Gigamon Service Provider Solutions · Supports Open vSwitch with DPDK acceleration Mirrored traffic may be delivered to GigaVUE V Series Enables traffic aggregation and processing

James Tai

Sales Engineer, APJ

ETDA Open Forum

Gigamon Service Provider Solutions

Confidential and Proprietary. © 2018 Gigamon. All rights reserved. Discussed under NDA 2

Trusted by the World’s Leading OrganizationsGigamon Customers

of the top ten

Global Banks7

of the top ten

Healthcare Providers8

of the top ten

U.S. Federal Agencies10

of the top ten largest

Tech Companies8

of the

Fortune 10083

of the top ten

Mobile Phone Network Operators

8

Customer data from April 2018. List sources available upon request.

© 2018 Gigamon. All rights reserved. 3

Service Providers Customers Today

* Partial customer logo available.

144 customers in global telecom carrier. +10 customers in Japan telecom carrier.


Security

Intelligence

Visibility Nodes

Physical, Virtual, and Cloud Infrastructure

Management and

Orchestration

Gigamon Product Portfolio

GigaVUE-FM

▸ Flow Mapping® ▸ Clustering▸ Inline Bypass

▸ GigaVUE H SeriesIntelligent Visibility

Virtual

▸ GigaVUE TA SeriesTap Aggregators

▸ G-TAPTaps

GigaVUE-OS

▸ GigaStream®

Physical

▸ GigaVUE-VMTap Aggregator

Cloud

▸ GigaVUE V SeriesIntelligent Visibility

▸ G-vTAPVirtual Taps

Core Intelligence

InsightData Store

▸ Detect

▸ Investigate

GigaSMART® Application Intelligence

► Application Visualization

► Application Filter Intelligence

► Application Metadata Intelligence

Subscriber Intelligence

▸ GTP Correlation

▸ FlowVUE® Flow Sampling

▸ SIP/RTP Correlation

▸ 5G/CUPS Correlation

Traffic Intelligence

▸ De-duplication

▸ Slicing

▸ Masking

▸ SSL/TLS Decryption

▸ NetFlow Generation

▸ Advanced Load Balancing

▸ Tunneling

▸ Adaptive Packet Filtering

▸ Header Stripping

API IQL


GTP Correlation Challenges

Billings

Monitor

4G

3G

TAP / Aggregators

Customer

Experience

Management

(CEM)

Application

Performance

Sub A

Sub B

Sub C

Sub n

Sub D

SUBSCRIBER-AWARE FORWARDING

• Basic TAP and aggregators cannot

correlate subscriber traffic sessions

from LTE and 3G networks

• No subscriber-aware filtering,

forwarding, and replication for one

or multiple billing/monitoring tools

• Result: Uncorrelated control and

data packets. Packet fragmentation

of subscriber traffic


Flow Mapping®

GTP Correlation

SUBSCRIBER-AWARE FORWARDING

Customer

Experience

Management

(CEM)

Billings

Monitor

Application

Performance

Sub A

Sub C

Sub D

4G

3G

Sub A

Sub B

Sub C

Sub n

Sub DGTP Correlation


SIP/RTP Correlation and Load Balancing

Customer

Experience

Management

(CEM)

Network

Performance

Management

(NPM)

SIP/RTP Correlation

Ta

p 1

EPC

Ta

p 2

IMS

Ta

p 3 SIP

PEERING

SIP

RTP

Sub A

Sub B

Sub C


EPC/IMS Correlation of VoLTE

Tools

Application Performance

Management

Network Performance

Management

Customer Experience

Management


SIP/RTP Correlation across non-IMS network

SIP and RTP packets belonging to the same session are tapped across various

SIP and RTP interfaces and correlated before being filtered and forwarded to

tools.

SIP/RTP 5.3 Release

USE CASE 1


Direct jump from 4G to 5G network is unlikely

Many deployment options available to service providers

Industry is converging on subset of deployment options (options 3, and 2)

SA – Standalone (EPC core is 5G)

NSA – Non Standalone (EPC core is LTE)

The Journey From 4G To 5GWhat is changing?

