NSN - Flexi_ISN

Nokia Siemens Networks Flexi Intelligent Service Node

Mastering mass marketmobile access to the Internet

2007 Nokia Siemens Networks Flexi Intelligent Service Node

2

Enabling mass marketmobile access to the Internet

monthly cost. With Nokia Siemens Networks Flexi ISN bandwidth management and subscription awareness capabilities and Nokia Siemens Networks’ charge@once online charging system, innovative tariff scenarios can be implemented easily.

The challenge of peer-to-peer applicationsInternet based peer-to-peer applications are increasing in popularity. The most popular applications are used for fi le sharing and communication purposes. File sharing users are threatening to overload the operator network. Operators who have introduced unlimited fl at fee Internet access have already seen a small number of subscribers using a major share of the network capacity for fi le sharing.

With Flexi ISN peer-to-peer traffi c tracking and control capabilities, the operator can limit the bandwidth consumed by greedy applications to ensure fairer sharing of network resources.

Treating Internet-based applications according to preferred business modelsInternet-based applications can be turned from a threat to an opportunity. This can be done with appropriate treatment of different services and applications in the operator network. Operators must protect radio network resources according to their internal policies. This is to ensure fair sharing of resources, both for individual subscribers and on a service type level. The mobile operator business opportunity is to charge premium rates for prioritized treatment of high value traffi c.

Flexi ISN allows the identifi cation of both traditional services and applications and proprietary peer-to-peer protocols. Service and application usage information can be combined with subscriber identity information.

There is only one InternetWhen mobile data services were introduced, many mobile operators relied on the so called ‘walled garden’ approach, aiming at developing closed service and content portals. Mobile specifi c portals, originally referred to as “mobile Internet” were the only viable alternative for early GPRS networks and terminals which lacked capacity and graphical capabilities.

Now, the wide availability of high speed mobile access networks, multimedia capable mobile terminals and laptop data cards allows subscribers to use Internet based services and applications. Access to the Internet has become a basic requirement for any mobile operator’s offering.

Mobile operator business opportunity in providing Internet accessMobile operators’ main asset is their mobile networks’ wide geographical coverage, which allows for Internet access from anywhere. The operator’s business opportunity is to charge extra for this premium access method. Subscribers are willing to pay for hassle-free Internet access when they are on the move. With SIM based authentication, the operator is able to provide direct access to the services without registrations, PIN codes or passwords. In emerging markets, mobile networks are widely seen as the primary solution to provide access to the Internet.

The trend is towards fl at fee tariffsThe trend is strongly towards fl at fee tariffs, due to the competitive situation in many markets. Flat fee tariffs are also unbeatable in simplicity and easy to use for the subscribers. However, fl atfee charging in mobile networks requires subscriber and service related control capabilities in order to make a long-term profi table business.

Fixed broadband type subscriptions have already been introduced into mobile operator subscription portfolios. Typically, these are scenarios where maximum access speed is offered in alternative steps and/or the monthly data consumption is limited to a certain maximum amount at a fi xed

3

Seriously scalable deep packet inspection system

Flexi ISN identifi es the originating and terminating addresses of IP packets on layer 3. The following application protocols are identifi ed (application identifi cation on layer 7):

• HTTP 1.x, WAP 1.x/2.0, mobile• MMS over WAP1.x/WAP 2.0, MMS sender and receiver• Streaming (Real Time Streaming Protocol)• Push to Talk Over Cellular• E-mail sending for SMTP• File Transfer Protocol (FTP)• i-Mode and video sharing

The power of a centralized approach Flexi ISN integrates service awareness with standard 3GPP GGSN functionality. This allows the operator to implement a centralized network based control point for managing and charging for IP based services. Flexi ISN interfaces the charging and subscription management systems, giving minimal integration work when new services are introduced into the network.In a decentralized approach, each service needs to be separately integrated to the charging and subscription management systems, whereas in the centralized approach these are already integrated with Flexi ISN.

