krishan k. sabnani, svp networking research, bell labs august … · 2008-07-28 · krishan k....
TRANSCRIPT
h l d A h Key Technologies and Architectures for Next Generation Mobile Networks
Krishan K. Sabnani, SVP,Networking Research, Bell Labs
August 27, 2007
The Network Evolution
Yesterday… …Today…
Volume of data trafficexceeds voice traffic
• Networks were designed to carry voice traffic
• Data traffic mostly overlaid
• Networks are designed to carry primarily data traffic
• Voice traffic overlaid on • Data traffic mostly overlaid on voice networks (using modems)
• Voice traffic overlaid on data networks (e.g. VoIP)
…Tomorrow…Content traffic
becomesdominant
• Future networks should be designed primarily for efficient content distributionand content search/location
Content distrib tion sho ld not onl be o erlaid b t b ilt in from gro nd p— Content distribution should not only be overlaid, but built in from ground up
• Future networks should also be able to effectively carry best-effort data traffic and QoS-sensitive multimedia traffic
2 ACM MobiArch | Aug 27, 2007
BT’s Current UK Network
PSTN
PSTNLeased linesCopper
ATMDSLKStream
PDH access
IPFibre
SDH
SDHVC-12
access
PDH
access
PDHaccess MSH -SDHSDH VC-4
PDH
EndU
~5.5ki
~2k ~300i
~100i
~15i
~1k
3 ACM MobiArch | Aug 27, 2007
User sites sites sites sites sitessites
BT’s Simplified 21CN UK Network
Multi-service access Converged core
CopperClass 5
Call Server
IP-MPLS-WDM
DSL
Fibre &
WWW
Copper Agg Box
Content ISP
WirelessWireless
End ~5.5k ~100
4 ACM MobiArch | Aug 27, 2007
User sites sites
Tomorrow’s Converged Network
R di AEnterpriseNetworks
3G CellularNetworks
RadioController
AccessRouter
Networks
Qualityof Service
( f i )
EdgeRouter
Al O
A
Next-GenMetro
N t k
(e.g. for voice)
QoS-Enabled
Services Enablement Layer
Always-OnGlobal Roaming
Edge
AccessRouter
Networks Packet Core Network
EdgeRouterRouter
HomeNetworks
UserMobility
Network Intelligence
RouterPersonalization
AccessRouter
4G/Mesh Traffic Type(Multimedia)
5 ACM MobiArch | Aug 27, 2007
Enabling Technologies
• Future Telecom Networks will need secure, quality-enabled, high-speed, and well-managed converged packet cores
• Bell Labs has several breakthrough programs to enable this change. Here are three examples:
S f R A hi d l i h i d l i f d - SoftRouter: A new architecture to deal with increased complexity of data networking
- Base Station Router: An access router which terminates all radio network processing
- AWARE System for Wireless DDoS Defense
6 ACM MobiArch | Aug 27, 2007
Enabling Technologies
• Future Telecom Networks will need secure, quality-enabled, high-speed, and well-managed converged packet cores
• Bell Labs has several breakthrough programs to enable this change. Here are three examples:
S f R A hi d l i h i d l i f d - SoftRouter: A new architecture to deal with increased complexity of data networking
- Base Station Router: An access router which terminates all radio network processing
- AWARE System for Wireless DDoS Defense
7 ACM MobiArch | Aug 27, 2007
Routers Are Becoming Increasingly Complex
email WWW phone...
SMTP HTTP RTP...
TCP UDP
Complexity is an IP “Middle-Age” problem!
IP provides end-to-end datagram delivery service to TCP UDP…
IP
Ethernet PPP…
p g yprotocols/applications
IP can use any link-layer technology that delivers packets
CSMA async sonet...
copper fiber radio...Emerging Applications are driving more functions into IP, expanding the “waist” of the IP hour glass
email WWW phone
Router vendors incorporate all new IP functions into routers
C l it i d th h t th t k email WWW phone...
SMTP HTTP RTP...
