f5 solutions for service providers

CONFIDENTIAL

F5 Solutions for Service ProvidersBart Salaets

Solution Architect

© F5 Networks, Inc 2CONFIDENTIAL

Complex network architectures

InternetRTRFWDPI/TDFL2 SwitchRTR

EndUsers

Video optimization Transparent caching URL filtering

Value-added services (VAS)

Control Plane

DNS PCRF IMS AAA HSS OCS DRA

Challenges

• Complex architecture, hard to scale

• Resulting high CapEx and OpEx

• Difficulty adding new services

LDNS

Static port80 based steering into VAS complex

Multiple point product solutions inline in the data path

CGNATGGSN/PGW

BRAS/BNG


The new network should focus on …

Monetize SecureOptimize

Quality of Experience mgmt

Flexible opt-in/opt-out services

Flexible charging

Intelligent steering to VAS

Consolidate L4-L7 functions

TCP Optimization

Migrate to NFV-based solution

Network Security (Gi FW)

Dynamic subscriber security

DNS Security

IPv4/IPv6 Transition


A Consolidated Approach with F5Simplifying the delivery of L4-L7 network services

BEFORE F5

WITH F5

PGW/

BNG

FirewallPGW/BNG

Policy Enforcement

CGNAT Internet

Internet

LDNS URL Filtering

RTR

VAS layer

Static port 80 steering

Dynamic & intelligent steering

VAS layer

VIPRION


Consolidate L4-L7 Network Functions with F5

L2 switchingMPLS L2 PE

L3 routingMPLS L3 PE

BRAS/BNG

Full Proxy(TCP opt,

HHE)

Firewall

L3/L4 Steering

Policy Enforcement

CGNAT

TCP OPTIM

DPI/PCEF

L7 STEERING

FW/CGN

HTTP HE

2010–20142005–2010 L2–L3 L4–L7

IP ROUTING

MPLS L2 PE

MPLS L3 PE

BRAS/BNG

Multi-servicerouter

Dedicated platforms,different vendors

Single platform,L2–L3 consolidation

Dedicated platforms,different vendors

Unified platform,L4–L7 consolidation


0

1,000,000

2,000,000

3,000,000

4,000,000

5,000,000

6,000,000

7,000,000

8,000,000

9,000,000

10,000,000

BIG-IP Virtual EditionBIG-IP 2000 Series BIG-IP 4000 Series BIG-IP 5000 Series BIG-IP 7000 SeriesBIG-IP 10000 SeriesBIG-IP 11000 Series VIPRION 2200 VIPRION 2400 VIPRION 4480 VIPRION 4800

L7 R

eq

ues

ts P

er

Se

co

nd

(In

f-In

f)

BIG-IP 110502.5M L7 RPS1M L4 CPS

40/42G L7/L4 TPUT

Purpose Built Platforms for L4-L7 Services

BIG-IP 4200v850k L7 RPS300K L4 CPS10G L7/L4 TPUT

VIPRION 2400

8M L7 RPS4M L4 CPS320G L7/L4

TPUT

VIPRION 4480

10M L7 RPS5.6M L4 CPS160/320G L7/L4

TPUT

BIG-IP 10200v2M L7 RPS1M L4 CPS

40/80G L7/L4 TPUT

BIG-IP 2200s425K L7 RPS150K L4 CPS5G L7/L4 TPUT

BIG-IP 5200v1.5M L7 RPS700K L4 CPS

15/30G L7/L4 TPUT

BIG-IP 7200v1.6M L7 RPS775K L4 CPS

20/40G L7/L4 TPUT

BIG-IP Virtual EditionUp to 325K L7 RPSUp to 100K L4 CPS

10G L7/L4 TPUT

VIPRION 22004M L7 RPS2M L4 CPS

160G L7/L4 TPUT

VIPRION 4800

20M L7 RPS10M L4 CPS

320/640G L7/L4TPUT


BIG-IP®

Advanced

Firewall

Manager

(AFM)

BIG-IP®

Applicatio

n

Security

Manager

(ASM)

BIG-IP®

DNS

Modules

(GTM)

BIG-IP®

Local

Traffic

Manager

(LTM)

BIG-IP®

Carrier

Grade NAT

(CGNAT)

BIG-IP®

Policy Enf.