Traditional Service Awarenessfor open protocolsThe concept of service awareness was introduced in the Intelligent Service Node in 2003 to track protocols and applications. Analyses of application protocols are based on IP packet analysis performed on OSI layers 3 to 7.

Flexi ISN offers a centralized control point for data services


4

variable or well-known non-P2P protocol port numbers (HTTP, FTP, etc.) to deliberately avoid port-based identifi cation and to enable fi rewall traversal. The method cannot automatically adapt to protocol changes or the introduction of new protocols.

Network/transport layer heuristics:This approach typically uses a set of network/transport layer patterns (e.g. simultaneous use of TCP and UDP between peers, packet size distribution, etc). To optimize the processing load, heuristic algorithms typically apply stepwise protocol identifi cation. If the protocol is not identifi ed with fi rst-step analysis, the algorithm passes the examined packets to the network and waits until the next time the clients communicate. This type of approach typically has a good performance and can also be used to detect traffi c associated with unknown P2P protocols. The drawback is that P2P protocols can be built such that they are not detected with this method.

Most of the P2P protocols are detected by using the application signature or pattern matching method. The heuristic method is used to detect e.g. encrypted protocols like Skype.

Many ways to detect P2P traffi cTraditional deep-packet inspection with protocol analysis is not enough to track P2P applications. In general, there are three basic approaches to P2P traffi c detection applied in Flexi ISN:

Application signatures detection method:In this approach, protocol-specifi c patterns inside the packet payloads are searched. When this approach is applicable, it in principle provides 100 percent protocol detection accuracy.The drawbacks are that new emerging protocols or updated existing protocols cannot be detected automatically, requiring the pattern to be updated to the detection engine. Application level pattern search in each transport packet generates signifi cant processing load for the analyzer and some P2P protocols encrypt their payloads, which makes the analysis more diffi cult.

Transport layer port identifi cation method:Here the transport layer ports used in the examined traffi c fl ows are compared against the known P2P application ports. This approach can also work with encrypted protocols and is very effi cient from a performance point of view. However, today almost all P2P protocols use

Service bandwidth management protects operator network against greedy applications misusing the network capacity

Bandwidth management with 3GPP QoS

Bandwidthmanagementtools

Flat fee charging models favor P2P service usage

Differentiating charging for different services and applications

Charging policy

Analyzing also proprietary and secret protocols; heuristic methods

Analyzing standardized protocols; header information

Means of flow identification

Internet based services and applications

Operator own and operator partner provided services

Target services

Peer-to-peer traffic awareness

Traditional Service Awareness

Extending traditional service awareness to peer-to-peer applications

Tracking Internet based peer-to-peer traffi c

5

Flexi ISN implements single Access Point

Seriously scalable Service AwarenessFlexi ISN Service Awareness is based on deep packet inspection capabilities. Using such analysis, Flexi ISN can identify both IP traffi c fl ows and applications. All traffi c processing is performed on a single Service Blade per user session. This means that the traffi c analysis has a minimal effect on throughput, with reliable operation achieved by minimizing inter-blade communication.

The Service Switching engine in Flexi ISN determines the connection used towards packet data networks, taking network hierarchy and the needs of service providers into account. With service switching, the operator’s business logic dictates the treatment of each IP packet.

Single Access PointMany operators have discovered that a signifi cant percentage of attempts to access data services can fail, the majority of them being down to misconfi gured Access Points in the user terminal. When Flexi ISN is deployed in the network, the subscriber terminal can have single access point settings. The subscription profi le defi nes which services and associated access points are to be activated for use when the user initiates a PDP context.

For the operator single APN means simpler service confi guration. When introducing new services, new service confi gurations can be created under the existing single APN.

Powerful Service Awareness


6

Subscriber profi lingFlexi ISN is capable of downloading subscriber profi les from an external subscriber database. The user profi les can be fetched using a LDAP or RADIUS interface upon PDP context creation. Dynamic user profi le updates are also supported. With subscription profi ling support, the operator is able to provide differentiated service bundles for different subscriber groups. Combined withservice, access and location awareness capabilities, the operator can differentiate the set of services available for different subscriber groups. An example is allowing peer-to-peer fi le sharing and Voice over IP services usage for specifi c subscriptions only.

