Key Technologies and Architectures h l d A h for Next Generation - - PowerPoint PPT Presentation

h l d A h Key Technologies and Architectures for Next Generation Mobile Networks

Krishan K. Sabnani, SVP , Networking Research, Bell Labs August 27, 2007

The Network Evolution

Yesterday… … Today…

Volume of data traffic exceeds voice traffic

• Networks were designed to

carry voice traffic

• Data traffic mostly overlaid
• Networks are designed to

carry primarily data traffic

• V
• ice traffic overlaid on
• Data traffic mostly overlaid
• n voice networks (using

modems)

• V
• ice traffic overlaid on

data networks (e.g. V

• IP)

… Tomorrow…

Content traffic becomes dominant

• Future networks should be designed primarily for efficient content distribution

and content search/location Content distrib tion sho ld not onl be o erlaid b t b ilt in from gro nd p — Content distribution should not only be overlaid, but built in from ground up

• Future networks should also be able to effectively carry best-effort data traffic and

QoS-sensitive multimedia traffic

2 ACM MobiArch | Aug 27, 2007

BT’s Current UK Network

PSTN

PSTN

Leased lines

Copper

ATM

DSL KStream PDH access

IP

Fibre

SDH

SDH VC-12

access

PDH

access PDH access

MSH -SDH

SDH VC-4 PDH End U ~5.5k i ~2k ~300 i ~100 i ~15 i ~1k

3 ACM MobiArch | Aug 27, 2007

User sites sites sites sites sites sites

BT’s Simplified 21CN UK Network

Multi-service access Converged core Copper

Class 5 Call Server

IP-MPLS-WDM

DSL

Fibre &

WWW

Copper

Agg Box

Content ISP

Wireless Wireless

End ~5.5k ~100

4 ACM MobiArch | Aug 27, 2007

User sites sites

Tomorrow’s Converged Network

R di A

Enterprise Networks 3G Cellular Networks

Radio Controller Access Router

Networks

Quality

• f Service

( f i ) Edge Router

Al O

A

Next-Gen Metro N t k

(e.g. for voice) QoS-Enabled Services Enablement Layer

Always-On Global Roaming

Edge Access Router

Networks

Packet Core Network Edge Router Router

Home Networks

User Mobility

Network Intelligence

Router

Personalization

Access Router

4G/Mesh

Traffic Type (Multimedia)

5 ACM MobiArch | Aug 27, 2007

Enabling Technologies

• Future Telecom Networks will need secure, quality-enabled, high-

speed, and well-managed converged packet cores

• Bell Labs has several breakthrough programs to enable this change.

Here are three examples:

S f R A hi d l i h i d l i f d

• S
• ftRouter: A new architecture to deal with increased complexity of data

networking

• Base S

tation Router: An access router which terminates all radio network processing

• AWARE S

ystem for Wireless DDoS Defense

6 ACM MobiArch | Aug 27, 2007

Enabling Technologies

• Future Telecom Networks will need secure, quality-enabled, high-

speed, and well-managed converged packet cores

• Bell Labs has several breakthrough programs to enable this change.

Here are three examples:

S f R A hi d l i h i d l i f d

• S
• ftRouter: A new architecture to deal with increased complexity of data

networking

• Base S

tation Router: An access router which terminates all radio network processing

• AWARE S

ystem for Wireless DDoS Defense

7 ACM MobiArch | Aug 27, 2007

Routers Are Becoming Increasingly Complex

email WWW phone... SMTP HTTP RTP... TCP UDP

Complexity is an IP “ Middle-Age” problem!

IP provides end-to-end datagram delivery service to

TCP UDP… IP Ethernet PPP…

p g y protocols/ applications

IP can use any link-layer technology that delivers packets

CSMA async sonet... copper fiber radio...

Emerging Applications are driving more functions into IP

, expanding the “ waist” of the IP hour glass

email WWW phone

Router vendors incorporate all new IP functions into

routers C l it i d th h t th t k

email WWW phone... SMTP HTTP RTP... TCP UDP…

mobile mcast NAT

Complexity is spread throughout the network

Achieving network-wide obj ectives such as traffic

engineering requires complex translation of global

IP Ethernet PPP… CSMA async sonet...