Ref: blog.3g4g.co.uk



How does GTP Subscriber Awareness Work – 3G/LTE (Non-CUPS)3G/LTE (Non CUPS)


How does GTP Subscriber Awareness Work – LTE CUPS3G/LTE-CUPS


LTE / CUPS

IMSI – International Mobile Subscriber ID (SIM Card)

IMEI – International Mobile Equipment ID (Device)

MSISDN – Mobile Station International Subscriber

Directory Number (Phone number)

APN – Access Point Name

QCI – QoS Class ID

User Plane Interface (S1U, S11U, S2b, S5/S8,

Gn/Gp)

5G

SUPI – Subscription Permanent Identifier

PEI – Permanent Equipment Identifier

DNN – Data Network Name

5QI – 5G QoS Identifier

User Plane Interface (N3, N9)

New 5G Subscriber Aware Configuration Attributes


How does GTP Subscriber Awareness Work – 5G


Subscriber Aware Visibility EvolutionHow we do it better - distributed real-time visibility

Monolithic

Subscriber Awareness

Control Plane Node

Disaggregated & Distributed


User Plane Node

Control Plane Node

User Plane Node User Plane Node

OpenStack Cloud

Control Plane Node

LTE to

LTE CUPS

Transition

Transition

to 5G

Hybrid or Virtualized


CPN to UPN communication interface


Initially applied in virtualization of EPC and IMS network functions

Control plane functions, such as MME, HSS, DNS, and PCRF

User plane functions, such as SBC

NFV is now the preferred deployment technique for 5G network functions

The 5G architecture is defined with NFV and SDN in mind

Virtual and physical network functions will co-exist

Growing Network Function Virtualization Adoption


Modular & Flexible, Multi-Functional GigaVUE® HC Series Visibility Node

GigaVUE-HC3 Physical Chassis

Extension BoardUSB Port Four modular bays for front ports, GigaSMART®, etc.

Front to back airflow Front to back airflow

Rear fan tray

(blowing out)

Redundant,

load-sharing

power supplies

FRONT

REAR


Data Optimization with GigaVUE V SeriesReduce visibility overhead by optimizing traffic distribution to tools

Feature Highlights Benefits

Flow MappingGranularly filter, replicate and forward traffic to specific monitoring tools

Packet slicingReduce bandwidth consumption by truncating packets to only what is needed for analysis

De-duplicationOptimize bandwidth and monitoring resource consumption, by eliminating redundant packets

GTP Correlation*Enable horizontal scaling of monitoring solution and improve monitoring tool utilization with subscriber-aware traffic distribution

CUPS Correlation*Enable monitoring of distributed control and user plane functions with CUPS support

Service Chained Visibility Functions

De-dup*Slicing NetFlow FlowVUE*Flow Mapping® Sampling Load

Balancing*

…CUPS

CUPS

Correlation*

NFV Infrastructure (NFVI)