Access, location and roaming awarenessAccess type awareness allows the Flexi ISN to control service and application usage based on the access type. The supported access types are UTRAN, GERAN, and 3GPP WLAN.

Location Awareness functionality allows the services to be accessible only in defi ned area(s) of the network. As an example, the operator can allow P2P fi le sharing services only at the subscriber’s home location and nowhere else.

Applied parameters are:

• Mobile country code (MCC)• Mobile network code (MNC) • Location area code (LAC)• Cell identity (CI) (for 2G network)• Service area code (for 3G network)

Flexi ISN roaming awareness allows the control of service usage according to the subscriber’s roaming status. An example is restricting service awareness for outbound or inbound roamers. P2P fi le sharing services can, for example be allowed only for local subscribers in their home network. Deployment optionsFlexi ISN can be deployed as a service aware GGSN implementing standard GGSN functionality and service awareness in a single element. The other option is to introduce service awareness behind an existing third party legacy GGSN. In this option, the Flexi ISN acts as a traffi c analyzer. The benefi t is quick introduction of service awareness. Later on, the same Flexi ISN can be deployed to replace the existing legacy GGSN.

As a service-aware GGSN

As a traffic analyzerbehind a legacy GGSN

Gn

Gn

Service networksand the Internet

Gi OperatorIP network

GiGiGGSN

SGSN

SGSN

Existing PaCois untouched

ISN

ISNOperator

IP network

Deployment options: service aware GGSN or a traffi c analyzer behind an existing GGSN

Alias Access Point NameOperator challenge: Access Point Names (APNs) are used as reference points for subscribers to connect to the service networks. In order for the connection request to succeed, the correct APN settings must be confi gured in the terminal. Network evolution, however, requires the operator to make changes to the Access Point confi guration. The changes should be refl ected in subscriber terminals, as terminal misconfi guration prevents service usage.

Nokia Siemens Networks solution: Flexi ISN implements an Alias APN feature that allows mapping of the requested APN to a correct access point in the Flexi ISN. Alias APN is an important enabler for an operator’s single APN service access strategy.

Operator benefi t: Operator is able to make service architecture changes without a visible effect for end users. Higher service success rate results in an improved ens-user experience, driving usage and preventing customer care load.

7

A full set of traffi c management functionalities integrated with 3GPP GGSN

Service bandwidth managementFlexi ISN allows the operator to manage the capacity allocation on a service level. The maximum bandwidth available for identifi ed services and applications can be limited to a confi gurable value, both on an aggregate traffi c level and on an individual subscriber’s level. This functionality has been developed to ensure fair sharing of network resources between subscribers and services.

Combining P2P traffi c detection capabilities With the subscription, access and location awareness capabilities that Flexi ISN offers, it is capable of providing multi-dimensional bandwidth management:

Subscription:Fixed broadband type charging models can also be applied in mobile networks. The operator can provide subscriptions where the maximum access rate is limited to a certain value. This allows differentiated offerings for subscriber segmentation. P2P service usage can also be included or excluded in a subscription on a service level.

Access and location:Bandwidth and service usage can be controlled according to the access network type and subscriber location. An example of access network type based control is to limit the capacity for fi le sharing services in a cellular network but allow unlimited use in a WLAN network. Location Awareness functionality allows the services to be accessible only in defi ned area(s) of the network or controlling capacity usage according to subscriber location. An example is the operator allowing the use of P2P fi le sharing services only in the subscriber’s home location.

Application:On the application level Flexi ISN P2P traffi c detection capabilities allow the operator to differentiate the treatment of different P2P applications. Bandwidth limits can be set and application usage can be blocked even though the P2P service would be using the same PDP context as some unlimited service, e.g. browsing.