Manager

(PEM)

BIG-IP®

Access

Policy

Manager

(APM)

Plugin

Eco

Syste

m

Service Provider

Security

Cloud

Orchestration

ADC

BIG-IQ

Security™

BIG-IQ

Cloud™

BIG-IQ

ADC

BIG-IQ

Device™

BIG-IQ Platform™

BIG-IP®

Acceleratio

n

Manager

(AM)

iRules®, iApps®, iCall, iStats and iControl®

KVM / AWS / Xen

VMWare / HyperV

L3/Routing, UDP, IP, IPSec, IPv6, SCTP, TCP, HTTP, SSL,

FIPS, Tunneling, BWC, Stats, Certifications

CMP, VCMP, ScaleN, Firmware, HAL, Sizing Guides

BIG-IQ

MAM

Programmability

Core Protocols

Performance / Scalability

TMOS

Operating System

AppliancesChassis Software

RBAC, Logging, SNMP, CLI, GUIManageability

MobileSaf

e

and

WebSafe

(Versafe)

TMOS

Fabric

BIG-IP / BIG-IQ – Technology Suite

Cisco

APIC

VMWare

Microsoft

SCVMM

OpenStack

AWS

Open

Connector


Key F5 network services – Optimize, Monetize, Secure

A unified platform and single management framework

Intelligent Traffic Steering

CGNAT and IPv6 Migration

ICSA Certified Network Firewall

Per-SubscriberPolicy Enforcement

TCP Optimization

Local DNS

DPI &URL Filtering








TCP Optimization

Local DNS

DPI &URL Filtering


Policy Name BronzePREC 10 CLASSIFIER RULE_10 POLICY ACTION RULE_10

PREC 20 CLASSIFIER RULE_20 POLICY ACTION RULE_20


Rule 1

Rule 2

Rule 3

Policy Name SilverPREC 10 CLASSIFIER RULE_10 POLICY ACTION RULE_10



Rule 1

Rule 2

Rule 3

Policy Enforcement Manager – Policy Definition

Policy Name GoldCLASSIFIER RULE_1 POLICY ACTION RULE_1

CLASSIFIER RULE_2 POLICY ACTION RULE_2

CLASSIFIER RULE_3 POLICY ACTION RULE_3

Rule 1

Rule 2

Rule 3

POLICY TYPE

• Global Policy

• Unknown Subscriber Policy

• Subscriber Policy

SUBSCRIBER TYPE

• Static subscriber

• Dynamic subscriber

• Radius

• DHCP

• Unknown IP SA

POLICY ASSIGNMENT

• Diameter Gx

• Predefined

• Dynamic (gate, QoS)

• Radius

• Custom

ANALYTICS & CHARGING

• Syslog

• IPFIX

• Radius

• Gy

• Gx Usage Monitoring


Classification & Policy Actions

APPLICATION CLASSIF.

• Application Category (eg. P2P)

• Application (eg. bittorrent)

• Some applications are using F5 signatures, other applications rely on third party DPI signature engine

URL CLASSIF. FLOW CLASSIF. CUSTOM CLASSIF.

• URL Category (eg. Gambling)

• URL database from third party

• Ability to create custom DB

• Used for HTTP and HTTPS (SNI check)

• DSCP

• Protocol (TCP/UDP)

• IP source address range & port

• IP destination address range & port

• Incoming VLAN

• irule / TCL script

• Examples

• Other fields in the traffic flow (ip header, http header, ... )

• Other fields stored in the PEM sessionDB for that subscriber (RAT-type, roaming, tower-id)

REPORTING

QUOTA MGMT

GATE (FWD)

HTTP REDIRECT

STEERING (NH)

SERVICE CHAIN

HTTP HDR ENR.