Visibility as

VNF

* Roadmap

Visibility layer

Virtualization Layer

Hardware Resources


Network Functions Virtualization (NFV) Visibility SolutionOpenStack

Mobile network elements Service assurance tools

Horizon

Nova

Glance



Hardware Resources

Virtual

Network

Functions

VNF

Virtual

ToolsTool Tool Tool

3rd

party tunnel

OVS mirror

Virtual Network

VNF VNF



Hardware Resources

Data access layer

GigaVUE-FMService Chained Visibility Functions

De-dup*Slicing NetFlow FlowVUE*Flow Mapping® Sampling Load

Balancing*

…CUPS

CUPS

Correlation*


Visibility as

Virtual Network

Functions

* Roadmap

Visibility layer


Hardware Resources

Data optimization layer


Virtual networking options: Standard OVS, OVS with DPDK, SR-IOV

Ref: https://www.youtube.com/watch?v=AULt3BuwMnY


Different traffic acquisition options for different virtual environments

Capture East-West and North-South traffic among VNFs to eliminate blind spots

Pre-filtering to minimize bandwidth consumption

L2GRE, VxLAN tunneling for standardized traffic delivery to third party probes

Traffic Acquisition with GigaVUE G-vTAP

* Roadmap

Mobile network elements



Hardware Resources

Virtual

Network

Functions

VNF

Virtual Network

VNF VNF

G-vTAP Version DPDK CompatibleSR-IOV Compatible

VNF-based mirroring - ✓

OVS/OVS-with-DPDK mirroring* ✓ -

Container-based mirroring* - -

SR-IOV mirroring* - ✓

Service Function Chaining* ✓ -


G-vTAP traffic access

VNF-Based Mirroring

Traffic

Policies

Horizon Tenant

Nova

Glance

Any vSwitch

KVMKVM

Any vSwitch

Tunnel

GigaVUE-FM

APM

NPM

Security

CEM

Tunnel

VNF VNFVNF VNF


OpenStack

GigaVUE-FM orchestrates solution on OpenStack

G-vTAP service deployment

GigaVUE-FM manages G-vTAP container policies

OVS mirroring configuration

Supports Open vSwitch with

DPDK acceleration

Mirrored traffic may be delivered to GigaVUE V Series

Enables traffic aggregation and

processing

Tunneling directly to virtual or

physical tools

Tunneling to Visibility Fabric

Open vSwitch Mirroring

Horizon

Nova

Glance

GigaVUE-FM

KVM

Open vSwitch

VNF VNF VNF VNF

Probe 1

Probe 2

Probe n

Tunnel

Tunnel

Mirrored Traffic

KVM

Open vSwitch


Kubernetes

GigaVUE-FM orchestrates solution via Kubernetes master

G-vTAP Container deployment

Container network mirroring

GigaVUE-FM manages G-vTAPcontainer policies

G-vTAP container receives mirrored traffic from container network

Supports Flannel and Calico container networking

G-vTAP tunnels captured traffic to destination

Directly to physical probe

Directly to virtual probe (not shown)

Via Visibility Fabric to physical or virtual tool

Container-Based Mirroring

GigaVUE-FM

Container

Probe 1

Probe 2

Probe n

Tunnel

Tunnel

Container G-vTAP

Container

Flannel Flannel

Container Container G-vTAP

Container

Kubernetes Master (VM-a)

Kubernetes Worker (VM-b) Kubernetes Worker (VM-c)


High-level concept

GigaVUE-FM orchestrates solution via OpenStack

G-vTAP VM deployment

G-vTAP service deployment

GigaVUE-FM manages G-vTAP policiesSR-IOV mirroring

G-vTAP VM policies

G-vTAP VM receives mirrored traffic from NIC

Traffic mirrored from target SR-IOV virtual ports to G-vTAP SR-IOV virtual port

G-vTAP VM tunnels captured traffic to destination

Directly to physical probe

Directly to virtual probe

Via Visibility Fabric to physical or virtual tool

SR-IOV Mirroring

Horizon

Nova

Glance

GigaVUE-FM

KVM

Open vSwitch

VNF VNFG-vTAP

VM

Probe 1

Probe 2

Probe n

Tunnel

Tunnel

SR-IOV NIC

vP1 vP2 vPn…


A Common Architecture for Public and Private CloudsElastic scale in a cloud-native architecture

Analytics

Tools

Applications VPC

Virtual

apps

Amazon CloudWatch

Visibility tier Visibility tier

Azure API

AWS Direct Connect

(for hybrid connectivity)

Azure

ExpressRoute

Applications VNet

Tools

Security

Tools

Perf Mgmt

Tools

Amazon Azure

Visibility tier

Tenant Networks

OpenStack Cloud

Tools

Virtual

apps

Virtual

apps

MME SGW

Virtual Network Functions

PGW

MME SGW


PGW

MME SGW


PGW

Horizon

Nova

Glance

To other physical / virtual

elements in Gigamon Platform

GigaVUE-FM Fabric Manager

Tools

Visibility tier

Virtualized workloads

VMware Cloud*

Tools

Virtual

apps

MME SGW


PGW

MME SGW


PGW

MME SGW


PGW

To other physical / virtual

elements in Gigamon Platform

* Future


Application Intelligence for GTP Session Traffic


Documents

Gigamon Service Provider Solutions · Supports Open vSwitch with DPDK acceleration Mirrored traffic may be delivered to GigaVUE V Series Enables traffic aggregation and processing