Time of day:Flexi ISN allows traffi c policing rules to be confi gured according to the time of day or day of week. A P2P fi le sharing traffi c profi le is typically symmetrical. As subscribers are downloading the fi les as background activity, there is no variation in the traffi c load according to the time of day or day of week. By contrast, normal data traffi c has heavy variations.

Multi-dimensional bandwidth management


8

QoS and Service Aware QoSFlexi ISN supports all 3GPP traffi c classes: Conversational, Streaming, Interactive 1,2,3 and background to provide a high end-user experience of service quality with optimal network dimensioning.

Service based QoS functionality allows the Flexi ISN to update the PDP context QoS level automatically during an active session. This is implemented to ensure optimal use of network resources and that the user experiences high service quality. Examples are forcing appropriate QoS parameter values for non-QoS aware terminals and protecting network resources against intentionally misbehaving terminals.

Introducing HSPA for high speed mobile accessOperators need to introduce high speed mobile access technologies in order to provide mass market mobile access to Internet resources and to serve business users accessing company intranets.

Flexi ISN supports High Speed Packet Access (HSPA) with Extended 16 Byte QoS (3GPP Rel-5) profi le offering that allows support of HSDPA bit rates up to 16 Mbit/s in the downlink direction and HSUPA bit rates up to 8 Mbit/s in the uplink direction.

LTE ready packet core architectureOur Intelligent Packet Core offers best in the market CAPEX and OPEX effi ciency by supporting all major cellular access types - 2G GPRS EDGE, 3G GPRS HSPA, I-HSPA - and operator business models in a single platform.

The 3GPP Long Term Evolution (LTE) program aims at improving effi ciency and lowering costs of providing mobile high speed access. The Nokia Siemens Networks SGSN is already aligned with LTE architecture with the Direct Tunnel solution that allows high volume user plane data to bypass the SGSN. High speed mobile access networks have an essential role in making mass market mobile access to Internet resources a reality.

Different traffi c management tools are applied in different parts of the network

9

Element management via a Graphical User InterfaceThe main management tool for Flexi ISN is the Web-based Nokia Siemens Networks Voyager. Delivered preinstalled, Voyager provides an extensive set of confi guration parameters and element monitoring features, as well as a Graphical User Interface (GUI) for confi guration, monitoring and control. It can be used remotely over a secured SSL connection and can be accessed by a Web browser and be run basically on any host. Also, the Command Line Interface (CLI) provides versatile functionality for application management. The CLI provides the same Flexi ISN confi guration functionalities as Voyager.

NetAct for network managementNokia Siemens Networks NetAct provides trouble-shooting to monitor the health and performance at the element and service/fl ow levels in real-time. This allows problems to be tracked and fi xed as soon as they appear, ensuring continued delivery of services.

Security considerationsFlexi ISN is positioned at the network edge where the user data becomes active on the network layer and where traffi c coming from the packet data network is directed to subscribers. This is the point where security control must take place.

As the gateway between end-user terminals and public and private IP networks, the Flexi ISN incorporates subscriber fi rewall functionality at both the IP networking and end-user levels. Packet fi ltering, based on the traffi c classifi cation, is supported for active PDP-contexts, with confi gurable protection against malicious attacks towards subscribers. The fi rewall can be confi gured to meet operational needs, with traffi c being denied or allowed according to different fl ows, such as uplink only, downlink only, vbi-directional or denied.

Our Intelligent Packet Core aggregates functions that are common to all accesses


10

Charging is a tool forsubscription segmentationCharging is a valuable tool for subscription segmentation. In addition to differentiating tariff schemes, prepaid and postpaid subscriptions can be offered to different Diameter groups. Flexi ISN supports the Diameter interface for online charging control for the benefi t of both the operator and the subscribers. Flexible charging options allow the implementation of tariff models that best match the operator’s business strategy.

Minimizing prepaid fraudPrepaid charging systems were originally developed for voice calls only. For these calls, an acceptable billing accuracy can be achieved with hot billing systems, where Charging Detail Records (CDRs) are sent immediately from the MSC to the billing center. With the advent of value-added data services, this is no longer the case.