IP

mobile mcast IPSec diff-serv

engineering requires complex translation of global

• bj ectives to configuration information in numerous

individual routers

Misconfiguration or uncoordinated configuration can

8 ACM MobiArch | Aug 27, 2007

copper fiber radio...

g g result in poor performance or even network instability

Solution: SoftRouter

Disaggregation of router hardware from software addresses this problem and has the potential for maj or additional advantages problem and has the potential for maj or additional advantages

Bell Labs has a research program that disaggregates router control and

transport planes (called S

• ftRouter-based approach)

Transport plane: packet forwarding element Control plane: control element server and feature server

p

Control element servers and transport plane communicate using standard

protocols

Approach similar to S

• ftS

witch-based disaggregation of class 5 switches

9 ACM MobiArch | Aug 27, 2007

SoftRouter: New Router Architecture

Decoupling: S

eparate complex control plane processing from the transport plane S I l t t l l i f ti d di t d

Servers: Implement control plane processing functions on dedicated

external control plane servers

Standard Interface: Define standard protocol for control plane servers to

p p interface to the forwarding elements

Proprietary API

Control plane processing Feature Server Control Element Server

API

processing

Standard protocol

Forwarding plane processing

Transport Plane

Packet Forwarding Element

10 ACM MobiArch | Aug 27, 2007

Current Router Model SoftRouter Model

Enabler for Chaining Packet Processing Services

Unix allows processing to be composed via “ pipes”

cat infile > prog1 | prog2 | prog3 > outfile

Vision of packet services processing Vision of packet services processing service cards + service chaining = “ network pipes”

Packet S ervice 1 Packet S ervice 2 Packet S ervice 3 Card 3 Card Card 3 Service C L2/L3 Service Service L2/L3

11 ACM MobiArch | Aug 27, 2007

Comprehensive Service Management

Reprogrammable service cards + reconfigurable service routing allow flexible composition of edge functions flexible composition of edge functions Bell Labs S

• lution built around service routing

Allows easy configuration fault performance management for edge Allows easy configuration, fault, performance management for edge

services

Configuration: on demand loading of services and definition of service

g g chains

Fault: active detection and recovery of faulty “ services” Performance: resource control and statistics on current service

performance

12 ACM MobiArch | Aug 27, 2007

Service Chaining Primitives

A service chain specifies an ordered sequence of services to be performed for a packet flow Abstractly, a service chain is defined by composing individual apps using AND or OR operator

app2 app2

and

app1

• r

app1 app3 app3

Packets should be duplicated to both app2 and app3 – flow replication Packets should be sent to either app2

• r app3 on a flow basis – load balancing

13 ACM MobiArch | Aug 27, 2007

Note: Pt-to-pt case is a degenerate case of either, packet leaving app1 should go to app2

Example Service Chain

app5 app6

d

app3 app4

• r

app7

and

app2 app1 app5 app6 app8 app9 app10

14 ACM MobiArch | Aug 27, 2007

Example Application: Integrated Edge Packet Processing

Security:

Stop attacks to

y packet filtering/ DDoS protection IP S ervices Platform with programmable services card loaded with packet processing applications

Stop attacks to and from mobiles

Control: P2P control/

Control services a

P2P control/ Bandwidth mgmt

mobile receives

Application Acceleration/Enhancement:

Enhance application experience

Acceleration/Enhancement: Transcoding/Caching/Voice Quality

experience

15 ACM MobiArch | Aug 27, 2007

Enabling Technologies

• Future Telecom Networks will need secure, quality-enabled, high-

speed, and well-managed converged packet cores

• Bell Labs has several breakthrough programs to enable this change.

