Every ten or so years since the late 1970s, the mobile industry has undergone a generational shift with each new generation delivering more bandwidth, better devices and more applications than its predecessor.
The early evolution of mobile networks was driven by the need to untether voice conversations from a fixed, hardwired location. 3G evolved as a data overlay to existing circuit-switched voice networks. 4G turned the tables by introducing an all-IP architecture, with VoLTE delivered as one of many IP services over a converged IP backbone (note that mobile operators currently are at various stages of VoLTE adoption -- most still use legacy circuits for voice communication).
The Evolution of Mobile Networks
With 5G however, there will be a paradigm shift in network architecture to enable services that are driven by cloud, mobile, social and data. Unlike its predecessors, 5G will not merely deliver incremental improvements in mobile broadband spectral efficiency, capacity, data rates and latency, but is expected to become a key enabler of the third platform
by delivering a true, next-generation network architecture from the ground up.
But even as LTE becomes mainstay and 5G begins to emerge, the demand side of the equation is fast outpacing supply. The accelerating growth of streaming content, social media and IoT is not only placing mobile networking infrastructure under increasing duress, but it's also posing scalability challenges for tools that monitor and analyze network traffic. And yet, mobile operators need to continue investing to expand both the number and scale of these monitoring and analytics tools, which aid with intrusion detection, service assurance, subscriber profiling, network planning, revenue growth and other use cases, to remain competitive in their markets.
The unfavorable economics and logistics of scaling the monitoring and analytics infrastructure gave rise to a new category of products known as network packet prokers (also referred to as a network monitoring switch or data monitoring switch), which in conjunction with traffic replication devices like network taps are referred to as a network visibility infrastructure.
Network visibility and analytics: a quick primer
A typical network visibility and analytics workflow, abstracted at the highest level, comprises the following steps:
- Report and Trigger
As traffic flows through this workflow, it progressively reduces in volume transforming from packets into metadata files (e.g., CSV) that can be processed by analytics tools.
The Network Visibility & Analytics Workflow
The Ingest process involves network taps (or port mirrors on Layer 2 or Layer 3 infrastructure), which replicate and feed network traffic to network packet brokers. Network packet brokers aggregate traffic from a multitude of collection points in the network, process flows per the individual needs of each monitoring application and deliver relevant flows to network probes (that "Digest" the traffic).
Network packet brokers come in different flavors -- aggregation packet brokers act as distributed collection points that aggregate traffic from different (regional or operational) segments of the network, often feeding into one or more core packet brokers. Core packet brokers have greater port-density, throughput and scale, and act as centralized traffic processing junctions which feed into the monitoring and analytics infrastructure.
Network packet brokers play a critical role in reducing the volume of traffic that monitoring and analytics tools need to process. For example, a video monitoring tool does not need visibility into non-video traffic. Without a network packet broker, the video monitoring tool (its probes, more specifically) will need to process all user-plane traffic, separate out and discard non-video traffic, and only then process video traffic. A network packet broker helps free up the 50% to 100% additional compute resources that would otherwise go into filtering out non-video traffic.
In addition, network packet brokers have evolved to offer value-added features like packet timestamping, protocol stripping, packet slicing, stateful traffic correlation and load-balancing, which further reduce compute load, improve productivity and lower the TCO of the analytics infrastructure.
The Digest process involves the use of network probes, which take in raw network traffic flows and translate them into metadata formats that a monitoring or analytics application can consume. Probes are generally protocol-aware, which enables them to decapsulate, de-tunnel and decode mobile bearer and control protocols to access underlying information. Probes also pre-process the metadata (e.g., to compute interface or protocol specific metrics and KPIs) and ease the compute burden on the analytics infrastructure.
The Analyze process involves processing inbound metadata from a multitude of network probes and generating insights that aid intrusion detection, congestion detection, region or location-based analytics, subscriber profiling, network planning, service assurance and a number of other initiatives.
Analytics can be near real-time for detecting network congestion or a distributed denial of service attack, or non-real-time for updating subscriber profiles based on usage patterns to target promotions.
Report and trigger
The final phase of the workflow involves visualizing analyzed information in intuitive, graphical formats at various levels of granularity. Increasingly, analytics is viewed not just as a passive toolkit to understand what goes on in the network, but also as an active mechanism to trigger real-time actions through service chains or policy enforcement feedback-loops with the network.
Network visibility and analytics: present mode of operations
Network visibility and analytics architectures for mobile operators today are hardware-centric, monolithic and inflexible. Deploying new features or capabilities typically involves purchasing new line-cards or specialized hardware appliances, and incurring additional costs for wiring, configuring and testing them, plus includes additional lead-time for shipping. As traffic continues to grow on an exponential trajectory, mobile operators need to continuously repeat this cumbersome and costly process to scale their network visibility and analytics infrastructure.
Network Visibility & Analytics: Present Mode of Operations
Also consider that network probes today are application specific, and come packaged together with the monitoring or analytics tool. Service providers deploying an intrusion detection application, a congestion management application and a subscriber profiling application, end up deploying three different sets of probes to support these applications. These probes may process the same incoming traffic and in similar ways, but today must be separate platforms due to tight coupling with the monitoring and analytics tools.
As you can see, it quickly becomes apparent that this mode of operation is ripe for disruption. But incumbent vendors are caught in the "Innovator's Dilemma" -- the legacy mode of operation serves them well.
However, the industry is shifting towards scalable, agile and software-based New IP network architectures -- not because it's nice to have but because that's the only way forward.
A new network visibility and analytics paradigm
At Brocade, we have a vision and strategy for the future of mobile networking -- one that enables mobile operators to innovate on their own terms with scalable, software and API-driven architectures not only for networking, but also for network visibility and analytics.
Network Visibility & Analytics: A Blueprint for Innovation
So, what does the new network visibility and analytics paradigm look like?
- It rethinks visibility and analytics architectures for the modern age of pervasive mobility, cloud computing, social media and big data.
- It brings programmability in real-time, delivering network visibility as an on-demand service for both real-time and non-real-time traffic analysis.
- It scales out dynamically, providing additional resources when traffic volume spikes but conserving resources when traffic volume drops.
- It allows capabilities to seamlessly transition from the mobile network to a private or public cloud, or in the reverse direction as the situation demands without disrupting dependent applications.
- It simplifies provisioning, configuration and maintenance with open standards-based SDN and NFV orchestration mechanisms and a single pane of glass for management.
Imagine an agile, programmable and scalable network visibility and analytics architecture where all the visibility and analytics functions become services that can be added on or removed on the fly. Where capabilities can be programmed in real-time and probing functions are decoupled from the analytics infrastructure, and are instead available as on-demand services. Where resources become elastic, legacy hardware gives way to software running on commodity hardware, infrastructure becomes dynamic and orchestration is automated with minimal human intervention.
Indeed, mobile networks are evolving to meet the growing demand for bandwidth from consumers and enterprises. As they embrace new standards and architectures, network visibility and analytics infrastructures need to evolve in tandem to ensure that networks are adequately secured, optimized and monetized, and customer experience remains positive. Existing hardware-centric network visibility and analytics approaches must give way to software-centric and hybrid architectures that are scalable, agile, programmable, and architected from the ground up for the Third Platform.
— Mukund Srigopal, product marketing manager, network visibility and analytics, Brocade, special to The New IP