Вы находитесь на странице: 1из 16

White paper From dumb pipes to smart services

From dumb pipes to smart services

Adding intelligence to the core network
with L4L7 networking devices
By Monica Paolini, Senza Fili

Sponsored by

2014 Senza Fili Consulting www.senzafiliconsulting.com


White paper From dumb pipes to smart services

1. Introduction.
A new, application-based approach to traffic management
Fixed and mobile networks today serve an ever-growing quantity of data traffic that passes through an increasing number of applications and services. To optimize
performance, keep costs under control and monetize the services, operators need a new approach to managing traffic. Traditionally, mobile operators handle growth
in traffic volume and complexity by increasing capacity adding hardware to the core and radio access network and by enhancing IP routing to direct traffic to the
required network elements more efficiently. However, scaling-out to support the expected growth in traffic volume and the expanding range of new services, while
maintaining high levels of QoE, is proving to be cost-prohibitive. In the core network, IP routing at the OSI layers 1 to 3 (L1L3) guarantees fundamental traffic
management, but it is running up against its limits. With applications generating data flows with different sets of requirements, routing traffic complexity has
increased to a point at which, because it lacks understanding of the protocols and applications, basic IP routing is not sufficient.
By using L4L7 intelligence to manage traffic, operators can move beyond these limitations of IP routing. While IP routers provide fast routing of packets, in a mobile
environment, they lack the intelligence needed to optimize the use of network resources, leading to network inefficiencies. An L4L7 device in the data and signaling
plane understands the higher layers of the network stack, from the protocol to the application layers, and so it can leverage network intelligence for better routing
decisions. This new approach requires operators to shift the focus of traffic management from packets to traffic flows, from basic IP routers to high-layer proxies, and
from carrying data to support of services and applications. This change in focus enables them to closely monitor and improve the performance target that matters the
most: the QoE, which captures the end-to-end network performance from the subscriber viewpoint. Providing higher QoE and end-to-end user experience is crucial
for operators to move from the financial constraints of a dumb-pipe strategy, to offering smart and innovative revenue-generating services.
This paper examines the drivers behind the shift toward traffic management at L4L7, and how this evolution benefits operators and their subscribers. First, we
discuss the implications of moving up in the OSI stack and of using an application-aware approach. We then explore the impact of L4L7 networking devices, both in
the data plane and in the control plane, across five domains: dynamic traffic management, TCP optimization, context-based use of network resources, Diameter
signaling traffic optimization, and network/DNS protection.

2014 Senza Fili Consulting www.senzafiliconsulting.com


White paper From dumb pipes to smart services

2. Moving beyond packets to application-aware routing.

From L1L3 IP routers to L4L7 networking devices
Basic IP routing is highly efficient because it is stateless and extremely simple.
Incoming packets are inspected by a basic implementation of IP, the addresses are
examined (and perhaps modified), and the packets are passed back out. More
advanced routers and L3 proxies have a limited ability to understand some of the
higher-level protocols for example, to manipulate TCP headers or even to examine
HTTP headers. However, support for these protocols adds significant complexity to
routers, because they have to use incomplete lower-layer implementations of
higher-level protocols.
While it is possible to perform routing at L3 that is more intelligent than pure address
lookup, it is difficult for operators to define flexible and dynamic policies, or to make
changes to adapt to new services. In addition, because of the simplicity of the routing
model, decisions are not always optimal. For instance, a router may send data traffic
that contains no video content to the video compression server because the router
lacks the ability to identify the type of traffic correctly, or, in the control plane, it may
send OCS charging records to network elements not involved in charging.
In the data plane, an L4L7 networking device acts as a proxy to give operators
visibility into the traffic flow. With that context information, they can optimize
switching/routing (see table, right) by examining the IP layer and higher layers, such
as TCP and HTTP. This allows the device to direct traffic only to the network elements
that are required. An L4L7 proxy can, for example, detect video content in the HTTP
protocol and dynamically steer the traffic first to a URL filter to apply user- and
application-specific policy, and only then to a video compression server.
In the control plane, the same approach provides the application-layer and
transport-layer context-based information that is needed to direct signaling traffic to
the relevant resources (e.g., to the appropriate OCS server for charging decisions),
thus limiting traffic and the resources needed to process control-plane signaling.
2014 Senza Fili Consulting www.senzafiliconsulting.com