TCP UDP…
mobile mcastNAT
Complexity is spread throughout the network
Achieving network-wide objectives such as traffic engineering requires complex translation of global IP
Ethernet PPP…
CSMA async sonet...
IPmobile mcastIPSecdiff-serv
engineering requires complex translation of global objectives to configuration information in numerous individual routers
Misconfiguration or uncoordinated configuration can
8 ACM MobiArch | Aug 27, 2007
copper fiber radio...g g
result in poor performance or even network instability
Solution: SoftRouter
Disaggregation of router hardware from software addresses this problem and has the potential for major additional advantagesproblem and has the potential for major additional advantages
Bell Labs has a research program that disaggregates router control and transport planes (called SoftRouter-based approach)
Transport plane: packet forwarding element
Control plane: control element server and feature serverp
Control element servers and transport plane communicate using standard protocols
Approach similar to SoftSwitch-based disaggregation of class 5 switches
9 ACM MobiArch | Aug 27, 2007
SoftRouter: New Router Architecture
Decoupling: Separate complex control plane processing from the transport plane
S I l t t l l i f ti d di t d Servers: Implement control plane processing functions on dedicated external control plane servers
Standard Interface: Define standard protocol for control plane servers to p pinterface to the forwarding elements
ProprietaryAPI
Control plane
processing
FeatureServer
Control ElementServer
API
processing
Standardprotocol
Forwarding plane
processing Transport Plane
PacketForwarding
Element
10 ACM MobiArch | Aug 27, 2007
Current Router Model SoftRouter Model
Enabler for Chaining Packet Processing Services
Unix allows processing to be composed via “pipes”
cat infile > prog1 | prog2 | prog3 > outfile
Vision of packet services processingVision of packet services processingservice cards + service chaining = “network pipes”
PacketService 1
PacketService 2
PacketService 3
Card
3 Car
d
Car
d
3
Serv
ice
C
L2/L
3
Serv
ice
Serv
ice
L2/L
311 ACM MobiArch | Aug 27, 2007
Comprehensive Service Management
Reprogrammable service cards + reconfigurable service routing allow flexible composition of edge functionsflexible composition of edge functions
Bell Labs Solution built around service routing
Allows easy configuration fault performance management for edge Allows easy configuration, fault, performance management for edge services
Configuration: on demand loading of services and definition of service g gchains
Fault: active detection and recovery of faulty “services”
Performance: resource control and statistics on current service performance
12 ACM MobiArch | Aug 27, 2007
Service Chaining Primitives
A service chain specifies an ordered sequence of services to be performed for a packet flow
Abstractly, a service chain is defined by composing individual apps using AND or OR operator
app2 app2
andapp1 orapp1
app3 app3
Packets should be duplicated to both app2 and app3 – flow replication
Packets should be sent to either app2 or app3 on a flow basis – load balancing
13 ACM MobiArch | Aug 27, 2007
Note: Pt-to-pt case is a degenerate case of either, packet leaving app1 should go to app2
Example Service Chain
app5 app6
d
app3 app4 or app7
andapp2app1 app5 app6
app8 app9 app10
14 ACM MobiArch | Aug 27, 2007
Example Application: Integrated Edge Packet Processing
Security: Stop attacks to ypacket filtering/DDoS protection
IP Services Platform with programmable services card loaded with packet processing applications
Stop attacks to and from mobiles
Control:P2P control/
Control services a P2P control/Bandwidth mgmt
mobile receives
Application Acceleration/Enhancement:
Enhance application experienceAcceleration/Enhancement:
Transcoding/Caching/Voice Qualityexperience
15 ACM MobiArch | Aug 27, 2007
Enabling Technologies
• Future Telecom Networks will need secure, quality-enabled, high-speed, and well-managed converged packet cores
• Bell Labs has several breakthrough programs to enable this change. Here are three examples:
S f R A hi d l i h i d l i f d - SoftRouter: A new architecture to deal with increased complexity of data networking
- Base Station Router: An access router which terminates all radio network processing
- AWARE System for Wireless DDoS Defense
16 ACM MobiArch | Aug 27, 2007
Base Station Router: Push Intelligence to the Edge
Current wireless networks are complex, involving many network elements, and result in high cost and high latency
Base Station Router terminates all air-interface-specific functions in the base Base Station Router terminates all air-interface-specific functions in the base station
Packetb kh l Telephone O
MobileSwitching
CenterBase Station
O
RadioController
backhaul circuitvoice
Telephone Network
O
MobileRouter
PacketBackhaul packet
data
O
MobileRouter
Internet
Base Station
Collapsing Radio Access Network elements into the base station simplifies network and reduces latency
Pushing IP intelligence to the base station results in
Base Station Router
17 ACM MobiArch | Aug 27, 2007
g gbetter Quality of Service support
BSR: Flattening the Network
GTPGateway
IP Network
GRE
MM/SM/CC
GTP U
IP
TCP/UDP
GTP
GTP
TCP/UDP
IP
GatewaySwitchNode
ServingS it h GRE Tunnel
MoIP HA
IP Switch
GRE
UDP
IP
RLC
MAC
PDCPRRC
GTP-U
UDP
IPAAL5
IP
UDP
GTP-UGTPSwitch Node
Radio RRC
MM/SM/CCIP
UDP
GRE
GRE Tunnel IP Switch
FP
AAL2
ATM
AAL2
ATM
AAL5
ATM
ATMRadioNetwork
Controller RLC
MAC
PDCPRRC
MAC-HSFP
MAC-HS
L1
BaseStation
C S
L1
L1
MAC-HS
BaseStationRouterL1
MAC-HS
MobileTerminal
MAC-HS
MAC
RLC
PDCP RRC
MAC-HS
MAC
RLC
PDCP RRC
MobileTerminal
18 ACM MobiArch | Aug 27, 2007
MM/SM/CC
IP
MM/SM/CC
IP
BSR: Flattening the Network
GTP
IP Network
GRE
MM/SM/CC
GTP U
IP
TCP/UDP
GTP
GTP
TCP/UDP
IP
GGSN
SGSN GRE Tunnel
MoIP HA
IP Switch
GRE
UDP
IP
RLC
MAC
PDCPRRC
GTP-U
UDP
IPAAL5
IP
UDP
GTP-UGTPSGSN
RRC
MM/SM/CCIP
UDP
GRE
GRE Tunnel IP Switch
Access-specific functions at the edge
FP
AAL2
ATM
AAL2
ATM
AAL5
ATM
ATMRNC
RLC
MAC
PDCPRRC
MAC-HS
Local multimedia or Location-Based-Services servers
FP
MAC-HS
L1Node B
C S
L1
L1
MAC-HS
BSRL1
MAC-HS
Easier deployment and integration with wireline services
Improved fault tolerance and reliability
UE
MAC-HS
MAC
RLC
PDCP RRC
UE
MAC-HS
MAC
RLC
PDCP RRC
19 ACM MobiArch | Aug 27, 2007
MM/SM/CC
IP
MM/SM/CC
IP
Benefits of Flattening the Network – Driving Simplicity
Lower latency due to flat IP architectureFewer bottleneck nodes as traffic is offloaded
Capex, Opex optimizationCentralized aspects confined at IP layer for lower scaling cost
Future-proof technology innovationSi lifi l ti t IMS d LTE
Centralized aspects confined at IP layer for lower scaling cost
Simplifies evolution to IMS and LTE
BSR integrates all of this into a single
box
20 ACM MobiArch | Aug 27, 2007
Key Differentiators: Full Plug & Play
Step 0 : FactoryProduct identifications are programmed and labeled
Step 3 : Plug the Femto
P th F tp g(bar code and identification)
Step 2 : Subscription Confirmed
Power-on the FemtoAuto-Configuration procedures starts:A. Initialization to connect to BSR GatewaysB. Authentication Step 2 : Subscription Confirmed
End user receives confirmation of the subscription and login information
C. Auto-configuration of initial parametersD. Check Femto locationE. Registration of authorized terminal
Step 1 : User’s Subscription
Th b ib t
informationIncludes the Femto if he/she had subscribed by web
terminal
Step 4 : Femto is working !U i fi tiThe user subscribes to
the service (in a shop or on the web)He/she selects the type of CPE and service set