Users have the chance to benefi t from the so called ‘fraud window’, the time that elapses between prepaid credit running out and when service is denied. In the few minutes that this fraud window is open, a user could make several ring tone downloads or browse a number of content pages.

Flexi ISN implements Diameter based credit control according to 3GPP release 6 specifi cations. Minimizing possible prepaid fraud has been one of the main design criteria and the implementation optimizes both the rating engine load and the use of the credit control interface. Prepaid fraud can be minimized, with online charging and credit control, before the service is used.

Online charging control

Diameter for online chargingDiameter is fl exible and complete enough protocol to implement the key functionalities needed by most operators without vendor-specifi c extensions. As an improvement to Radius, it offers more scalability, more reliability and more effi ciency. Diameter uses TCP, a connection-oriented and stateful protocol that guarantees reliable and orderly delivery of information.

The Diameter implementation in Flexi ISN utilizes the experience acquired through earlier on-line charging solutions, the GGSN-based Radius solution and the SGSN-based CAMEL solution.

Functionality has been developed in close co-operation with operators and is aligned with the latest standards. Flexi ISN brings 3GPP REL 6 based online credit control into commercial networks.

11

Time step chargingOperator challenge: Need to fi nd an easy to understand charging model for sporadic data service users. Subscribers do not want to be in a hurry when using services, which is the case with time based charging. With volume based charging schemes, the subscribers are not able to estimate the costs of service usage.

Nokia Siemens Networks’ solution: Time based charging applies the same charging philosophy as applied in hotel WLANs: the subscriber is able use the service for a predefi ned time interval for a fi xed fee (e.g. $10/hour). When the fi rst packet of the service is let go a predefi ned time interval (step) is always charged whatever the user behavior during this interval. After this interval, a new step will be charged at the time the next packet is let go.

Operator benefi t: Increased service usage and more revenue due to easy to understand charging schemes. Subscriber benefi t: Time step charging improves the user’s understanding of service charging, as cost is easily predictable.

Time step charging


12

Temporary subscriptionsFlexi ISN supports the DIAMETER interface for online charging control. This allows implementing temporary subscriptions with the support of an Online Charging System, for example, the Nokia Siemens Networks charge@once.

Temporary subscriptions allow the operator to limit the maximum volume used during a certain time period (e.g. one month) to a certain confi gurable value. For example, the subscription may limit the monthly usage to maximum 10 Mbit or 50 Mbit with a fi xed fee. When the volume limit has been reached, service usage can be either barred until the end of the subscription period or another tariff can be applied. The operator may, for example, apply volume or time based charging when the limit has been reached. A notifi cation can be pushed to the subscriber to inform them of the tariff change.

Limited rate packagesWith Flexi ISN QoS capabilities, the operator is able to implement subscriptions where the maximum access rate is limited to some confi gured value. This allows the operator to differentiate the subscriptions for different subscriber groups. Differentiated chargingFlexi ISN allows the confi guring of charging rules to differentiate charging according to the accessed service. Accounting options are:

• Layer 3 or layer 7 volume• Time based accounting• Accounting on event basis on layer 7• Mixing of different accounting: combinations of time, volume and event

An example of differentiated charging is charging a fi xed fee per MMS or per ring tone download, in other words, the service cost is independent of the number of bits transmitted

Multiple wallet chargingOperator challenge: Companies are concerned about the costs incurred because of employees using non business related services and may not allow their employees to use mobile data services at all. Corporate customers are likely to churn and this calls for the differentiating of corporate offerings to retain existing subscribers and attract new ones.

Nokia Siemens Networks’ solution: Flexi ISN supports charging to multiple wallets according to the accessed service. The wallets can have different charging profi les (post-paid or prepaid). Work related service usage (e.g. company intranet access) can be charged to a corporate postpaid account whereas other services’ usage can be charged to a personal prepaid wallet.

Operator benefi t: Retaining and increasing corporate customer base.End user benefi t: Cost control for mobile data services allows corporate segment to allow data services to all employees without risk of excess costs.