STEERING (ICAP)

QOS MARKING

BW CONTROL

CUSTOM / TCLPOLICY ACTIONS


Intelligent Traffic Steering – Optimize VAS Utilization

INTELLIGENT STEERING

PGW/BNG

Internet

VIPRION

RTR

Data Center

Video

Optimization

Transparent

Caching

Parental

Controls

WAP

Gateway

Context-aware & policy-driven steering & intelligent service chainingCONTEXT

SUBSCRIBERDEVICE-TYPERAT-TYPECONTENT (VIDEO, URI, ... )CONGESTION

PCRFDiameter Gx

Radius


Service Provider VAS

Parental ControlVideo Optimization

STEER TOVIDEO OPT

POOL

POOL 1 POOL 2

STEER TOPARENTAL CTRL POOL

ASSIGN FLOWTO SERVICE CHAIN

Internet

LBLB

UserHTTP

HTTP ICAP

HTTP

LOAD BALANCING

TRAFFIC STEERING

SERVICE CHAINING

SERVER HEALTH CHECKING

VAS BYPASS

ICAP

HEADER ENRICHMENT

PEM

Policy Controlled Service Chaining –Beyond SDN

Bandwidth and QoE management

Even if subscriber is entitled for more by

subscriber bandwidth policy his P2P traffic

gets reduced to configured value (512kbps)

Gold Subscriber (20 Mbps)

Silver Subscriber (10 Mbps)

Bronze Subscriber (5 Mbps)

PER-SUBSCRIBER BANDWIDTH CONTROL

PER-SUBSCRIBER PER APPLICATION BANDWIDTH CONTROL

PGW/GGSN VIPRION

PGW/GGSN VIPRION

Gold Subscr total (20 Mbps)

Gold Subscr p2p (512 kbps)

PCRF

OTT MONETIZATION & FLEXIBLE CHARGING

DPI inspection for OTT Identification & Monetization

PGW/GGSN VIPRION

Gold Subscr total (acct only)

OTT Service (acct + DSCP mark) PCRF

• Subscription models / bundles for OTT or specialized service

• Bundled into subscription for a lower fee

• OTT traffic excluded from volume bundle

• OTT traffic marked/tagged for differential treatment at radio layer

SPECIALIZEDSERVICE

(MNO BRAND)


URL Categorization for filtering & parental control

• URL Filtering

• Built-in Webroot DB (20M most popular sites)

• Custom DB

• SNI based URL categorization

• Categorizing SSL traffic (HTTPS)

Customer Benefit: Set categories based on regional preferences and categorization on HTTPS

PGW/GGSN

Internet

RTR

2. Integrated WebrootURL Filtering / Blacklist

1. Trying to access blocked URL

3. Access Denied


Content Injection for toolbar injection / ad insertion

• Insert javascript for branded toolbar

• Use it for Ad Insertion

• Subscriber policy to control frequency of insertion

• Policy selects insertion position

Insert-content

• Position <prepend/append>

• Tag-name <tag>

• Value-type <string/tcl-snippet>

• Value <abcd>

• Frequency <once/once-every/always>

BNG/BRAS Internet

2. Javascript insertion about quota max

1. Content being sent back to subscriber;

data maxed out

3. Subscriber realizes they have maxed out

data


PEM – Wide range of use casesPer-subscriber Application & URL

Bandwidth Control & Filtering

• TCP-friendly rate limiter

• Separate up/down rates

• Highly scalable solution

• TCP Optimization as a bonus

Subscriber Application Analytics

• Subscriber ID / Rate Plan

• Charging rules

• Application Usage Reporting

Intelligent Traffic Steering& Service Chaining to VAS

• Steer traffic based on subscriber profile to Value Added Services & Optimization Services

• Intelligent Service Chaining

Online Charging (Gy)

• Flexible rating group definitions based on applications and/or URI

• Redirect or block upon quota expiration

URL Filtering & Parental Control

• Government lists

• Per-subscriber parental control opt-in/opt-out service

• For HTTP & HTTPS

OTT Identification & Monetization

• Per-subscriber OTT application detection

• Per-OTT bandwidth, marking and charging rules

Header Enrichment & WAP offload

• HTTP HE for content-based charging

• WAP GW bypass/offload and replacement

Content Injection / Toolbars

• Java-script based content injection

• Targeted advertisements

Lightweight BRAS/BNG

• DHCP-based BNG model for wifi and wireline deployments

• Radius AAA client








TCP Optimization

Local DNS

DPI &URL Filtering


Optimized DNS Solutions for Service Providers• Faster DNS responses to provide for 4G/LTE subscriber growth

• Manage existing traffic to DNS server infrastructure with BIG-IP

• Enhanced performance through transparent caching, offloading DNS infrastructure

Authoritative

Infrastructure

• Reduce the DNS servers by offloading the DNS infrastructure

• High performance DNSSEC validation, offload DNSSEC computations and consolidate services

