Sighalihg Slorn Drivers Snarlphohe pehelralioh ahd always-oh applicaliohs Surges caused by exlerhal evehls (e.g. power oulages ahd nass reslarls or upgrades) Dehse snall cells deploynehls lhcrease ih revehue-geheralihg services (e.g., liers, loyally prograns, QoS, ahd value add) lnplicaliohs lo Operalors hhecessary applicalioh-based sighalihg besl cohlrolled by device or applicalioh chahges MML requires proleclioh agaihsl uhexpecled surges lhal cah show ball ihlo olher core conpohehls Role ol Securily Caleway Slralegic localioh ehables ihspeclioh ol cohlrol plahe ldehlily ahd nahage suspicious or uhexpecled high lrallic llows Take correclive aclioh, per operalor policy
Mulliple Sighalihg Drivers Higher snarlphohe pehelralioh wilh users nakihg cohlihuous queries lo lhe helwork lo access social nedia siles, enail, ahd ihslahl nessagihg, coupled wilh lhe nassive hunbers ol applicaliohs lhal require cohslahl syhchrohizalioh wilh lhe helwork have led lo a sighilicahl ihcrease ih sighalihg lrallic ih bolh 3C ahd LTL helworks. hexpecled sighalihg spikes, ihilialed by poorly cohligured, over-lhe- lop applicaliohs, nalicious hackers, or localized oulages, have beeh khowh lo overload helworks elenehls so nuch as lo cause large-scale helwork oulages. Fihally, hew operalor-provided, revehue-geheralihg services require ihcreased ihleraclioh wilh chargihg ahd policy luhcliohs wilhih lhe core helwork ahd anplily lhe sighalihg load. High sighalihg lrallic loads ahd uhexpecled surges inpacl nulliple ihlerlaces ih LTL helworks, bul LTEs flatter network architecture (without an RNC) exposes lhe Mobilily Mahagenehl Lhlily (MML) ahd naghilies lhe inpacl ol ahy ihlerruplioh ol MML service. Wilh nulliple drivers ol LTL sighalihg lrallic ahd escalalihg growlh ih snarlphohes ahd applicaliohs, sighalihg capacily has becone a crilical cohsideralioh wheh dinehsiohihg MMLs ahd olher core elenehls.
!"#$%& () *"#+,-"+# #%./01 "23,405 2$-0"3-& "+0&%6,4&5) This paper discusses lhe prinary drivers ol LTL sighalihg growlh, lhe inpacls oh each helwork bouhdary, ahd idehlilies slralegies lo niligale lhreals lo lhe MML lron excessive or ihappropriale sighalihg.
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 2
On average, one million smart phone subscribers can generate 31,000 transactions per second during the busy hour almost 450,000 individual messages in total, between RAN, MME, Serving Gateway (SGW), and Packet Gateway (PGW)."
The Progressive lnpacl ol Subscriber Trahsacliohs A sihgle subscriber lrahsaclioh creales nulliple sighalihg nessages. Subscriber lrahsacliohs ihclude subscriber-ihilialed evehls such as novenehl belweeh cell siles or helworks, receivihg a call or nessage, chahgihg helwork access, requeslihg ah operalor service, ahd applicalioh ihilialed evehls such as syhcihg wilh a hosl server. Trahsacliohs origihale lron lhe RAN or lhe helwork, are processed by lhe MML lirsl, which lheh ihiliales nulliple nessages belweeh olher core elenehls.
!"#$%& 7) 89&%,#& 2&55,#& "23,40 .6 , 5"+#-& 5$:54%":&% 0%,+5,40".+) As illuslraled ih Figure 2, lhe MML bears lhe bruhl ol lhe sighalihg load ahd is exposed lo as nuch as live lines nore sighalihg lhah olher galeways. Over-lhe-Top Applicaliohs Challihess elweeh lhe user equipnehl (L) ahd lhe RAN, lhe naih sources ol higher signaling are the periodic keep alive nessages lhal are sehl by lhe always-oh apps ih order lo naihlaih lheir helwork cohheclioh ahd lhe cohslahl push holilicalioh lron lhe applicalioh servers. Accordihg lo ahalysls, lhe challiesl applicaliohs cah geherale as nahy as 2,400 sighalihg evehls per hour. 1
ll lhe device is ih ah idle slale, each line ah applicalioh ihiliales a nessage wilh ils servers, lhe device nusl lrahsilioh lo ah aclive slale ahd recohhecl lo lhe helwork lhrough a requesl/release lrahsaclioh, cohsislihg ol belweeh 11-19 ihdividual nessages. Cohversely, wheh lhe applicalioh server heeds lo sehd a nessage lo lhe device (e.g. holilicalioh ol a social nedia updale), lhe helwork ihiliales a service pagihg requesl lo locale lhe device belore lhe servihg galeway cah deliver lhe dala. This pagihg requesl, plus lhe lrahsilioh belweeh idle ahd aclive slales requires up lo 29 ihdividual sighalihg nessages per lrahsaclioh. Oh average, ohe nillioh snarl phohe subscribers cah geherale 31,000 lrahsacliohs per secohd durihg lhe busy hour alnosl 450,000 ihdividual nessages ih lolal inpaclihg lhe MML, Servihg Caleway (SCW), ahd Packel Caleway (PCW). 2
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 3
While operators can provision the MME for predictable peak loads, allowing for high growth headroom, application growth is difficult to predict accurately and can change quickly. In addition, other external events pose threats that are totally outside the operator control."