L1L3 basic IP routing

Low latency (closer to a raw pass-through)

Simple approach to routing, based generally on IP address
L3 (and possibly L2) optimization
Very limited understanding of the protocols and visibility into the
applications driving traffic flows
Fixed traffic and mobile traffic treated in the same way
Requests treated independently, with limited ability to reuse
connections to optimize traffic to remote servers

L4L7 networking devices

Visibility into data type, transmission requirements, and context,

allowing for rich routing rules
Increase in raw latency in L7
Optimization at all layers, including application, to tune traffic flows in
a very granular and dynamic fashion
Higher complexity, because L4L7 networking devices must fully
implement all protocols rather than passing data through unchanged
Ability to terminate and originate connections or sessions, allowing
tuning to meet the network-specific (and different) requirements of
mobile and fixed networks
Leveraging context to understand the relationship among requests,
by integrating information from the data and control planes


White paper From dumb pipes to smart services

The addition of L4L7 networking devices adds intelligence to traffic management,
but also complexity that may result in higher raw latency within the core network.
However, application-aware traffic management can make better routing decisions
that reduce the overall end-to-end latency and improve QoE, bringing a net benefit
to operators in terms of costs and performance. L4L7 proxies can improve QoE and
efficiency in the use of network resources, and enable robust, cost-effective support
for advanced services.
By adding L4L7 awareness to various elements in the data and control planes,
operators can shift their focus from increasing throughput (the raw count of bits per
second) to increasing goodput (the useful bits per second), which is more directly
correlated to improvements in QoE. To do so, they have to move beyond tracking
only simple metrics like raw latency, and work to manage traffic from the transport
layer to the application layers. While established metrics remain useful, measuring
quality purely at the lower network levels is no longer sufficient. What matters to
subscribers is their experience: i.e., how quickly web pages load or whether video
content plays without stuttering. The latency of any given packet does not matter to
them, nor does it adequately quantify how good the experience was. By trying to
maximize goodput rather than throughput, operators can access the benefits of
adopting L4L7 devices that may increase core-network raw latency, but that can
improve traffic management and QoE because they have visibility into the conditions
and traffic from both the mobile and the internet sides.
To extract information from the transport and application layers with proxies,
operators have to move beyond managing traffic at the packet level. The reward is
better alignment with their goal of improving QoE by maximizing goodput so they
can support rich services that require advanced access to context and policy
implementation. The rest of the paper discusses examples of how traffic
management that uses L4L7 intelligence can change the way operators treat data
and signaling traffic and the benefits operators may gain.

2014 Senza Fili Consulting www.senzafiliconsulting.com


White paper From dumb pipes to smart services

3. Adapting to increased traffic complexity.

A dynamic approach to policy and context
Operators have to manage increasing volumes of data and signaling traffic in a
challenging environment, where network resources are limited, demand from
subscribers and the need to monetize new services are growing quickly and
traffic characteristics and network utilization vary continuously across the
network and time. The basic IP approach that treats all packets in the same way,
regardless of application, content type, network load, subscriber, device, and
location is no longer sustainable; it leads to inefficient use of network resources
and hampers the ability of operators to offer and monetize compelling new
L4L7 processing facilitates a move to a dynamic traffic management approach.
It enables operators to continuously adapt traffic routing choices to enforce
advanced policy based on real-time context. Four mechanisms illustrate the new
functionality that this approach introduces:

Dynamic bandwidth controls, combining policy and application-layer

information to control the quality or amount of data allowed for different
services, content types or applications, tier or plan features, or devices.
For dynamic services, for which subscribers pay on an occasional basis,
the operator has to be able to change the level of service in real time (e.g.,
support a video call during peak time, by prioritizing video traffic to a
specific user).
Dynamic traffic steering, intelligently routing responses through a
particular path in the core network, to avoid wasting resources or adding
latency. For instance, knowing the application associated with traffic
enables the operator to decide which traffic should be directed to the
video or HTTP compressing servers, and under which network conditions
traffic should be compressed (e.g., the operator might want to compress
traffic only when and where the network is congested).