User receives a confirmation call or SMS on his mobileRegister up to 16 terminals
He/she fill-in his/her personal details
21 ACM MobiArch | Aug 27, 2007
FemtoBSR System fully integrated in Customer’s IT to enable Plug & Play
Key Differentiators: Security Architecture
Future picocells and femtocells will be deployed in non-secured locations (homes, public locations, etc)Need a secure environment inside the cell where trust related functions can be Need a secure environment inside the cell where trust-related functions can be safely executed, eg:
• Cell and user authentication• Integrity checks for signaling and control messaging CELL SITE VAULT• Integrity checks for signaling and control messaging• Secure key storage• Data encryption Home AgentPublic/private
IP network
CELL SITE VAULT
Shared secretkey
inter-cell site
Secure Tunnels
Signaling &MoIP
Protocol
AuthenticationCenter Keys Signaling
Protocol
SIMSignaling & Control
Bearer pathKeys
inter-cell site
stack StackBearer path
The Cellsite Vault is a tamper resistant trusted computing and storage environment
22 ACM MobiArch | Aug 27, 2007
The Cellsite Vault is a tamper-resistant, trusted, computing and storage environment within the BSR for where all security-related functions are safely performed
Lucent Technologies' Base Station Router Receives CTIA Emerging Technology Award
Revolutionary Product Takes Top Honors for Most Innovative In-Building Solution
LAS VEGAS – Lucent Technologies (NYSE:LU) today announced that its Base Station Router (BSR) product was selected as the first place winner of a CTIA WIRELESS 2006 Wireless Emerging Technologies (E-tech) Award in the category of WIRELESS 2006 Wireless Emerging Technologies (E tech) Award in the category of “Most Innovative In-Building Solution.” Award recipients were announced yesterday in a ceremony at the Las Vegas Convention Center during the CTIA WIRELESS trade show.
The Wireless E-tech Awards program is designed to give industry recognition and exposure to the best wireless products and services in the areas of Consumer, Enterprise and Network technology Nearly 200 applications were submitted and Enterprise and Network technology. Nearly 200 applications were submitted and reviewed by a panel of recognized members of the media, industry analysts and executives, as well as select show attendees. Products were judged on innovation, functionality, technological importance, implementation and overall , y, g p , p“wow” factor.
23 ACM MobiArch | Aug 27, 2007
Enabling Technologies
• Future Telecom Networks will need secure, quality-enabled, high-speed, and well-managed converged packet cores
• Bell Labs has several breakthrough programs to enable this change. Here are three examples:
S f R A hi d l i h i d l i f d - SoftRouter: A new architecture to deal with increased complexity of data networking
- Base Station Router: An access router which terminates all radio network processing
- AWARE System for Wireless DDoS Defense
24 ACM MobiArch | Aug 27, 2007
Wireless Data Networks Subject to Existing and New Types of Attacks
Complex Signaling Mobile EndpointNew Network Finite Air ResourcesNetwork
Constraints
Internet HA PDSN RNC BTS
HA ASN BTSWiMax
EV-DO
GGSN
Internet
SGSN RNC BTS
HA PDSN RNC BTS
UMTS
NewNetwork
• Spam• Virus
Existing IP Threats New Wireless Threats
• Signaling DoS• Battery DrainNetwork
Vulnerabilities• Virus• Worms• Malware• Phishing
• Battery Drain• RF DoS• Paging Attacks• Wireless unfriendly
25 ACM MobiArch | Aug 27, 2007
Phishing• DDoS
• Wireless-unfriendly apps (e.g. P2P)
AWARE: A Bell Labs 3G/4G Wireless Security Solution
HomePDSN RNC BTS
Inline Mitigation
AgentInternet
PDSN RNC BTS
A A Mi i i i li Aware Detector
Aware Central EMS
AWARE Detector is a behavioral based packet inspection engine with