• Proactively manage DNS client traffic for greater availability and stability

• Enhance the subscriber experience by making intelligent DNS and GSLB decisions

• Enable high availability and performance for subscribers by managing UE/MME PDP sessions

• Intelligent GSLB with ENUM support for IMS / EPC interoperability and NAT64 delivery

• Provide reliable, fast access to online services for in network subscribers

• Highly scalable authoritative DNS name server

• Simplify deployment using existing DNS infrastructure to manage the zones

DNS Load Balancing

Transparent Cache

Caching Resolver

Local DNS


Denial of Service Attacks against DNS

“Cybercrime is a

persistent threat in

today’s world and,

despite best efforts, no

business is immune.”

Network Solutions

DNS is now the second most targeted protocol after HTTP.

DNS DoS techniques range from:

• Flooding requests to a given host

• Reflection attacks against DNS infrastructure

• Reflect / Amplification attacks

• DNS Cache Poisoning attempts

APPLICATION LAYER ATTACKS TRADITIONAL DDOS MITIGATION

86%

70%

37%31%

17%

9% 10%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

HTTP DNS HTTPS SMTP SIP/VoIP IRC Other

Of the customers that mitigate DDoSattacks, many choose a technique that inhibits the ability of DNS to do its job

• DNS is based on UDP

• DNS DDoS often uses spoofed sources

• Using an ACL block legitimate clients

• DNS attacks use massive volumes of source addresses, breaking many firewalls.

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%


DNS The F5 way

• Performance = Add DNS boxes

• Weak DoS/DDoS Protection

• Firewall is THE bottleneck

• Strong DoS/DDoS protection

• Consolidation

• Protects “Back-End” servers

CONVENTIONAL DNS THINKING

F5 DNS DELIVERY REIMAGINED

InternetExternal Firewall

DNS Load Balancing

Array of DNS Servers

Internal Firewall

Hidden Master DNS

Authoritative DNSCaching Resolver

Transparent Caching

DNS Firewall

DNS DDoS Protection

Protocol Validation

High Performance DNSSECDNSSEC Validation

Intelligent GSLB

F5 PARADIGM SHIFT

InternetMaster DNS Infrastructure

BIG-IP


Authoritative DNS: Scale with DNS Express

• High-speed response and DDoS protection with in-memory DNS

• Authoritative DNS serving out of RAM

• Configuration size for tens of millions of records

• Scale and Consolidate DNS Servers

Manage

DNS

Records

NIC

OSAdmin

Auth

Roles

Dynamic

DNS

DHCP

Answer

DNS

Query

Answer

DNS

Query

Answer

DNS

Query

Answer

DNS

Query

Answer

DNS

Query

DNS Express in BIG-IP GTM

DNS Server

Internet

Answer

DNS

Query

Answe

r

DNS

Query

Answe

r

DNS

Query

Answe

r

DNS

Query

Answe

r

DNS

Query

Answe

r

DNS

Query


The Business Case

• Need to decrease DNS latency and offload

DNS resolvers

• Implement transparent DNS caches close

to the subscriber

• Deliver DNS scale without impacting

service

DNS Resolver

Infrastructure

The F5 Advantage

• Scale DNS transparent caches as demand

increases. Offloads existing DNS

infrastructure

• Provides a simple upgrade path to a full

caching resolver

- Eliminate the need for centralized DNS

F5 DNS Services in Mobile Core F5 DNS Services in Mobile Core

BIG-IP Platform

BIG-IP Platform

Distributed DNS Transparent Caches

BIG-IP Platform

BIG-IP Platform

Distributed DNS Transparent Caches

LDNS : Scale with transparent cache


Competitive Analysis: DNS Cache PerformanceInfoblox Platform by Platform Comparison with F5

0

200000

400000

600000

800000

1000000

1200000

1400000

2000S InfobloxTrinzic1420




7200V InfobloxTrinzic4030 Platforms are grouped by like pricing

RP

S


The Business Case

• Need faster and scalable query response

• Desire lower CapEx and OpEx. No need for

additional DNS resolver farms

• BIG-IP delivers high performance, scalable

DNS Caching and Resolving on one

platform

The F5 Advantage

• Faster Web browsing and reduced DNS

latency

• Hardened appliance consolidates 10s or 100s

of servers

• Greater reliability through resiliency, HA

• Simplified management, lower cost of

ownership

• Consolidate and offload DNS for immediate

ROI

BIG-IP Platform

BIG-IP Platform

BIG-IP Platform

BIG-IP Platform

Distributed DNS Caching Resolvers

F5 DNS Services in Mobile Core F5 DNS Services in Mobile Core

Distributed DNS Caching Resolvers

LDNS : Scale and offload with caching resolver


Prevent malware and sites hosting malicious content from ever communicating with a client.