2014 Senza Fili Consulting www.senzafiliconsulting.com

Dynamic service chaining, allowing operators to combine multiple

context and policy contributions. For instance, for a subscriber with
parental control activated, video content from a blocked URL does not
need to be sent to the video compression server; video compression can
be chained to a URL filter.
Dynamic header insertion, adding additional user- or context-specific
information in the packet header to pass on to OTTs and content
providers, or to use in their own applications. For example, an L4L7
networking device can add user location as a header, thus allowing OTTs
to include targeted, location-based ads or coupons in the response.
Similarly, operators can dynamically inject ads into the application-layer
traffic to gain additional revenues.

Examples of dynamic traffic control for video content

Give premium subscribers prioritized access over other subscribers for
video, and allow them to choose whether they want video to be
compressed. Lower-tier subscribers may have no access to video content
during peak hours, or when the RAN is congested
Charge prepaid subscribers differently to access the same video content
based on network load
Offer discounts or free access to specific subscribers or at specific times to
encourage service adoption
Compress, optimize or block video traffic depending on subscriber
preferences or subscription plan, network load (e.g., compress only
when/where network is at capacity), or roaming status (e.g., disable HD
video or all video when roaming)
Decide whether and when to inject advertisements into responses,
depending on subscriber preferences, plans, location, etc.

4. TCP optimization for mobile and fixed environments.

A better QoE from sitting in the middle
The internet was largely built on the success of IP, which was designed to allow
for continual innovation in scenarios and features. However, IP was not explicitly
designed for mobile scenarios. The traditional metrics used to assess the quality
of an IP connection are aimed at fixed scenarios, and most of the work to date
that has gone into finding ways to improve IP performance have thus also
targeted fixed scenarios.
Mobile operators deal with two distinct networks, however the internet side
and the mobile side and must manage any disparity between the two. TCP,
which is the most common protocol layered on top of IP, is successful because it
ensures robust, reliable delivery of messages. If operators cannot separately
manage the TCP traffic on the mobile and internet sides, the very robustness
that is an advantage in fixed networks can sometimes degrade overall
performance. Operators must be able to adjust window sizes and buffers
independently on the distinct connections if they wish to optimize overall traffic
flow. L4 networking devices, unlike routers, terminate and originate paired
connections, which means they are able to separately manage all aspects of the
connections used on each side.
Latency and the degree of packet loss are two of the primary measures of a TCP
connection. Because mobile data flows across both a mobile and a fixed network
each with different characteristics, it is not always appropriate to treat the two
connections identically. For example, traditionally in TCP networks, packet loss
indicates network congestion, and servers instruct clients to reduce data

2014 Senza Fili Consulting www.senzafiliconsulting.com

bandwidth, often by temporarily decreasing the TCP window size. Packet loss on
a wireless network, however, is more often due to RAN interference, and
reducing the window size simply bloats the amount of header information sent
without decreasing packet loss.
An intelligent layer 4 networking device in the core that can see both the
internet and mobile sides of the connection is well located to decide when
congestion or interference causes packet loss. In this case, instead of decreasing
the window size, the device can ignore the missed packets, allowing the
application that requested the data to re-request the lost packets. Re-requests
that go back to the internet are exposed to the latency of the full path across the
mobile and internet networks. But when due to packet loss within the mobile
network, re-requests can be satisfied without taking the hop back to the
internet, generating much less of a latency penalty than re-requests on a typical
wired connection.
TCP optimization plays a central role in improving QoE where it is most needed:
in congested networks where traffic overload frequently reduces the efficient
use of limited RAN resources, and where the high number of active subscribers
makes high QoE and RAN efficiency a top priority for operators. By keeping
latency down, for instance, operators not only give their subscribers a better
user experience for real-time applications with video or voice, they also reduce
the content that subscribers download but never access when they give up
waiting, and the number of content re-requests.


