From the July 2008 edition of The Basestation e-Newsletter
ATCA Support of Wireless Flow-Based Routing – the NGN Wireless “God-Box”?
An article by Karl Wale, Director, Product Line Management, Continuous Computing
INTRODUCTION
The evolution of wireless access is a much-discussed subject. The impact and schedule of Long Term Evolution (LTE), the adoption of femtocells for in-building access, and how WiMAX, Unlicensed Mobile Access (UMA), and LTE will eventually play out are all dominating the agendas of industry watchers. Equally clear is that data-driven services are becoming much more popular with many operators providing an “always connected” service at a reasonable price, at least within the home region. What is discussed less often, however, is the infrastructure impact of these multiple access technologies and services plans and how the core network will need to evolve to remain efficient and cost effective.
The traditional wireless core network is a tightly coupled group of entities with full end-to-end security managed by a single network operator. Security and access control are inherent, spanning from the end-user subscriber identity module (SIM) card all the way through to the gateway GPRS support node (GGSN). Voice services are the predominant traffic and these are effectively managed for quality of service (QoS) and billing by the mobile switching center (MSC), home / visitor location register (HLR/VLR), and related billing servers and SS7 signaling systems (see Figure 1).
Figure 1. WCDMA (3G) network diagram
This relatively simple network topology, however, soon starts to look different once the migration to a next generation network (NGN) begins. In the future, the NGN core network needs to evolve with respect to four major areas:
- Security and authentication
- QoS and traffic management
- Effective and efficient content delivery
- Service management and billing
These functions will need to be provided at the edge of the network where the various access technologies are aggregated before entering the mobile core network. They also share some common implementation requirements. Specifically, they all require the network to understand the traffic being carried: who is the user, what type of traffic is involved, where it was originated, how much was carried, and so on. Deep packet inspection (DPI) techniques are required to dig down into each packet and extract this information and, based on the data, the network can allow, deny, or quarantine the flows – or even record specific parameters and data for law enforcement (e.g., CALEA), for instance.
The second aspect they have in common is a requirement to support this functionality at line rate with no delays. Critically, “line rate” for future networks will be significantly higher than line rate for today’s networks. LTE, WiMAX, and high speed packet access (HSPA) will significantly increase the air interface access speeds and, with mobile data usage and related services exploding, it is clear that line rate in the future could mean that these aggregation devices might start to see data rates of many tens of gigabits per second. In fact, companies such as Procera Networks are already developing DPI platforms supporting aggregate line rates of up to 80Gbps in a single shelf for wireless networks (see their PacketLogic PL10000 product announcement dated May 12, 2008).
Not only will these new network devices need to specifically address the four key requirements above, but it is also important to remember that these features will need to be supported in a single unified platform capable of being managed effectively within the network. Single fixed-function devices are possible but not desirable for many reasons due the limits they impose regarding scalability, interoperability, serviceability, and manageability. In fact, what operators really need is the wireless “god-box” – a do-it-all, scalable, interoperable, cost-effective system with a myriad of capabilities.
Rather than stand-alone single-function servers, bladed systems are much more appropriate for delivering this level of combined functionality. In particular, AdvancedTCA (ATCA) systems are ideal because they have superior inherent support for non-Ethernet-related connectivity. ATCA systems can not only connect to the latest IP-centric networks, but also integrate with systems using ATM, T1/E1, or STM-1 network interfaces. In contrast, proprietary blade servers such as IBM’s BladeCenter or HP’s BladeSystem typically don’t deliver a full suite of network connectivity options due their mechanical design constraints.
Traditional routers manage traffic on a packet-by-packet basis and store little or no state or session information. Unfortunately, this method of handling packets is not appropriate for these wireless aggregation devices, meaning that stateful flow-based routing is becoming much more important. Specifically, within these platforms it is important that flows are recognized and handled in a consistent manner to ensure all sessions are routed to the same processing entity – or at a minimum ensure that ingress or egress paths are handled by the same server and some level of association is established between them. To achieve this objective requires that all aspects of the platform be aware of the flows and use load balancing techniques to ensure that flows are effectively managed across each of the processing elements.
The diagram below (Figure 2) shows a typical ATCA system and how it can be used to host a wireless edge application. In this example, it is assumed that the device resides in-line with the network traffic; in other words, it is essentially invisible to the users and servers connected to it, and the service it provides to the network is transparent to them. This is termed a “bump-in-the-wire” device and typically these devices can provide aggregation, security, billing, or traffic management functions – or, as stated above, a combination of all of them.
Figure 2. Sample ATCA wireless aggregation platform
Within an ATCA system, the ingress & egress paths are centralized on dual redundant switch blades to deliver high availability (i.e., 99.999% uptime). These dual redundant switch blades are connected over the backplane fabric to the payload blades. Should one unit fail, the second one will assume the active role and continue routing traffic and load balancing flows with zero service interruption.