Here are three examples:

S f R A hi d l i h i d l i f d

• S
• ftRouter: A new architecture to deal with increased complexity of data

networking

• Base S

tation Router: An access router which terminates all radio network processing

• AWARE S

ystem for Wireless DDoS Defense

16 ACM MobiArch | Aug 27, 2007

Base Station Router: Push Intelligence to the Edge

Current wireless networks are complex, involving many network elements, and result in high cost and high latency Base S tation Router terminates all air-interface-specific functions in the base Base S tation Router terminates all air-interface-specific functions in the base station

Packet b kh l

Telephone

O

Mobile Switching Center Base Station

O

Radio Controller backhaul

circuit voice

Telephone Network

O

Mobile Router Packet Backhaul

packet data

O

Mobile Router

Internet

Base Station

Collapsing Radio Access Network elements into the base station simplifies network and reduces latency Pushing IP intelligence to the base station results in

Base Station Router

17 ACM MobiArch | Aug 27, 2007

g g better Quality of Service support

BSR: Flattening the Network

GTP

Gateway IP Network

GRE MM/SM/CC GTP U IP TCP/UDP GTP GTP TCP/UDP IP

Gateway Switch Node Serving S it h

GRE Tunnel

MoIP HA IP Switch

GRE UDP IP RLC MAC PDCP RRC GTP-U UDP IP AAL5 IP UDP GTP-U GTP

Switch Node Radio

RRC MM/SM/CC IP UDP GRE GRE Tunnel

IP Switch

FP AAL2 ATM AAL2 ATM AAL5 ATM ATM

Radio Network Controller

RLC MAC PDCP RRC MAC-HS FP MAC-HS L1

Base Station

C S L1 L1 MAC-HS

Base Station Router

L1 MAC-HS

Mobile Terminal

MAC-HS MAC RLC PDCP RRC MAC-HS MAC RLC PDCP RRC

Mobile Terminal

18 ACM MobiArch | Aug 27, 2007

MM/SM/CC IP MM/SM/CC IP

BSR: Flattening the Network

GTP

IP Network

GRE MM/SM/CC GTP U IP TCP/UDP GTP GTP TCP/UDP IP

GGSN SGSN

GRE Tunnel

MoIP HA IP Switch

GRE UDP IP RLC MAC PDCP RRC GTP-U UDP IP AAL5 IP UDP GTP-U GTP

SGSN

RRC MM/SM/CC IP UDP GRE GRE Tunnel

IP Switch

Access-specific functions at the edge

FP AAL2 ATM AAL2 ATM AAL5 ATM ATM

RNC

RLC MAC PDCP RRC MAC-HS

Local multimedia or

Location-Based-S ervices servers

FP MAC-HS L1

Node B

C S L1 L1 MAC-HS

BSR

L1 MAC-HS

Easier deployment and integration with wireline services Improved fault tolerance and reliability

UE

MAC-HS MAC RLC PDCP RRC

UE

MAC-HS MAC RLC PDCP RRC

19 ACM MobiArch | Aug 27, 2007

MM/SM/CC IP MM/SM/CC IP

Benefits of Flattening the Network – Driving Simplicity

Lower latency due to flat IP architecture Fewer bottleneck nodes as traffic is offloaded Capex, Opex optimization Centralized aspects confined at IP layer for lower scaling cost Future-proof technology innovation S i lifi l ti t IMS d LTE Centralized aspects confined at IP layer for lower scaling cost S implifies evolution to IMS and LTE

BSR integrates all

• f this into a single

box

20 ACM MobiArch | Aug 27, 2007

Key Differentiators: Full Plug & Play

Step 0 : Factory

Product identifications are programmed and labeled

Step 3 : Plug the Femto

P th F t p g (bar code and identification)

Step 2 : Subscription Confirmed

Power-on the Femto Auto-Configuration procedures starts:

• A. Initialization to connect to BSR

Gateways

• B. Authentication

Step 2 : Subscription Confirmed

End user receives confirmation of the subscription and login information

• C. Auto-configuration of initial

parameters

• D. Check Femto location
• E. Registration of authorized

terminal

Step 1 : User’s Subscription

Th b ib t information Includes the Femto if he/she had subscribed by web terminal

Step 4 : Femto is working !