White paper From dumb pipes to smart services

5. Keeping ahead of changes in traffic type.

Let real-time context determine network use
Mobile subscribers do not use the same services consistently across time. This
leads to periods that require more or fewer servers of a particular type; for
example, live-streaming video of a major sporting event can greatly increase the
need for video compression servers. More gradual changes in how subscribers
use their mobile devices can shift use patterns across longer periods.
Short-term spikes threaten to disrupt subscribers experiences and lower their
satisfaction. Long-term changes require operators to continually reevaluate the
number and ratio of servers dedicated to each service, adding an ongoing
burden for operations. Intelligently coping with both these short- and long-term
trends, while protecting both QoE and revenue, is critical but difficult.
NFV is a cost-effective way to scale services in the core because the marginal
cost to deploy and maintain a given virtual service is minimal. But operators still
need to determine how many virtual servers to deploy. An integrated NFV

2014 Senza Fili Consulting www.senzafiliconsulting.com

solution with L4L7 networking devices enhances operators ability to

dynamically and intelligently spin-up and spin-down additional instances of
different services as needed. When operators wish to add new features or
services, they can do so more effectively, because these devices in an NFV
environment ensure that the available hardware provides capacity just to those
services that are required. Operators need to have sufficient virtual capacity
available, but do not need to actively manage the virtual topology.
By examining the traffic at various layers, an L4L7 proxy can detect, for
example, an increase in video traffic, and it can allocate new virtual video
compression servers to support this change in traffic pattern. This dynamic
strategy can lead to better QoE, giving users the best experience at all times
while also protecting revenue, and reducing capex and opex. Subscribers enjoy
rich experiences and operators build out only the scale truly required.


White paper From dumb pipes to smart services

6. Manage applications, not packets.

Leveraging the control plane with Diameter to improve QoE and drive revenue
As operators seek to avoid competing merely on the price of providing dumb
pipes, they need to be able to apply policy consistently and flexibly across their
network, tying policy enforcement to real-time context. As long as policy is
largely limited to basic rules, for instance to enforce traffic caps and bandwidth
throttling, information about traffic type or application used is of limited
relevance. In this case, the operator serves a request from a mobile device in the
same way, regardless of whether it is video or web browsing or whether the
network is at capacity or not, as long as the request falls within the subscriber
Advanced policy and context are fundamentally dependent on services and
applications. Operators may decide to treat video and browsing data flows
differently across the network, or at different times and locations, or for
different subscribers. They may decide to add advertisements to video content,
but not during voice calls. They may charge more for on-demand services during
peak time, or allow some free data access during off-peak time. They may
provide free data access to some applications (e.g., Spotify to users who pay a
premium for the application) or in exchange for advertisement insertions. OTTs
may decide to cover some or all of the access charges that a subscriber incurs
while using their services.
These are just a few examples of a new generation of services that operators
have started to roll out as policy control and enforcement have become more
powerful and more widely embraced by mobile operators. One common feature
of these new services is that their definition is intrinsically tied to applications,
services and traffic types. To support these services, operators have to treat
mobile data traffic differently depending on the associated application. If they
continue to manage traffic at the packet level, they risk weakening their ability

2014 Senza Fili Consulting www.senzafiliconsulting.com

to provide a consistent service or introducing unintended inefficiencies in their