;&<$4"+# 833-"4,0".+ *"#+,-"+# Lxcessive applicalioh driveh sighalihg cah be sighilicahlly reduced by addressihg lhe problen al lhe device (keep alive nessages) ahd al lhe applicalioh servers (push service). Several device chipsel ahd policy vehdors are workihg al largelihg backgrouhd apps sighalihg, while core vehdors are workihg oh largelihg push services by nohilorihg ahd aggregalihg nulliple applicalioh cohheclioh allenpls. Core-lo-Core Drivers (Dianeler) Dianeler is lhe lahguage lhal lhe lhlerhel prolocol (lP) resources ih lhe LTL operator core use to exchange information thats vital to managing and nohelizihg nobile dala services. Dianeler sighalihg is driveh by lhe growlh ol persohalized ahd revehue producihg services operalor preniun applicaliohs, nore sophislicaled ahd persohalized dala plahs, conplex policy use cases ahd roanihg all ol which require ihleraclioh wilh dillerehl luhcliohs wilhih lhe core helwork. lhduslry slahdard bodies have delihed nore lhah 85 Dianeler ihlerlaces ih 3C, lhlerhel prolocol nullinedia subsyslen (lMS) ahd LTL helworks, wilh lhe najorily occurrihg belweeh lhe MML or PCW ahd lhe policy cohlrol syslens (PCRF), subscriber dalabases (HSS) ahd ohlihe/olllihe chargihg syslens (OCS/OFCS). =,+,#"+# >",2&0&% *"#+,- ?%./01 Dianeler roulihg agehls (DRA) ahd cohlrollers are lhe prinary nechahisns available lo operalors lo nahage dianeler sighal growlh. RAN-lo-MML Sighalihg Poor MML perlornahce cah degrade lhe service lor a large hunber ol users. The MML is lhe lirsl core elenehl lo receive RAN-origihaled sighalihg, ahd cohlrols lhe sighalihg llow ihlo all olher core elenehls, so il is especially inporlahl lo prolecl il agaihsl sighalihg excesses or ahonalies. While operalors cah provisioh lhe MML lor prediclable peak loads, allowihg lor high growlh headroon, applicalioh growlh is dillicull lo predicl accuralely ahd cah chahge quickly. lh addilioh, olher exlerhal evehls pose lhreals lhal are lolally oulside lhe operalor cohlrol. Operalors nusl lake addiliohal sleps lo prolecl lheir core helwork while avoidihg coslly, over-provisiohihg ol MML ahd olher core elenehl capacily. *"#+,-"+# *3"@&5 Lxlerhal evehls cah cause uhexpecled sighalihg spikes. Oulages cah occur as overwhelned helwork hodes cahhol process lhe ihconihg lrallic load ahd lurlher dehy service lo a larger parl ol lhe helwork. Lxlerhal evehls ihclude. Power oulages lhal cause a large hunber ol eNodes or devices lo sinullaheously requesl recohheclioh lo lhe helwork.
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 4
SeGWs role has started to expand beyond security. It protects the network against sudden and unexpected surges in signaling and user data traffic, whether the result of malicious attack, configuration error, or spikes in subscriber activity."
Faully snarlphohe applicaliohs lhal are quickly adopled ahd geherale excessive quahlilies ol aclive/idle lrahsiliohs. Malicious allacks ih which ah uhkhowh source ihlehliohally allers nessages ahd/or slales lo gaih access lo or disrupl a helwork. These lypes ol evehls creale a dehial-ol-service (DoS) allack, where lhe helwork is llooded wilh so nahy packels ol dala lhal il becones dillicull or inpossible lo be reached lor legilinale lrallic. Lveh il lhe MML (or olher LPC elenehl) renaihs operaliohal, lhe overload ol lrallic resulls ih lhe helwork beihg all bul uhusable. *2,-- A&-- B+9"%.+2&+05 Mobilily sighalihg lron closely localed snall cell deploynehls will lurlher ihcrease sighalihg load oh lhe MML ahd olher galeways. lh nacro cell ehvirohnehls, a nobilily/hahdover sighalihg would occur wheh a devices passes belweeh cell siles ih order lo ehsure lhal lhe call or sessioh is hol dropped. Wilh snall cells, eveh pedeslriah novenehl cah ihiliale hahdover, as subscribers walk arouhd a shoppihg nall or school conplex. As illuslraled ih Figure 3, as lhe radius ol lhe cell sile gels snaller (as would be expecled wilh snall cell deploynehls), lhe sighalihg load lo lhe MML proporliohalely ihcreases.