Internet activity starts with a DNS request. Inhibit the threat at the earliest opportunity.

Live updates

CA

CH

E

RE

SO

LVE

R

PR

OTO

CO

L

VA

LID

ATIO

N

IRU

LE

S

IPV

4/V

6

LIS

TE

NE

R

REPUTATION DATABASE

SPECIAL HANDLING

BIG-IP GTM

Client Protection with DNS RPZPrevent subscribers from reaching known bad domains

RPZ live feed


DNS IP and Name Reputation Choices

RESPONSE POLICY ZONES

URL FILTERING

IP INTELLIGENCE

Screens a DNS request against domains with a bad reputation.

Intercept a DNS request in iRules. Categorize & make a decision.

Intercept a DNS response in iRules. Categorize & make a decision.

INHIBITS THREATS BY FQDN

INHIBITS THREATS BY IP

INHIBITS THREATS BY FQDN

POLICY CONTROL BY FQDN

Ingress DNS path

Any IP Protocol with iRules

HTTP, HTTPS and DNS with iRules


SP Layered Client Protection

QUERY: WWW.DOMAIN.COM

DNS iRules (Request / Response)

CA

CH

E

RE

SO

LVE

R

iControl iQuery

Subscriber Policy

RP

Z

IP Intelligence

URL Filtering

EGRESS DNS PATH

INGRESS DNS PATH

• Response Policy Zones (RPZ) filters out and provides NXDOMAIN / Redirect for know bad domains.

• URL Filtering further provides granular policy controls using categories.

• IP Intelligence blocks based on the resolved IP.

• It can also be used in the data path for other protocols.

RPZ Feed IPI Feed URL Feed

iRule

DNS Request Path

DNS Response Path


DNS Tunneling: Prevent it with iRules

Clie

nt

A

Clie

nt

B

Clie

nt

C

Clie

nt

D

Clie

nt

E

Clie

nt

F

DropThreshold

Classify the traffic:

Determine the SLA for RPS and allowed response size.

When a client sends in a query:

Is the query for a blocked domain? (A tunnel host)

Is the query rate above allowed rate? Increment score.

Client previously above allowed rate? Increment score.

Resolve request and analyze response.

- Factor in the response size to the score.

Take an action:

Is the client above the score threshold?

- Drop the request

- Suspend DNS service for a period.

SuspendThreshold

RESPONSE SIZE SCORING

QUERY RATE SCORING








TCP Optimization

Local DNS

DPI &URL Filtering


Пересечение технологий

NAT44

NAT64

DS-Lite

Ускорение WEB

SSL и IPsec VPN

Масштабирование и

безопасность DNSIP QoS

IP пиринг

(обработка на базе сессий)

Балансировка

Traffic steering

Безопасность L4-L7

L2 VPN

L3 VPN

Управление

абонентами

F5 BIG-IPМаршрутизатор(пакетная обработка)

32 © F5 Networks, Inc.


NAT4(6)4

Carrier Grade NAT (44, 64)

Публичное адресное

пространство IPv4 / IPv6

Частное адресное

пространство

VIPRIONPGW/GGSN

RTR Internet

NAT4(6)4

• Динамический NAPT, Deterministic NAPT, Port Block Allocation

• Расширенные возможности ALG, hairpinning, поддержка EIF/EIM

• Беспрецедентное масштабирование и производительность (Gbps, cps, max conns)

• Высокопроизводительное логирование в любом требуемом формате (syslog, Netflow); возможно изменение формата полей, например добавление Radius ID, http Url и т.п.


Вопрос 1: Какое максимальное количество пакетов в секунду может быть в 1 Gbps канале?

Ответ:

~1.488.096 пакетов в секунду в гигабитном канале


Вопрос 1: Какое максимальное количество пакетов в секунду может быть в 1 Gbps канале?

