CONFIDENTIAL
Advanced Traffic Steering & Optimization Technologies
Bart Salaets
Solutions Architect EMEA
F5 Networks, Inc 2 CONFIDENTIAL
Recent Evolutions in Traffic Steering
Flow-based vs Transaction-based Traffic Steering
Service Chaining & IETF Activities
TCP Optimization
Summary
Agenda
Recent Evolutions in Traffic Steering
F5 Networks, Inc 4 CONFIDENTIAL
Traditional Steering to VAS & Optimization platforms A router steers all port 80 traffic to VAS platforms
PGW/ WIFI-GW
Internet RTR
STATIC STEERING
Data Center
Video
Optimization
Transparent
Caching
Parental
Controls
WAP
Gateway
All port 80 traffic service chained through all VAS platforms
DPI Firewall/CGNAT
L2/L3 L4 L7
L7+ - Application Services L4 LB/ADC
F5 Networks, Inc 5 CONFIDENTIAL
Intelligent traffic steering to VAS platforms Offloading VAS services & Optimizing infrastructure utilization
INTELLIGENT STEERING
PGW/ GGSN
Intelligent Steering
Platform
RTR
Data Center
Video
Optimization
Transparent
Caching
Parental
Controls
WAP
Gateway
Context-aware & policy-driven steering & intelligent service chaining
CONTEXT SUBSCRIBER DEVICE-TYPE RAT-TYPE CONTENT (VIDEO, URI, ... ) CONGESTION
PCRF Diameter Gx
DRA
Internet DPI Firewall CGNAT
L4-L7 Steering
F5 Networks, Inc 6 CONFIDENTIAL
Intelligent traffic steering to VAS platforms Example : Subscriber and RAT-type based steering / service chaining
PGW/ GGSN
RTR
Data Center
Video
Optimization
Transparent
Caching
Parental
Control
WAP
Gateway
CONTEXT SUBSCRIBER POLICY DETERMINES STEERING TO PARENTAL CONTROL RAT-TYPE DETERMINES STEERING TO VIDEO OPT.
PCRF
RADIUS (RAT-TYPE updates for subscriber
in interim accounting)
DIAMETER Gx (subscriber policy indicates
parental control)
Steering leg controlled by Radius
Steering leg controlled by PCRF
INTELLIGENT STEERING
Intelligent Steering
Platform
Internet DPI Firewall CGNAT
Policy-controlled Service Chain
(per-flow steering/chaining)
Flow-based vs Transaction-based Traffic Steering
F5 Networks, Inc 8 CONFIDENTIAL
The Service Provider Challenge
Video optimization technology is expensive and steering all port 80 traffic to it is not considered economically viable going forward
Increasing desire to offload any HTTP traffic that is not carrying video
Increasing desire to offload ABR video traffic (as transrating/transcoding no longer needed)
The Technical Challenge
Accurate video detection requires checking both the HTTP request and the response headers
If the detection happens at the response level, how can we steer video to video optimizers after-the-facts (connection to video server is already established) ?
The Technical Solution
HTTP request-based & response-based steering
Per-flow steering is not adequate for this use case (see next slide)
Need for Transaction-based Steering Video Optimization
HTTP Messages Differ from IP Packets & TCP Flows
TCP/IP Packet
Packet Header
HTTP Message Body
HTTP Message Header
GET / HTTP/1.1\r\n
Host: www.myhost.com\r\n
Transfer-Encoding: chunked\r\n
Cookie: userId=username,
userData=abdefa1839290\r\n
User-Agent: Mozilla\r\n
\r\n
0\r\n
Body Terminator
for chunked mode
HTTP Header Split Across packets
Multiple Messages in one packet
HTTP message can span multiple packets
Packets may have multiple HTTP messages
Delimiting HTTP messages may require inspection of every byte
Message steering in some cases may cause TCP stream to be split
may lead to chaos in client to end
point communication
F5 Networks, Inc 10 CONFIDENTIAL
Steering on request
Establish TCP connection with client (full handshake)
Accumulate HTTP request message(s) in that TCP connection
For each HTTP request message in the TCP connection from the client
Parse the HTTP request headers and select VAS based on steering policy
Establish new TCP connection with the VAS selected in the steering policy and forward the accumulated HTTP message (in case of service chaining there will be several connections)
Steering on response
Establish TCP connection with client and establish another TCP connection with the server forward HTTP messages between client and server
For each HTTP response message in the TCP connection from the server
Parse the HTTP response headers and select VAS based on steering policy
But how do we steer to the VAS ? The connection with the server is already established ...
