication Information Request
S1MME – S1AP
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
S6a - DIAMETER
Authentication Information Response
Authentication/Security
S6a - DIAMETER
NAS
Update LocationRequest
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
S6a - DIAMETER
Update LocationResponse
Create Session
Request
S11 – GTP-C
S6a - DIAMETER
Create Session
Request
S5/S8 – GTP-C
Initial Context
Setup Request –
Attach Accept
Create Session
Response
Create Session
Response
Create Session
Request
Gx - DIAMETER
S5/S8 – GTP-C
S11 – GTP-C
Attach Accept
Attach Complete
Uu
QXDM
ASCOM
Other
GTP-C
GTP-C
UDP
UDP
S1MME-S1AP
Uu
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
TCPDUMP
or
Protocol
Analyzer
IP
IP
L2
L2
L1
MME
L1
S11
SGW
©2017 Gigamon. All rights reserved.
Tapping the S1-MME traffic is critical as the MME is responsible not only for attaching
the user that has contacted the eNodeB but also for assigning GTP-c data for a
particular session with the SGW via the S11 interface.
The MME is also involved with the authentication and update location request for the
user against the HSS in order to determine whether or not the user can access the
network.
In general, operators will look at all the messages related to a user: between an
eNodeB and an MME, an MME and a SGW, and between an SGW and PGW. They
operators will correlate all the messages together to understand traffic from a user’s
perspective.
In this example traffic is aggregated from between an eNB and an MME and send it to a
GigaVUE-TA10, which is configured with a passall traffic map. Several GigaVUE-TA10’s
are aggregated, which then send traffic to a GigaVUE-TA10 and then onto a GigaVUET40. In this diagram the GigaVUE-TA40 is clustered with a GigaVUE-HD8.
For redundancy traffic can be replicated to a second set of GigaVUE-TA10, GigaVUETA40, and GigaVUE-HD8 nodes.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Internal Operations
A
B
GigaVUE-HD8
GigaVUE-HD8
GigaVUE-TA40
GigaVUE-TA40
GigaVUE-TA10
GigaVUE-TA10
Nx7K
Nx7K
Nx7K
A
B
Firewall
Firewall
LoadBal
LoadBal
Nx7K
©2017 Gigamon. All rights reserved.
This is an example Internal Operations network that would exist for activities like data
centers, stores, and billing operations.
For redundancy purposes, there is an A site and a B site. Note that Side A and Side B
usually exist on different subnets, and the visibility architecture should abide by this
redundancy separation.
As suggested by this design, if the A side becomes operationally down the B side takes
over to maintain operations.
So, it is important to remember for design considerations, the following points:
• Requirements for a visibility node: A high port density.
• Tapping points: Changes in traffic suggest possible problems, so TAPs are often
deployed before and after load balancers and firewalls – not just between access and
distribution layers.
• Cluster IP addressing: Members of a GigaVUE cluster must be in the same subnet,
and this can impact your cluster design.
• Flow map and rules: Establish a process or validation step to ensure that traffic
capacity limits within a cluster and going to tools are not exceeded.
Keep in mind that full redundancy will likely produce duplicate packets, and
correspondingly high traffic rates. The impact of duplication and its effect on various
tools should be one of the design considerations. It may be necessary to perform
deduplication, load balancing, and possibly even flow sampling to ensure that traffic
reaching tools is optimized to meet security and monitoring needs.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Example Tiered Architecture
Gx
Gn
S6b
GigaVUE-HD8
GigaVUE-HD8
GigaVUE-TA40
GigaVUE-TA40
DNS S12
Ga
S4
PGW
S5/S8
Gy
GTP
S11
SGW
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
MME
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GTP
S1-U
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
S1-MME
eNB
eNB
eNB
eNB
eNB
eNB
©2017 Gigamon. All rights reserved.
This diagram displays another view of a tiered architecture in use today at a large
mobile service provider.
Large volumes of S1-U interface GTP-u user data traffic is identified by the purple path.
While the associated S1-MME interface GTP-C control traffic shown in blue is taking a
different path.
Other protocols such as the S11 traffic also take the second path.