[1,000,000,000 b/s / (84 B * 8 b/B)] == 1,488,096 f/s (maximum rate)

Frame Part Minimum Frame

Size

Inter Frame Gap (9.6 ms) 12 bytes

MAC Preamble (+ SFD) 8 bytes

MAC Destination Address 6 bytes

MAC Source Address 6 bytes

MAC Type (or length) 2 bytes

Payload (Network PDU) 46 bytes

Check Sequence (CRC) 4 bytes

Total Frame Physical Size 84 bytes


Вопрос 2: Какое максимальное значение CPS может быть достигнуто для 1Gbps канала?

Ответ:

~1.488.096 Соединений в секунду

Потому что каждый пакет может инициировать соединение (SYN, первый UDP пакет в сессии)


Вопрос 3: Сколько CPS может обработать межсетевой экран F5 Networks?

Connections per second

0

2

4

6

8M

illi

on

s

Juniper

(SRX 5800)

Cisco

(ASA 5585-X)

Check Point

(61000)

350k400k600k

21x

F5

(VIPRION 4800)

8M








TCP Optimization

Local DNS

DPI &URL Filtering


Mobile Has Unique Challenges

Why is the web so slow on my mobile device?

Mobile Device

• TCP stacks are different

on different mobile OS

• JavaScript parsing and

execution is relatively

slow on mobile devices

Mobile Network

• Higher packet loss rate

• High network latency:

300ms via 3G vs <50ms

on LTE

• Connections are made

ad-hoc and frequently

dropped to preserve

spectrum and battery

life

Internet

• Low packet loss

rate

• Low latency (except

for intercontinental

traffic)

Application

• Different TCP stacks

being used on

servers, some of

which are not optimal

for mobile networks


Content Optimization – A Changing Environment

SSL / SPDY INCREASE

• In many countries, SSL traffic (HTTPS and SPDY) on mobile networks is currently reaching around 50% of total Internet traffic

• Top web sites such as Google, Facebook, and Twitter use SPDY

• HTTP 2.0 being standardized in IETF with browsers requiring TLS encryption when setting up HTTP 2.0 connections

RISE OF ADAPTIVE BIT RATE VIDEO STREAMING

• Top video sites such as YouTube, Netflix, Hulu, and BBC iPlayer have all embraced ABR video technology

• Video is encoded at different bit rates, client dynamically chooses or changes appropriate bit rate based on network conditions

http://dashif.org/

http://dashif.org/


• TCP is a connection-oriented protocol

• Client and server must establish a connection before any data can be transfered

• TCP provides reliability

• Knows that data it sends is correctly received by the other end

• Acknowledgements confirm delivery of data received by TCP receiver

• Ack for data sent only after data has reached receiver

• TCP implements flow control and congestion control

• Sender can not overwhelm a receiver with data

• Sender will "back off" when under congestion

TCP Protocol Review


Impact of Latency – Web Page Load Times

Source: Ilya Grigorik, Google


• TCP designed to probe the network to figure out available capacity

• TCP slow start is a feature, not a bug

Impact of Packet Loss – Throughput Degradation

Avg HTTP response

size 16 kB (3 round trips)

In mobile networks packet loss does not necessarily

imply congestion

Source: Ilya Grigorik, Google


TCP Optimization with F5

Minimal Buffer

Bloat

Flow FairnessHigh Goodput

VIPRION

Origin

Server

INTERNET

PGW/GGSN

RTR

2G/3G

LTE

Mobile

Client

TCPEXPRESSCell-optimized TCP stack WAN-optimized TCP stack


• Loss-based algorithms

• Reno, New Reno, High-Speed, Scalable, BIC, CUBIC

• Delay-based algorithms

• Vegas

• Bandwidth-estimating algorithms

• Westwood, Westwood+

• Hybrid delay/loss algorithms

• Illinois, Woodside (F5)