Managing signaling traffic on the basis of its association to an application allows
operators to leverage advanced policy and context, and it is an approach that is
specifically advantageous in a mobile environment. Basic routing of control
plane traffic lowers the complexity and keeps the latency low, but also increases
the volume of signaling. In turn, this can lead to signaling floods that can cause
end-to-end network disruption, or to a wasteful use of network resources when
messages are forwarded unnecessarily.
Adding L4L7 intelligence to the processing of signaling traffic enables operators
to steer signaling traffic as required, improving both the QoE and the utilization
of network resources. In addition, operators can recognize unusual traffic
patterns and use this information to prevent signaling floods, and keep
unnecessary signaling at a minimum.
With L4L7 control data management or dynamic routing of Diameter traffic
the network can collate multiple sources of information (DNS, MSISDN, QoS,
location, rating, policy). This allows context-driven handling of signaling
messages, selectively directing them to the required resources, using loadbalancing session binding within Diameter and across protocols (e.g., Diameter,
and HTTP or SIP). As a result, dynamic routing paves the way to the optimization
of network resource use, topology hiding, and network overload protection. For
example, traffic routing at L4L7 directs traffic to the relevant OCS server and
does so consistently through a voice or data session, as dictated by policy or
context, to enable consistent real-time charging that is required for add-on,
occasional or prepaid services.


White paper From dumb pipes to smart services

With VoLTE, context-awareness becomes even more important. With the
introduction of VoLTE, voice becomes a data application managed within the
same IP-based framework as all other data applications. Yet voice has to be
treated differently i.e., it has to receive priority over other traffic for
operators to maintain the level of performance that subscribers expect and are
accustomed to. To ensure that calls can be initiated and received at all times,
and that sufficient network resources are allocated as needed, VoLTE services
generate levels of signaling activity that are substantially higher than other data
applications, especially because of the need to integrate VoLTE-related signaling
with the IMS within LTE networks.

more complex to implement for voice than for data traffic because of the
specific requirements of voice services. In addition to the simple management of
voice calls, managing VoLTE traffic entails the ability to support session
management, binding and control across protocols, to enable voice services
across multiple network interfaces, and during roaming and mobility scenarios.

A context-aware, intelligent signaling management element can control and

interface the IMS network for voice, video calls and other services. This is
required to ensure that all traffic related to the session is routed to the same
PCRF and OCS element for resource optimization, service consistency and
charging accuracy. Using network-wide session binding capabilities, the element
can match IMSI subscriber identity to framed-IP addresses over the Gx, Rx and
Gy interfaces, and keep and share state to achieve a highly scalable and
distributed deployment to cope with VoLTEs complex signaling requirements.

For instance, an operator may offer a family plan with combined or separate
application-based services. This might be a plan in which only some of the
participants have parental control enabled, or only some have specific services
(e.g., unlimited voice, unlimited Facebook access, or roaming enabled), but the
overall traffic allowance is shared among participants (i.e., 10 GB/month for the
family plan, without individual allocations). Or a subscriber may decide to have
video compressed when using the smartphone but not when using a tablet or a
laptop, or not during off-peak hours if traffic at that time is charged at a lower

The adoption of context-aware, application-based signaling strengthens mobile

operators ability to support more complex service offerings especially as they
combine multiple policy instantiations that may require sessions to be bound
together, or not, depending on contextual information.

A context-aware approach is a key enabler for voice services, because it provides