Mitigation signaling
AWARE Detector is a behavioral-based packet inspection engine with algorithms tuned to the specifics of the wireless network architecture & protocols
W h d l d l ith b d t ffi fili d t ti ti l We have developed algorithms based on traffic profiling and statistical models that can detect low volume wireless DoS attacks
The system detects and mitigates traffic that will cause RNC signaling l d i li k i l d d overload, unnecessary airlink usage, paging overload, and unnecessary
subscriber battery drain
Mitigation: signaling to inline elements to block unwanted traffic and mobile
26 ACM MobiArch | Aug 27, 2007
quarantine to remove infected or malicious mobile from wireless network
Denial of Service - Signaling Attacks on 3G Networks
Structure of Signaling Overload
InternetAttack leverages active mobile sessions in the network Wireless
Core
RNC
Small amounts of data are sent to re-initiate the session after it is released
Core
Bearer Path
BTScausing extra signaling load
Impact Signaling Impact g gPath
Low-volume attack generates signaling
ti t th RNCcongestion at the RNCOverload of the RNC will result in a denial of service
b ib
27 ACM MobiArch | Aug 27, 2007
to subscribers
Denial of Service - Battery-Drain and RF Channel Exhaustion
InternetStructure of a
Attack leverages active Wireless
Core
Structure of a Battery-Drain Attack
RNC
Attack leverages active mobile sessions and sends packets to prevent transition to dormancy
Core
Bearer Path
BTS
transition to dormancy (e.g., low volume 40 bytes every 10 seconds)
Signaling Attack in Progress
Wastes radio resources
Impact
g gPath
400
500
600
t(m
AWastes radio resourcesDrains mobile battery
100
200
300
Cur
rent
Attack MitigatedDormant
28 ACM MobiArch | Aug 27, 2007
00:00 0:30 1:00 1:30 2:00 2:30 3:00 3:30 4:00 4:30 5:00 5:30 6:00 6:30 7:00 7:30 8:00 8:30 9:00 9:30
Time (minutes:seconds)
Battery Drain on live UMTS Wireless PC CardObserved affect on energy consumption due to unwanted traffic
300ALU-launched battery- External scans induced
Observed affect on energy consumption due to unwanted trafficcoming from various Internet sources and other mobiles
250
ALU launched batterydrain attack
External scans induced battery drain
200
mA)
`
150
Cur
rent
(
50
100
0
50
29 ACM MobiArch | Aug 27, 2007
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:01 10:01 11:01 12:01 13:01 14:01 15:01 16:01Time (minutes:seconds)
Recent Abuse Observed on North American Carrier’s 3G Network
Detection Evasion: need to identify subscriber not IP address
One subscriber’s abusive behavior:
Uploaded 1GB / Downloaded 3.5GB Same subscriber’s mobile used 24different IP address when performing scans on other mobiles
Communicated with P2P sites - 5k eDonkey & 37k Gnutella sites
Malfunction Device Impact on Wireless Network:
O 3G k
Worms and Port Scans (attempt/response)
R lt i i ifi t t d i One 3G network was continuously experiencing Denial of Service overloads
Result in significant wasted air resources
Port 135: 10+ different worms (31,213 / 2,326)
Port 137: Chode worm (135,483 / 2925)due to a malfunctioning air card
S l th
Port 139: 10+ different worms (59,698 / 4063)
Port 1026: MS message spam (67,034 / 436)
ll f b kd Several man-months were required to identify the device
Port 5900: install of backdoor program, (96,159 / 2,380)
Mobile scanner: scans 4426 mobiles on 6 different ports
30 ACM MobiArch | Aug 27, 2007
Conclusions
M l i di i h j d i f k• Multimedia content is the major driver for next-gen networks.
• These networks have to be QoS-enabled, reliable, secure, and manageablemanageable.
• Bell Labs has several programs to enable the mobile networks of thefuture: SoftRouter, Base Station Router, and AWARE DDoS System., , y
• Mobile networking has a truly exciting future.
31 ACM MobiArch | Aug 27, 2007