TCP Congestion Control Algorithms

RENO CUBIC

ILLINOIS

http://www.google.be/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=SiIW5yOD23ylOM&tbnid=DO0pjgQ88VbRCM:&ved=0CAUQjRw&url=http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux/&ei=sa-RU5eQLIWzywOi14LgCg&bvm=bv.68445247,d.bGQ&psig=AFQjCNGfEKfk7ROxLsjQt2pirEfETB3fjw&ust=1402142992039787

http://www.google.be/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=SiIW5yOD23ylOM&tbnid=DO0pjgQ88VbRCM:&ved=0CAUQjRw&url=http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux/&ei=sa-RU5eQLIWzywOi14LgCg&bvm=bv.68445247,d.bGQ&psig=AFQjCNGfEKfk7ROxLsjQt2pirEfETB3fjw&ust=1402142992039787

http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux/cwnd_shape/cwnd.cubic.png

http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux/cwnd_shape/cwnd.cubic.png

http://www.google.be/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=SiIW5yOD23ylOM&tbnid=qhTnYdUlGU-AHM:&ved=0CAUQjRw&url=http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux/&ei=Y6-RU96jPKbMygPFpIA4&bvm=bv.68445247,d.bGQ&psig=AFQjCNGbXv6lH0UhFGcX9w8eeueAEcZd6A&ust=1402142584671067

http://www.google.be/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=SiIW5yOD23ylOM&tbnid=qhTnYdUlGU-AHM:&ved=0CAUQjRw&url=http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux/&ei=Y6-RU96jPKbMygPFpIA4&bvm=bv.68445247,d.bGQ&psig=AFQjCNGbXv6lH0UhFGcX9w8eeueAEcZd6A&ust=1402142584671067


TCP Congestion Control Algorithms in 3G and LTE

TCP Woodside

• F5 created algorithm.

• Hybrid loss and latency based algorithm.

• Minimizes buffer bloat by constantly monitoring network buffering.

TCP Vegas• Emphasizes packet delay rather than packet loss

• Detects congestion based on increasing RTT values of packets.

TCP Illinois

• Targeted at high speed long distance networks

• Loss-delay based algorithm.

• Primary congestion of packet loss determines direction of window size change.

• Secondary congestion of queuing delay determines the pace of window size changes.

H-TCP• Targeted for high speed networks with high latency.

• Loss-based algorithm.


• Mobile networks have a large BDP

• Tune your TCP buffers accordingly

• Mobile networks can exhibit random packet loss

• Choose a TCP congestion control algorithm/technique that takes this into account (don’t get into slow start upon random packet loss)

• Mobile networks can suffer from buffer bloat issues

• Choose a TCP congestion control algorithm that does not rely solely on packet loss

• Enable TCP rate shaping to ensure ‘smoother’ delivery packets (less strain on buffers)

• Mobile networks have relatively high latency

• Tune your settings to increase performance and web page load times (window size, initial congestion window, ... )

• Real life mobile performance is very ‘variable’ – room for market

TCP tuning for mobile networks


Reducing Web Page Load Times with F5 TCP ExpressReal life test results – MNO in APAC

Business center

ShoppingMall

ResidentialArea

Business center

ShoppingMall

ResidentialArea

Business center

ShoppingMall

ResidentialArea

Business center

ShoppingMall

ResidentialArea

Case 1 – 100 * 64KB images Case 2 – 1 * 10MB image

Case 3 – Regular website 1 Case 4 – Regular website 2

Optimized (sec)

As-is (sec)

Improvement (%)


Large download: HTTP page with large images (throughput test)Small download: HTTP page with small objects (web browsing test)

HTTP Performance Tests – Radio Strength VariancesReal life test results – MNO in EMEA

0%

20%

40%

60%

80%

100%

120%

140%

160%

180%

200%

Poor coverage Good coverage

HTTP large download

HTTP small download

0%

5%

10%

15%

20%

25%

30%

35%

40%

Poor coverage Good coverage

HTTP large download

HTTP small download

3G 4G

TCP OPTIMIZATION BENEFITS INCREASE UNDER POOR RADIO COVERAGE

20% 28%38% 33%22% 14%196% 95%


TCP Optimization – Summary

Increases “goodput” on radio network and keeps latency under control

Works for > 90% of all Internet traffic regardless of encryption or

encoding

Lengthens life span of radio infrastructure and enhances user

experience

Deployed inline on Gi LAN, optionally consolidated with other L4-7

functions


To stay in touch please join our LinkedIn Group!

f5 solutions for service providers

Technology

confidential bigip

l4l7 network functions

l7 rps5

l7 rpsup

delivery of l4

l4l7 consolidation f5

new network

title case f5 solutions