richer voice services and consistency across voice and data services, but it is

2014 Senza Fili Consulting www.senzafiliconsulting.com


7. Protecting the user, the network, and the applications.

Establishing a multilayer defense
The network infrastructure owned by operators is their most important asset.
Subscriber retention and satisfaction crucially depends on network reliability and
availability. Network security is more vulnerable in LTE than in legacy networks, and
mobile networks offer an attractive and obvious target. Even a partly successful
attack on their infrastructure (or even nonmalicious, unintentional network
disruption that may be caused by a faulty application update or software upgrade)
can affect trust and reputation.
Mobile clients are a dangerous vector of attack, due to the sheer number of devices,
device types and protocols. An L4L7 networking device in the mobile core can
detect anomalies in data traffic that may indicate malicious or disruptive activity at
all layers (network, session and application), and ensure that attacks are detected
and isolated as early as possible (see table on the right).
What happens during a SYN flood, a common type of attack against mobile
networks, illustrates the relevance of the L4L7 intelligence. TCP connections from a
client to a server begin with the client sending a particular message (SYN), which the
server acknowledges via a SYN ACK response, which the client then completes with
its own ACK. Until the final ACK is received, the server waits (for a particular period),
holding the connection open. In a SYN flood, a malicious client issues multiple SYN
requests but ignores the SYN ACK sent by the server, never responding with its own
ACK. This causes the server to keep multiple connections open indefinitely, as the
server waits for the ACKs. This will eventually cause the server to run out of
connections to use for valid requests. Because an L4L7 proxy in the core has
independent TCP connections to the UE and to the internet, it can detect and then
block rogue requests from reaching upstream servers.

2014 Senza Fili Consulting www.senzafiliconsulting.com

Defending against network attacks by

leveraging L4L7 intelligence
SYN attacks. L4L7 proxies can detect malicious clients that leave half-open
connections unacknowledged, and it can prevent those clients from
targeting servers upstream
IP port scan attacks. L4L7 proxies can guard against clients that probe large
ranges of addresses and ports, hoping to find unpatched or otherwise
vulnerable servers. This makes it more difficult for attackers to find and
exploit vulnerabilities of servers within the operators network
DNS floods. L4L7 networking devices can inspect traffic and because they
can understand the full protocols, such as UDP detect that clients are
issuing large numbers of queries that overwhelm DNS servers or attempt
other well-known attacks on the DNS system. By isolating the clients from a
direct connection to the DNS servers, they can stop the attacks early
SQL injection. Because L4L7 networking devices can process applicationlevel messages, they can look for HTTP-based attacks, such as those in which
crafted SQL statements are submitted to a web server by a malicious client
to take advantage of a vulnerability in the web application running on a
URL filtering. Preventing access to unsafe internet sites protects subscriber
devices from becoming attack targets and launch platforms for further


8. Conclusions.
Manage applications, not packets, to improve subscriber experience
Network infrastructure continues to expand in complexity and in the scale of traffic handled on both the user and control planes. The evolution in hardware solutions
has yielded large improvements by optimizing the lower, media layers of the stack e.g., by moving to hardware routers that minimize latency and other simple
metrics that measure the raw ability of the UE to reach the internet.
However, the growing volume and complexity of data and signaling traffic have started to limit the benefits of optimizing basic IP routing at L1 and L2, and to add
inefficiencies in the use of network resources. As a result, mobile operators can no longer keep up with capacity and QoE requirements without significant increases in
capex and opex.
Managing data and signaling traffic with L1L3 IP routing devices is turning mobile networks into commodities. Once the media layers are fully optimized, networks
will behave similarly, given a similar investment in infrastructure. To make further improvements both in terms of QoE and revenue generation operators need to
look farther up the stack, and seek optimization at the higher layers. With access to granular context-based information from the transport layer to the application
layer, L4L7 networking devices enable operators to take advantage of much richer and more relevant information. As a result, operators can make dynamic policy
decisions, route sessions intelligently, allocate additional capacity for various services as needed, and maximize the utilization of their networks. They can direct their
efforts to launching and supporting innovative services on their networks, rather than on simply competing to provide the fastest processing of data packets, which
does not necessarily provide the best user experience. An L4L7 networking device unavoidably adds another hop, but intelligent, dynamic and context-driven routing
decisions deliver QoE and efficiency improvements that greatly outweigh the cost of the extra processing step.
By dynamically adjusting to the user, conditions and content, L4L7 networking devices may reduce end-to-end latency the type of latency that subscribers
experience. By preventing unnecessary steps (e.g., by sending traffic to the video optimizer only when it makes sense for both the user and the operator to compress
video) and by optimizing the TCP connections separately on the mobile and internet sides, L4L7 networking devices may improve QoE. A better subscriber
experience an end-to-end experience that is faster and more reliable, whether for viewing web pages, streaming video, or playing games and the ability to support
efficient use of network resources are the foundation needed for operators to successfully launch, support and monetize a new generation of services.