U i fi ti The user subscribes to the service (in a shop or

• n the web)

He/she selects the type

• f CPE and service set

User receives a confirmation call or SMS on his mobile Register up to 16 terminals He/she fill-in his/her personal details

21 ACM MobiArch | Aug 27, 2007

FemtoBSR System fully integrated in Customer’s IT to enable Plug & Play

Key Differentiators: Security Architecture

Future picocells and femtocells will be deployed in non-secured locations (homes, public locations, etc) Need a secure environment inside the cell where trust related functions can be Need a secure environment inside the cell where trust -related functions can be safely executed, eg:

• Cell and user authentication
• Integrity checks for signaling and control messaging

CELL SITE VAUL T

• Integrity checks for signaling and control messaging
• Secure key storage
• Data encryption

Home Agent

Public/private IP network

CELL SITE VAUL T

• Shared secret

key

inter-cell site

Secure Tunnels

Signaling &

MoIP

Protocol

Authentication Center

Keys

Signaling

Protocol

SIM

Signaling & Control Bearer path Keys inter-cell site

stack Stack

Bearer path

The Cellsite Vault is a tamper resistant trusted computing and storage environment

22 ACM MobiArch | Aug 27, 2007

The Cellsite Vault is a tamper-resistant, trusted, computing and storage environment within the BSR for where all security-related functions are safely performed

Lucent Technologies' Base Station Router Receives CTIA Emerging Technology Award

Revolutionary Product Takes Top Honors for Most Innovative In- Building Solution

LAS VEGAS – Lucent Technologies (NYS E:LU) today announced that its Base S tation Router (BS R) product was selected as the first place winner of a CTIA WIRELES S 2006 Wireless Emerging Technologies (E-tech) Award in the category of WIRELES S 2006 Wireless Emerging Technologies (E tech) Award in the category of “ Most Innovative In-Building S

• lution.” Award recipients were announced

yesterday in a ceremony at the Las Vegas Convention Center during the CTIA WIRELES S trade show. The Wireless E-tech Awards program is designed to give industry recognition and exposure to the best wireless products and services in the areas of Consumer, Enterprise and Network technology Nearly 200 applications were submitted and Enterprise and Network technology. Nearly 200 applications were submitted and reviewed by a panel of recognized members of the media, industry analysts and executives, as well as select show attendees. Products were j udged on innovation, functionalit y, technological importance, implementation and overall , y, g p , p “ wow” factor.

23 ACM MobiArch | Aug 27, 2007

Enabling Technologies

• Future Telecom Networks will need secure, quality-enabled, high-

speed, and well-managed converged packet cores

• Bell Labs has several breakthrough programs to enable this change.

Here are three examples:

S f R A hi d l i h i d l i f d

• S
• ftRouter: A new architecture to deal with increased complexity of data

networking

• Base S

tation Router: An access router which terminates all radio network processing

• AWARE S

ystem for Wireless DDoS Defense

24 ACM MobiArch | Aug 27, 2007

Wireless Data Networks Subject to Existing and New Types of Attacks

Complex Signaling Mobile Endpoint

New Network

Finite Air Resources

Network Constraints

Internet

HA PDSN RNC

BTS

HA ASN

BTS

WiMax EV-DO

GGSN

Internet

SGSN RNC

BTS

HA PDSN RNC

BTS

UMTS

New Network

• Spam
• Virus

Existing IP Threats New Wireless Threats

• Signaling DoS
• Battery Drain

Network Vulnerabilities

• Virus
• Worms
• Malware
• Phishing
• Battery Drain
• RF DoS
• Paging Attacks
• Wireless unfriendly

25 ACM MobiArch | Aug 27, 2007

Phishing

• DDoS
• Wireless-unfriendly

apps (e.g. P2P)

AWARE: A Bell Labs 3G/4G Wireless Security Solution

Home PDSN RNC BTS

Inline Mitigation

Agent

Internet

PDSN RNC BTS

A A

Mi i i i li

Aware Detector Aware Central EMS

• AWARE Detector is a behavioral based packet inspection engine with

Mitigation signaling

• AWARE Detector is a behavioral-based packet inspection engine with

algorithms tuned to the specifics of the wireless network architecture & protocols W h d l d l ith b d t ffi fili d t ti ti l