Note that the traffic types travel the network via different sides of the tiered architecture.
This diagram only represents a few protocols and interconnections.
There are many more,
And at scale with redundancy. Every new eNodeB adds thousands of connections that
need monitoring. Scaling visibility to accommodate a network of this size requires a
well-designed architecture.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Example Tiered Architecture
Cluster Configuration
GigaVUE-HD8
GigaVUE-HD8
GigaVUE-TA40
GigaVUE-TA40
PGW
S5/S8
GTP
S11
SGW
MME
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GTP
S1-U
Map: Passall
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
GigaVUE-TA10
Map: Passall
S1-MME
eNB
eNB
©2017 Gigamon. All rights reserved.
Owing to the vast size of the network being monitored, a mobile service provider
deployment can easily require hundreds of nodes and tens of thousands of rules. One
service provider deployment routinely operates with seventy to eighty thousand rules.
Without clustering separate maps would be required for each visibility node along the
path, and in this environment where change is frequent rule creation and rule changes
would be an arduous administrative task that would also create risk due to typographical
error. Additionally, clustering GigaVUE TA Series nodes quadruples the maximum count
for those nodes so more specific rules are possible.
The example deployment in use at a large mobile service provider uses the maximum
supported node count for clustering, starting at the GigaVUE-HD8s where GigaSMART
operations including GTP Correlation and Deduplication are applied and traffic is then
sent to tools. Within the cluster a single map gathers traffic from the lowest tier in the
cluster and forwards that traffic through the cluster to tools, thereby considerably
reducing the number or rules required and the risk of error. Below the clustered tiers
comparatively simple maps are applied on a per-node basis, largely to get traffic into the
cluster where more complex rules are used.
Clustering represents an important design feature for really large deployments, both
from a rule reduction perspective and from the corresponding reduction in time spent
creating and maintaining traffic forwarding rules.
Care must be taken in designing clusters for architectures like the previously shown "A"
side and "B" side redundancy design used by the service provider, as each side may be
using different subnets too. Clusters currently require that all members of a cluster must
be in the same subnet.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Increasing Scale
• Establish clear guidelines for naming conventions
– Node, port, map naming and comments
• Ease of configuration through clustering
– Multiple nodes managed as a single entity
– Simplified traffic mapping from any network port to any tool port
• Clustering Resources
– GigaSMART as a cluster resource
– Increase in GigaVUE-TA Series rule space
– Port density through clustering
• Flexibility for future growth
©2017 Gigamon. All rights reserved.
It is clear that service providers operate very large networks. With hundreds of physical
nodes the map rule count will likely be in the tens of thousands. Add virtual traffic
access and a Visibility Platform can number in the thousands of nodes. Architecting a
deployment for visibility on this scale requires careful planning. The following are
important design considerations for the physical deployment:
When expecting tens of thousands of maps, be sure to plan summarized or abbreviated
naming for nodes, for how ports are named, and for map naming which packs a lot of
information into a coded string. Maps names can easily include information about
device type, market, ports used, type of traffic monitored, where the traffic is coming
from, the tool it is destined for, who requested the traffic, and even whether the map is
temporary or permanent. Leveraging 2 to 4-character coded designations that are likely
already in use - plus a few additions - a generalized template concatenating a series of
these codes can fully describe the map using relatively short names, while imparting
considerable information.
Node clustering provides many benefits, including:
• Multiple nodes managed as a single entity and accessed through a virtual cluster
management IP address. This single console can be used for everything from
configuration to backups and upgrades.
• By clustering the required number of traffic forwarding rules are decreased
considerably, directly translating into less time and effort needed to keep up with
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
changing visibility needs. Without clustering the number of rules needed to forward
through 4 or 5 different nodes is equal to the node count in the path. In addition to the
risk of error, the time required to create 4 or 5 rules instead of one adds up quickly.
Done through a cluster the same sequence is performed using a single rule.
• Once clustered, any GigaSMART resources become cluster resources. For example,
traffic from node 3 can forward to a tool on node 7, but also pass through
GigaSMART GTP Correlation on node 6 as a single mapping operation. Without
clustering GigaSMART would have to be installed in each node where traffic
intelligence operations like GTP Correlation were needed.