2014 Senza Fili Consulting www.senzafiliconsulting.com



Domain name system
Hypertext transfer protocol
International mobile subscriber identity
Integrated services digital network
Internet protocol
[OSI] layer 1
[OSI] layer 2
[OSI] layer 3
[OSI] layer 4
[OSI] layer 7
Logical link control
Long term evolution
Media access control
Mobile subscriber ISDN number

2014 Senza Fili Consulting www.senzafiliconsulting.com


Network functions virtualization

Online charging system
Open Systems Interconnection
Over the top
Policy and charging rules function
Quality of experience
Quality of service
Radio access network
Session initiation protocol
Structured query language
Transmission Control Protocol
User Datagram Protocol
User equipment
Voice over LTE


About Senza Fili

Senza Fili provides advisory support on wireless data technologies and services. At Senza Fili we have in-depth expertise in financial
modelling, market forecasts and research, white paper preparation, business plan support, RFP preparation and management, due
diligence, and training. Our client base is international and spans the entire value chain: clients include wireline, fixed wireless, and
mobile operators, enterprises and other vertical players, vendors, system integrators, investors, regulators, and industry associations. We
provide a bridge between technologies and services, helping our clients assess established and emerging technologies, leverage these
technologies to support new or existing services, and build solid, profitable business models. Independent advice, a strong quantitative
orientation, and an international perspective are the hallmarks of our work. For additional information, visit www.senzafiliconsulting.com
or contact us at info@senzafiliconsulting.com or +1 425 657 4991.

About the author

Monica Paolini, PhD, is the founder and president of Senza Fili. She is an expert in wireless technologies and has helped clients worldwide
to understand technology and customer requirements, evaluate business plan opportunities, market their services and products, and
estimate the market size and revenue opportunity of new and established wireless technologies. She has frequently been invited to give
presentations at conferences and has written several reports and articles on wireless broadband technologies. She has a PhD in cognitive
science from the University of California, San Diego (US), an MBA from the University of Oxford (UK), and a BA/MA in philosophy from
the University of Bologna (Italy). She can be contacted at monica.paolini@senzafiliconsulting.com.

2014 Senza Fili Consulting, LLC. All rights reserved. This white paper was prepared on behalf of F5 Networks Inc. The views and statements expressed in this document are those of Senza Fili Consulting LLC, and
they should not be inferred to reflect the position of F5 Networks. The document can be distributed only in its integral form and acknowledging the source. No selection of this material may be copied,
photocopied, or duplicated in any form or by any means, or redistributed without express written permission from Senza Fili Consulting. While the document is based upon information that we consider accurate
and reliable, Senza Fili Consulting makes no warranty, express or implied, as to the accuracy of the information in this document. Senza Fili Consulting assumes no liability for any damage or loss arising from
reliance on this information. Trademarks mentioned in this document are property of their respective owners. Cover page photo by Chones/Shutterstock.


F5 Service Provider Portfolio:

Intelligent Layer 4-7 Network Solutions
Delivering Smart Services
F5 is dedicated to enabling fixed and mobile service providers to leverage next

messages for network management, scale, and optimization. As the markets

generation networks to provide a superior customer experience. Intelligent L4-

most mature Diameter solution, the SDC consolidates a Diameter Routing Agent

L7 network devices play a primary role in our approach in solution design for

(DRA), a Diameter Edge Agent (DEA), a Diameter load balancer, and a Diameter

service providers to stay on top of the telecom value chain for subscribers. These

gateway and translation (including interworking function (IWF)) on a single

technologies allows service providers to maintain high quality of experience,

platform. Operators benefit from context-aware intelligent routing, reliable load

network performance, while expanding their service and product offerings in a

balancing, and flexible, seamless connectivity for fast to market roaming

customized fashion to specific audiences.

solutions and many other use cases such as OCS optimization.