• We have developed algorithms based on traffic profiling and statistical

models that can detect low volume wireless DoS attacks

• The system detects and mitigates traffic that will cause RNC signaling

l d i li k i l d d

• verload, unnecessary airlink usage, paging overload, and unnecessary

subscriber battery drain

• Mitigation: signaling to inline elements to block unwanted traffic and mobile

26 ACM MobiArch | Aug 27, 2007

quarantine to remove infected or malicious mobile from wireless network

Denial of Service - Signaling Attacks on 3G Networks

Structure of Signaling Overload

Internet

Attack leverages active

mobile sessions in the network Wireless Core

RNC

S

mall amounts of data are sent to re-initiate the session after it is released Core

Bearer Path

BTS

causing extra signaling load

Impact

Signaling

Impact

g g Path

Low-volume attack

generates signaling ti t th RNC congestion at the RNC

Overload of the RNC will

result in a denial of service b ib

27 ACM MobiArch | Aug 27, 2007

to subscribers

Denial of Service - Battery-Drain and RF Channel Exhaustion

Internet

Structure of a

Attack leverages active

Wireless Core

Structure of a Battery-Drain Attack

RNC RNC

Attack leverages active

mobile sessions and sends packets to prevent transition to dormancy Core

Bearer Path

BTS

transition to dormancy (e.g., low volume 40 bytes every 10 seconds)

Signaling

Attack in Progress

Wastes radio resources

Impact

g g Path

400 500 600 t (m A

Wastes radio resources

Drains mobile battery

100 200 300 Current

Attack Mitigated Dormant

28 ACM MobiArch | Aug 27, 2007

0:00 0:30 1:00 1:30 2:00 2:30 3:00 3:30 4:00 4:30 5:00 5:30 6:00 6:30 7:00 7:30 8:00 8:30 9:00 9:30 Tim e (m inutes:seconds)

Battery Drain on live UMTS Wireless PC Card

Observed affect on energy consumption due to unwanted traffic

300

ALU-launched battery- External scans induced Observed affect on energy consumption due to unwanted traffic coming from various Internet sources and other mobiles

250

ALU launched battery drain attack External scans induced battery drain

200

mA)

` 150

Current (

50 100 50

29 ACM MobiArch | Aug 27, 2007

0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:01 10:01 11:01 12:01 13:01 14:01 15:01 16:01

Time (minutes:seconds)

Recent Abuse Observed on North American Carrier’s 3G Network

Detection Evasion: need to identify subscriber not IP address One subscriber’s abusive behavior:

Uploaded 1GB / Downloaded 3.5GB S

ame subscriber’s mobile used 24 different IP address when performing scans on other mobiles

Communicated with P2P sites - 5k

eDonkey & 37k Gnutella sites Malfunction Device Impact

• n Wireless Network:

O 3G k Worms and Port Scans (attempt/response)

R lt i i ifi t t d i

One 3G network was

continuously experiencing Denial of S ervice overloads

Result in significant wasted air resources

Port 135: 10+ different worms (31,213 / 2,326) Port 137: Chode worm (135,483 / 2925)

due to a malfunctioning air card S l th

Port 139: 10+ different worms (59,698 / 4063) Port 1026: MS

message spam (67,034 / 436) ll f b kd

S

everal man-months were required to identify the device

Port 5900: install of backdoor program, (96,159 / 2,380) Mobile scanner: scans 4426 mobiles on 6 different ports

30 ACM MobiArch | Aug 27, 2007

Conclusions

M l i di i h j d i f k

• Multimedia content is the maj or driver for next-gen networks.
• These networks have to be QoS
• enabled, reliable, secure, and

manageable manageable.

• Bell Labs has several programs to enable the mobile networks of the

future: S

• ftRouter, Base S

tation Router, and AWARE DDoS System. , , y

• Mobile networking has a truly exciting future.

31 ACM MobiArch | Aug 27, 2007