• GigaVUE TA Series nodes are highly useful in Service Provider environments where
traffic from thousands of links needs to be aggregated before it is filtered and sent to
tools. Offering high port density but lacking the advanced feature set available from
GigaVUE H Series nodes, the GigaVUE TA series nodes may not have enough rules
available for environments this large. When GigaVUE TA Series nodes are included
in a cluster the available rule count is quadrupled.
• And, as service provider networks grow and evolve, the modular nature of most
GigaVUE nodes means that it is easy to add support for emerging technologies and
to change the port density or interface types.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Solution Scope
Identify the Requirements; Size the Solution
After choosing specific GigaVUE features for this solution, gather requirements
information on a per-location basis. Requirements fall into a number of categories, but
the two categories common to all architectures and solution designs relate to port
counts and feature capacity.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Service Provider Solutions
The following information describes how to size and specify solutions involving
features primarily used for just Service Provider environments.
• See the Architecting for Visibility
training module for sizing solutions
which include out of band monitoring
• See the Architecting for Security
training module for sizing
solutions which include
GigaSECURE features
• See the Architecting for Cloud
training module for sizing virtualized
environment solutions
GigaVUE-VM and
GigaVUE® Nodes
Metadata
Engine
Application
Session Filtering
SSL
Decryption
Inline
Bypass
©2017 Gigamon. All rights reserved.
This module is focused upon sizing and specifying features primarily used just in
Service Provider environments.
Refer to the Architecting for Visibility presentation for information about sizing and
specifying typical out of band monitoring features which may be included.
Refer to the Architecting for Security presentation for information about sizing and
specifying GigaSECURE features which may be included.
And refer to the Architecting for Cloud presentation for sizing and specifying features for
virtualized environments which may be included.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
1
Port Requirements Per Location
Calculate the total number of ports required for each location.
Inline
Bypass
Network
Ports
Tool
Ports
Crossbox
Ports
Port
Speed
x
Total
1Gb
x 10Gb
x 40Gb
x 100Gb
• See Architecting for Visibility for sizing out of band monitoring solutions.
• See Architecting for Security for sizing inline bypass solutions.
• See Architecting for Cloud for sizing virtual monitoring solutions.
©2017 Gigamon. All rights reserved.
Utilize the general Architecting for Visibility presentation instructions for determining a
count of required ports for out of band monitoring.
If inline bypass is required, or if the GigaSMART features of NetFlow and Metadata,
Adaptive Packet Filtering or Application Session Fltering, or SSL decryption are required
then utilize the Architecting for Security sizing instructions.
If private, hybrid, or public cloud virtualization is involved, the Architecting for Cloud
presentation describes what to watch for and how to size virtual traffic monitoring.
The next section extends previously described GigaSMART sizing instructions to
include GTP Correlation and FlowVUE GigaSMART features which relate more
specifically to Service Provider networks.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
2
GTP Correlation
GTP Correlation selectively forwards GTP-u user data plus the associated
GTP-c control messages to tools based on Subscriber ID’s.
• Identify volumes of traffic for which GTP Correlation is required.
Sum the total traffic in packets per second if possible, and in simple bandwidth
as a secondary estimate option.
• Record the pps requirement per location and specify GigaSMART capacity accordingly.
©2017 Gigamon. All rights reserved.
Correlated subscriber traffic can be selected and forwarded to monitoring tools utilizing
subscriber attributes such as IMSI, IMEI, MSISDN, or GTP session information, such as
GTP Version or Mobile Core Logical Interface. Forwarded traffic on a network this large
routinely exceeds the ability of a single tool to process, so stateful load balancing of
traffic to tool groups can be configured too.
Sum the traffic volume in packets per second, or at least in anticipated bandwidth for
each location.
Then match GigaSMART engine capacity against the volume recorded per location to
derive the needed number of GigaSMART engines at that location.
Note that the required GigaSMART capacity for GTP Correlation in a service provider
environment is typically a lot greater than for GigaSMART features in an average
Enterprise network.