Steering on HTTP Request & Response
F5 Networks, Inc 11 CONFIDENTIAL
Steering on Response Call flows
Intelligent Steering Platform
Video
Optimization
Origin
Server
INTERNET
PGW/ GGSN RTR
RAN
HTTP Request from client Forward Request
HTTP Response
POLICY EXECUTION IF CONTENT-TYPE STARTS WITH VIDEO/ CONTENT-LENGHT > 1024KB THEN REDIRECT TO VIDEO OPTIMIZATION
Response to Client with 302 redirect to
same URI extended with
classification and policy results
Mobile
Client
F5 Networks, Inc 12 CONFIDENTIAL
Steering on Response After the HTTP redirect
Intelligent Steering Platform
Origin
Server
INTERNET
PGW/ GGSN RTR
RAN
New HTTP request with extended URI
Steer Request to
Video Optimizers Optimized
Response
POLICY EXECUTION IF URI CONTAINS VIDEO CLASSIFICATION INFO THEN STEER TO VIDEO OPTIMIZATION & DELETE CLASSIFICATION INFO FROM URI
Optimized Response
Video
Optimization
New connection
Mobile
Client
Service Chaining & IETF Activities
F5 Networks, Inc 14 CONFIDENTIAL
IP networks rely more and more on the combination of advanced functions
Besides basic routing and forwarding functions
Goal : Enforce service-inferred forwarding for traffic traversing a given domain
Differentiated by the set of Service Functions to be invoked
Service-inferred forwarding is policy-based. Policies may be:
Subscriber-aware
Based on flow characteristics
TE-oriented (e.g., optimize network resource usage)
Combination of the above
Several Service Function Chaining (SFC) IETF drafts available
IETF Service Chaining Working Group
F5 Networks, Inc 16 CONFIDENTIAL
SFC ingress : Policy classification will determine service chain SFC-ID pointing to a sequence of service functions (SFs)
All Service Functions may be policy controlled via a control plane
Meta-data can be added to the packets (to convey the SFC-ID to the SFs)
Service Functions can be physical or virtual (NFV)
Packet forwarding between SFs can be plain IP, SDN, overlay networks, ...
IETF Service Function Chaining Examples
LOAD BALANCER
(SF1)
WEB PROXY (SF2)
FIREWALL (SF3)
NAT44 (SF4)
DPI (SF5)
HEADER ENRICHM.
(SF6)
FIREWALL (SF3)
SFC-ID=1
SFC-ID=2
F5 Networks, Inc 17 CONFIDENTIAL
Static & Dynamic Service Chaining Today
PGW/ GGSN
RTR
VAS
Video
Optimization
Transparent
Caching
Parental
Control
WAP
Gateway
INTELLIGENT SERVICE CHAINING
Intelligent Steering Platform
Internet DPI Firewall CGNAT
PCRF
STATIC SERVICE CHAINING INTELLIGENT STEERING POLICY DEFINES A FIXED SFC (E.G. VAS1-VAS4)
DYNAMIC SERVICE CHAINING INTELLIGENT STEERING POLICY PER VAS LEG TO FULLY CONTROL THE SERVICE CHAIN ORDER BASED ON STATIC OR DYNAMIC PARAMETERS
F5 Networks, Inc 18 CONFIDENTIAL
Static Service Chaining
Intelligent Steering Platform
VAS1 VAS2
SERVICE CHAIN POLICY A SVC1 { FROM SUBSCRIBER TO VAS1 } SVC2 { FROM VAS1 TO VAS2 } SVC3 { FROM VAS2 TO INTERNET }
Mobile
Client Origin
Server
SVC1
SVC2
SVC3
PCRF
DIAMETER Gx (subscriber policy points to
service chain A)
SERVICE CHAIN
POLICY A
F5 Networks, Inc 19 CONFIDENTIAL
Dynamic Service Chaining
VAS1 VAS2
SERVICE CHAIN POLICY A SVC1 { FROM SUBSCRIBER TO VAS1 } SVC2 { FROM VAS1 TO VAS2 STEERING POLICY P1 } SVC3 { FROM VAS2 TO INTERNET }