Payload blades support specific processing functions. For example, general purpose x86 blades are used to support signaling traffic, system management, or a range of security processing functions. They are also used for some types of security including firewall, anti-virus, anti-spam, etc., as this class of software is readily available for these types of processors from multiple vendors.
The DPI line cards provide line rate processing of flows using “fast path” functions. They perform functions such as GPRS Tunneling Protocol (GTP) tunneling, encryption (IPSec or SNOW 3G), as well as routing, forwarding, and load balancing of flows. The DPI line cards also provide intrusion detection / prevention (IDS/IPS) and denial of service (DoS) protection as these types of attacks require an awareness of the flows and traffic patterns.
Load balancing of flows within this system takes place at three points:
- At the ATCA switch to determine to which server or DPI blade to route the flow (Fig. 3)
- On the payload card switch to determine which processor to use (Fig. 4)
- On the processor to determine to which thread to forward the flow (Fig. 5)
Figure 3. ATCA switch can load balance across payload blades
At the switch, devices such as the Fulcrum FM4000 series used on the Continuous Computing FlexCore ATCA-FM40 base / fabric switch blade illustrate how the role of switching silicon is progressing. This commercially available device delivers many of the advanced functions only previous found in specialized processors or proprietary solutions. In particular, the Layer 3 / 4 capabilities and advanced frame forwarding unit allows complex flows to be managed and supports inherent capabilities to improve QoS including class-based pause on individual ports and latencies of less than 300ns for Layer 3 traffic. It also provides comprehensive access control list (ACL) capabilities which are commonly required in these types of applications. At this level the switch can make a decision to allow, deny, or quarantine the flow and route packets or drops packets as appropriate (see Figures 3 and 4).
Figure 4. Flows routed via payload card-based switch
It is also possible to go one step further when profiling and load balancing incoming traffic. In this scenario, all traffic is routed to a DPI line card which performs a finer granularity of analysis using not only 5-tuple information, but also looks to the payload to determine protocols used, integrity of those protocols, or other information. This technique can be used to enhance security or to support more advanced traffic management and load balancing techniques. Typically wireless platforms make extensive use of tunneling and this adds an additional requirement to de-tunnel packets before the payload information can be retrieved for processing. Although the switch can support a level of de-tunneling when packet lengths and depths are well-defined and consistent, for more complex de-tunneling of packets it is preferable to use a packet processor and associated algorithms to extract the payload information (see Figure 5).
Figure 5. Packet processor-based functions
Whichever technique is used, the flows ultimately pass through a payload processor for further analysis and processing – and it is here where there is perhaps one of the best illustrations of how the market dynamics are changing. Previously, customers required suppliers to deliver the hardware platform together with the operating system, leaving the customer to focus on developing the application in its entirety. Today, however, there are many more requirements for a blended solution with pre-qualified software packages. These requirements range from Layer 2 / 3 functions ported and optimized for a specific line card, to advanced DPI software suites and security software. Examples include fast path and control plane modules from companies such as 6WIND, and DPI application software from companies such as Qosmos. Going forward, pre-integrated solutions for firewalls, IDS/IPS, and other threat management software will also be required.
Drilling down into the wireless domain, the pre-integration and optimization of wireless protocols for these new classes of processors remain critical to reduce time to market and increase performance (or, more specifically, reduce cost per user). The Trillium range of wireless protocol software from Continuous Computing is an example of where the protocols, including LTE core network protocols, are being optimized for new multi-core and multi-threaded processing environments and pre-integrated with high availability middleware. In addition, the platforms are provided with pre-defined load balancing application notes and configurations which can be configured to suit specific network requirements.
On a final note, with regard to the development of wireless aggregation and edge devices, there is an emerging need for mass storage at the edge. As data services increase in demand, one specific solution being promoted is the caching of content at the edge of the network. In this context it is for supporting wireless services, but is also equally applicable to IPTV and other wireline services where edge content availability translates into higher customer satisfaction. The theory is that commonly-used content can be more cost-effectively located at the edge of the network, thereby reducing end-to-end bandwidth requirements and in so doing save significant amounts of infrastructure CapEx needed to build higher capacity networks. Figures of half to a full terabyte of storage in even the smallest edge aggregation devices are being discussed; certainly this is very feasible with ATCA because such solutions are already available and continue to be enhanced.
In summary, the evolution of the access network is progressing rapidly but it is important to understand that the core network will need considerable upgrades to support these changes at the edge. Volumes of core network devices are necessarily lower than access device volumes, and vendors and operators are looking for off-the-shelf solutions to deliver a core network capable of meeting both present and future demands. Fortunately the many members of the ATCA ecosystem have come together to create some incredible levels of capability and interoperability in this form factor, as evidenced by the growth of the Communications Platforms Trade Association (CP-TA) organization membership. ATCA is supported with an extensive range of pre-integrated system software, protocols, and specialized DPI applications to allow telecom equipment manufacturers to realize the next generation wireless “god box” to support femtocell, WiMAX, and LTE-based services and capabilities.
About The Author
Karl Wale is Director, Product Line Management at Continuous Computing