13

The winning architectureCarrier-Class Architecture Flexi ISN has carrier-class availability that minimizes downtime and impact on revenue, an essential requirement for trusted operation. Flexi ISN provides ‘fi ve 9s’ (99.999 %) platform availability, with yearly downtime measured in seconds.

PDP context level redundancyThe Flexi ISN architecture makes it possible to implement load balancing and achieve redundancy on a PDP context level. The user data fl ow in the Flexi ISN is the simplest possible: from Interface Blade via Switch Blade to Service Blade and back to Interface Blade. The Interface Blades provide physical interfaces, intelligent load balancing of user sessions and routing.

Session level load balancing is implemented by directing incoming PDP context requests to the least loaded Service Blade.

The result is an evenly distributed load in a redundant system, with every Service Blade being active and there are no extra standby blades. PDP contexts are made resilient by the Service Blade, which creates a standby session to the next least loaded service blade. This ensures service continuity if a Service Blade is removed or fails. Another advantage is that no peak in traffi c is generated on failover caused by re-establishing connections. This makes the design of Flexi ISN superior to the traditional load balancing commonly applied in fi xed IP networks.

Simplicity of design: all traffi c processing intelligence implemented on a single Service Blade


14

Simplicity of designSignaling is distributed on Flexi ISN Service Blades for high reliability and scalability. Removing any signaling bottleneck is important for on-line credit control to allow prepaid, dynamic policy control and frequent inter-system handovers. The heart of the Flexi ISN software runs on the Service Blades. Both the user and control planes are implemented in the Service Blades, which realize the traffi c processing intelligence. In addition to the Interface and Service Blades, the Flexi ISN consists of Management Blades, Switching Blades and Hard Disk Blades.

Scalability to accommodate growthTogether with high reliability, increased capacity has been a key driver in introducing a new platform for Flexi ISN. It offers excellent scalability, from a minimum sellable capacity of 1000 PDP contexts and 1 Mbit/s throughput, to the maximum of 4 Million PDP contexts and 10 Gbit/s throughput with four fully equipped chassis in a standard telecom rack.

PDP context level redundancy

15

Nokia Siemens Networks Flexi ISN - Building a smart yet invisible network

Flexi ISN brings carrier-grade service awareness to the Packet Core network. An open connectivity and control element, it provides secured access, high end-user service quality and charging and subscription control for cellular, wireless and wireline data networks.

Our key differentiators are:Nokia Siemens Networks is a single provider • for packet switched coreFlexi ISN offers high availability with 99.999 % • reliability for one shelfFlexi ISN offers superior performance with truly • scalable deep packet inspectionFlexi ISN has a graphical user interface and is • easy to confi gure to reduce OPEXFlexi ISN offers a future-proof evolution path • towards mobile broadband services

Nokia Siemens Networks is a leading global enabler of communications services. The company provides a complete, well-balanced product portfolio of mobile and fi xed network infrastructure solutions and addresses the growing demand for services with 20.000 service professionals worldwide. Nokia Siemens Networks is one of the largest telecommunications infrastructure companies. Nokia Siemens Networks has operations in some 150 countries and is headquartered in Espoo, Finland. It combines Nokia’s Networks Business Group and the carrier related businesses of Siemens Communications. For more information please visit www.nokiasiemensnetworks.com.

Nokia Siemens Networks and the wave logo are registered trademarks ofNokia Siemens Networks. Other company and product names mentionedherein may be trademarks or trade names of their respective owners.Products and solutions herein are subject to change without notice.Copyright © 2007 Nokia Siemens Networks. All rights reserved.Code: 11498 - Nokia Siemens Networks – 07/2007 Activeark Oy

Nokia Siemens Networks CorporationP.O. Box 1FI-02022 NOKIA SIEMENS NETWORKSFinland

Visiting address:Karaportti 3, ESPOO, Finland

Switchboard +358 71 400 4000 (Finland)Switchboard +49 89 5159 01 (Germany)

www.nokiasiemensnetworks.com

Documents

NSN - Flexi_ISN