As an example, the GigaSMART capacity for one cluster in a large service provider
environment included eighteen GigaVUE HD Series GigaSMART line cards, though that
capacity is used for Deduplication and FlowVUE too.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
FlowVUE
FlowVUE provides for sampling of sessions within a selected volume of traffic.
FlowVUE also works closely with the GTP Correlation feature to whitelist highvalue subscribers.
• Identify volumes of traffic which should be sampled by session and sent for inspection.
Sum the total traffic in packets per second if possible, and in simple bandwidth
as a secondary estimate option
• Record the pps requirement per location and specify GigaSMART capacity accordingly
©2017 Gigamon. All rights reserved.
The GigaSMART FlowVUE feature monitors sessions within a selected volume of traffic,
and then sends a configured percentage or count of those sessions to tools. The GTP
Whitelist feature allows a defined list of up to 500,000 high-value subscribers to be
chosen to receive full time monitoring even with GTP correlated FlowVUE processing
enabled.
Sum the traffic volume in packets per second, or at least in anticipated bandwidth for
each location.
Then match GigaSMART engine capacity against the volume recorded per location to
derive the needed number of GigaSMART engines at that location.
If updating an existing deployment to support Whitelisting be sure to verify that the
version 2 control card for the GigaVUE node has the current shipping amount of RAM or
include the upgrade kit.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
GigaSMART Requirements
Utilize the combined pps or bandwidth requirements for all GigaSMART features to choose a
combination of GigaVUE nodes and the corresponding GigaSMART module count that will
satisfy the GigaSMART capacity requirement per location.
GigaVUE-HB1
GigaVUE-HC1
GigaVUE-HC2
GigaVUE-HC3
GigaVUE-HD4
GigaVUE-HD8
1 Module
1 @ 10Gb
1 @ 20Gb
1 @ 40Gb
2 @ 100Gb
2 @ 40Gb
2 @ 40Gb
2 Modules
—
—
2 @ 40Gb
4 @ 100Gb
4 @ 40Gb
4 @ 40Gb
3 Modules
—
—
3 @ 40Gb
6 @ 100Gb
—
6 @ 40Gb
4 Modules
—
—
4 @ 40Gb
8 @ 100Gb
—
8 @ 40Gb
5 Modules
—
—
5 @ 40Gb
—
—
10 @ 40Gb
6 Modules
—
—
—
—
—
12 @ 40Gb
Interpretation: 2 @ 40Gb equals two engines per module operating at up to 40Gb per engine (80Gb for the module)
©2017 Gigamon. All rights reserved.
Performance is measured in packets per second, per engine, so use the total packets
per second requirements per feature to calculate the needed number of GigaSMART
engines.
Since packets per second data is rare, as a rough calculation the bandwidth estimates
for all GigaSMART features can be used to find approximate GigaSMART module
counts that will satisfy the GigaSMART capacity requirement per location.
The first row of the table includes the GigaVUE-HB1 and GigaVUE-HC1 which have
GigaSMART functionality built into the system board. The other node types show the
supported number of GigaSMART engines per module, along with the interface
bandwidth for each engine.
To help interpret the table, the bottom right cell indicates that the GigaVUE-HD8
supports up to six modules per node, with a total of twelve engines available from six
modules. Each engine supports up to 40Gb of traffic. Calculated out, the bottom right
cell indicates that a fully loaded GigaVUE-HD8 offers up to 480 gigabits per second of
GigaSMART capacity.
Refer to the Architecting for Visibility presentation for more information about sizing and
GigaSMART requirements which may be needed.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Module Requirements
Update the total port counts to pick node and module combinations to match.
List the resulting module types separately, then match the module totals against
chassis capacity, allowing as required for expected growth per location.
Substitute port modules for GigaSMART modules having ports where appropriate.
©2017 Gigamon. All rights reserved.
Use the updated GigaSMART module requirement and any updated totals for port
counts to review the module and line card choices for each node type in order to
produce deployment options for each location.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Thank You
This completes the training module describing Service Provider solution sizing.
CONFIDENTIAL – USE BY GIGAMON EMPLOYEES AND PARTNERS UNDER NDA – NOT FOR CUSTOMERS
Download