Here are some examples of F5 solutions:

Intelligent Traffic Management and Policy Enforcement Solutions

Diameter Signaling Management Solutions

F5 offers intelligent traffic management solutions on a unified platform that

Diameter signaling messages serve as an excellent source of information on

simplifies delivery of network services such as dynamic service chaining. Using

network operations and subscribers, which when extrapolated, may be used to

context and subscriber aware technology, BIG-IP Policy Enforcement

differentiate service offerings and improve the customer experience. F5s

Manager (PEM) offers a full proxy architecture and rich IP capabilities for

industry-leading Diameter Traffix Signaling Delivery Controller (SDC) solution

critical traffic visibility and analytics and sophisticated traffic steering capabilities,

gives operators the required network visibility into the control plane. It routes

including the ability to inspect and route traffic based on data type and

Diameter messages according to an unlimited combination of AVP values for

subscribers profiles. By leveraging this intelligent information, PEM enables

optimal routing flexibility. It uses the granular information found in Diameter


operators to implement bandwidth controls per subscriber or application, along

enhancement and simplification of network security in the increasingly

with dynamic traffic steering that simplifies delivery of network services.

threatening landscape, with a common platform to deliver applications and

DNS Services to Manage Network Growth

improve responsiveness. F5 security solutions offer a stateful, full-proxy network

F5 offers comprehensive control and data plane solutions that optimize,

intelligently scale, and securely manage messaging interfaces such as RADIUS,
DNS, and SIP. F5 BIG-IP Global Traffic Manager (GTM) is our DNS solution for
service providers to optimize their LDNS, Auth. DNS, and Infrastructure DNS and
deliver a higher subscriber quality of experience, resulting in increased revenues
and reduced churn. BIG-IP delivers a high performance DNS authoritative
solution scaling to surpass demand and securing your DNS infrastructure from

firewall with unparalleled session scale, throughput, and connections per

second, and defend against DDoS attacks across all layers including network,
session, and application, including SYN floods and IP sweep attacks, and DNS
floods. The F5 Application Security Manager enhances security for applications
by providing comprehensive web security and L7 DDoS protection.
In a roaming scenario, the SDCs Diameter edge agent (DEA) provides secure
connectivity, protecting the network from connectivity with roaming partners.

distributed denial-of-service (DDoS) attacks. With destination geolocation,

SDN and NFV Solutions

operators route traffic differently depending on where subscribers are in

F5 solutions provide service providers with the ability to move to software-

relationship with core network resources, or use locally cached content. GTM

defined networking (SDN) and Network Function Virtualization (NFV)

delivers faster DNS responses, provides optimized access to mobile services, and

architectures. F5 products are available across a variety of platforms, from highly

enables an enhanced subscriber experience.

scalable physical devices with virtualization options to virtual editions, ready-to-

Application Delivery Firewall Security Solutions

run F5 solutions on all major hypervisors. The flexible and programmatic F5 APIs

F5 offers integrated, high-performance ICSA certified security solutions, such as

the F5 Advanced Firewall Manager that protects the entire network
infrastructure, and scales to perform under the most demanding conditions.
Operators benefit from the solutions intelligence and flexibility for

give service providers the tools to tie F5 solutions into virtualization

management and orchestration systems for an agile and dynamic network. This
includes the ability to monitor service utilization, proactively add resources as
demand increases, and de-provision resources when demand decreases.


About F5
F5 (NASDAQ: FFIV) provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, and software defined networking (SDN)
deployments to successfully deliver applications to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich
partner ecosystem of leading technology and data center orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs
over time. The worlds largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends.
For more information, go to f5.com.

For more information on F5 solutions for communications service providers, visit the Service Provider section of f5.com or contact: info@f5.com
F5 Networks, Inc.

F5 Networks

F5 Networks

Corporate Headquarters


Japan K.K.




F5 Networks, Inc.

F5 Networks Ltd.

401 Elliott Avenue West,


Seattle, WA 98119


2014 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any
other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.