!"#$%& C) *2,-- 4&-- <&+5"0D "+4%&,5&5 ==B 2&55,#& -.,<) C
E%.0&40"+# 01& ==B 01& F"<&+"+# ;.-& .6 01& *&4$%"0D ?,0&/,D The 3CPP delihes lhe securily galeway luhclioh (SeCW) lo lernihale lPsec luhhels lor cohlrol ahd user plahe belweeh lhe MML ahd RAN 4 . Logically localed ih lrohl ol lhe MML, lasked wilh lhe role ihspeclihg ahd decryplihg lrallic lron lhe RAN, lhe SeCW cah also provide inporlahl luhcliohs lo lurlher prolecl lhe MML lron excessive or nalicious sighalihg. SeGWs role has started to expand beyond security. It protects the +&0/.%@ ,#,"+50 5$<<&+ ,+< $+&G3&40&< 5$%#&5 "+ 5"#+,-"+# ,+< $5&% <,0, 0%,66"4H /1&01&% 01& %&5$-0 .6 2,-"4".$5 ,00,4@H 4.+6"#$%,0".+ &%%.%H .% 53"@&5 "+ 5$:54%":&% ,40"9"0DI1& &<#& .6 !""" #"" $"" %"" &"" '"" !"" ()** ,-.) /01-23 45).)637 889 8)330:)3 ;)6 ,)<=>1
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 5
% F*+%)L=)L')!& 3!)=&'=%), %, MEI L The widening role of the security gateway, Monica Paolini, Senza Fili Consulting.
Given the high service impact of even an improbable signaling surge, operators need to carefully evaluate all signaling drivers at each of the potential network boundaries and interfaces, and implement solutions for preventing service impacting overload."
01& 4.%& "5 ,+ "<&,- 3-,4& 0. 2.+"0.% "+4.2"+# 0%,66"4 6%.2 01& ;8J ,+< 0. "<&+0"6D ,+< 2,+,#& 5$53"4".$5 .% $+&G3&40&<-D 1"#1 0%,66"4 flowsthat may disrupt network access and service availability. =.+"4, E,.-"+"H 8+,-D50H *&+K, !"-" A.+5$-0"+# L
Sloke Solulioh lor lhe Mobile Access order The Sloke Securily eXchahge wilh Mobile order Agehl exlehds beyohd lhe 3CPP securily galeway delihilioh ahd ihcludes expahded luhcliohalily lo prolecl, oplinize ahd ehhahce LTL core resources agaihsl overload evehls ahd allacks lhal cah paralyze core helwork resources.
!"#$%& M) I1& *0.@& *&4$%"0D &N41,+#&H /"01 =.:"-& O.%<&% 8#&+0H 3%.0&405 4.%& ,55&05) The solulioh cohlihually nohilors lhe sighalihg volune ahd lrahsacliohs slale lron lhe eNode lo assure proper ahd acceplable sighalihg levels ihlo lhe MML. ll lrallic volune exceeds operalor delihed lhresholds or policy, lhe solulioh cah lake aclioh lo shape lhe lrallic volune approprialely, lhus prevehlihg overload lo lhe MML lhal would lurlher overload olher helwork elenehls ahd polehlially cause a large-scale helwork oulage. lnplicaliohs lo Operalors As nobile operalors roll oul lheir helworks, lheir requirenehls lor perlornahce, securily, ahd lrallic load evolve. Durihg lhe lauhch ol lhe ihilial LTL helworks, operalor locus is oh basic luhcliohalily ahd reliabilily. Sighalihg capacily requirenehls nay be uhderslaled as subscriplioh hunbers are expecled lo be low. However ih lhe lasl couple ol years, several high prolile oulages ih early LTL helworks have beeh allribuled lo sighalihg slorns, provihg lhal lhe high hunber ol devices or lrallic volune ih ah LTL helwork are hol lhe drivihg laclors. Civeh lhe high service inpacl ol eveh ah inprobable sighalihg surge, operalors heed lo carelully evaluale all sighalihg requirenehls al each ol lhe helwork ihlerlaces ahd bouhdaries, cohsider lhe role ol a securily galeway ih proleclihg lhe MML, ahd inplenehl conprehehsive soluliohs lor prevehlihg service inpaclihg overload.