Mobile
Client X Origin
Server
SVC1
SVC2
SVC3
PCRF
DIAMETER Gx (subscriber policy for subscriber
X indicates service chain A)
SERVICE CHAIN
POLICY A
STEERING POLICY P1 RULE R1 { IF (HDR $X-TO-VAS == INTERNET) { STEER INTERNET } }
Intelligent Steering Platform
VAS1 DID NOT INSERT
X-TO-VAS
F5 Networks, Inc 20 CONFIDENTIAL
Dynamic Service Chaining
VAS1 VAS2
SERVICE CHAIN POLICY A SVC1 { FROM SUBSCRIBER TO VAS1 } SVC2 { FROM VAS1 TO VAS2 STEERING POLICY P1 } SVC3 { FROM VAS2 TO INTERNET }
Mobile
Client X Origin
Server
SVC1
SVC2
PCRF
DIAMETER Gx (subscriber policy for subscriber
X indicates service chain A)
SERVICE CHAIN
POLICY A
STEERING POLICY P1 RULE R1 { IF (HDR $X-TO-VAS == INTERNET) { STEER INTERNET } }
Intelligent Steering Platform
VAS1 HAS INSERTED X-TO-VAS
INTERNET
F5 Networks, Inc 21 CONFIDENTIAL
Service Chaining Packet Forwarding
VAS1 VAS2
Mobile
Client
(IP_X)
SERVICE CHAIN
POLICY A
Origin
Server
(IP_Y)
SMAC DMAC SIP DIP VLAN SMAC DMAC SIP DIP VLAN
MAC_X M100 IP_X IP_Y 100 M91 MVAS1 IP_X IP_Y 91
MVAS1 M19 IP_X IP_Y 19 M92 MVAS2 IP_X IP_Y 92
MVAS2 M29 IP_X IP_Y 29 M200 MAC_Y IP_X IP_Y 200
VLAN 100
VLAN 91 VLAN
19
VLAN 92
VLAN 29
VLAN 200
CONNECTION TABLE
IN OUT
Intelligent Steering Platform
CONNECTION-ORIENTED FORWARDING Intelligent steering platform tracks the source MAC address and
VLAN of incoming connections in the connection table
Return traffic from endpoints and/or pools is sent back to the MAC address (on the VLAN) that transmitted the request
F5 Networks, Inc 22 CONFIDENTIAL
Service Chaining Today and Future
TRAFFIC STEERING
TRAFFIC STEERING
VAS1
VAS2
VAS3
VAS4
VAS5
Available today TCP & HTTP proxy technology
Flexible use of steering headers towards VAS platforms (HTTP headers, DSCP, ... )
Works with ICAP as well (control plane steer)
Practical model for few VAS services
Discussed in several IETF drafts
Requires all vendors to agree on same standard (packet header for metadata)
How to leverage SDN/NFV and overlay networking (VXLAN, NVGRE) technology
Scales to many VAS services
VAS1
VAS2
VAS3
VAS4
VAS5
SFC Ingress Classification SFC Ingress Classification
SFC Forwarding SFC Forwarding
TCP Optimization
F5 Networks, Inc 24 CONFIDENTIAL
TCP proxy approach allows for adequate TCP options & window scaling parameters to be negotiated separately with the client and the server, optimized for the access technology
Window scaling
Selective ACK
Congestion control mechanisms, Nagle algorithm, etc.
Patent pending optimizations to deal with packet loss & delay specific to cellular networks
Remove the effect of the first few percent of packet loss on congestion control typical for 2G/3G
Avoiding the buffer bloat problems in LTE networks
TCP Proxy Optimizing both sides of the TCP connection
Intelligent Steering Platform
Origin
Server
INTERNET
PGW/ GGSN
RTR
RAN
Mobile
Client
TCP PROXY
Cell-optimized TCP stack WAN-optimized TCP stack
F5 Networks, Inc 25 CONFIDENTIAL
Ideal TCP stacks would result in
Minimal Buffer
Bloat
Flow Fairness High Goodput
HOW DO WE ACHIEVE THIS IN 2G, 3G AND 4G NETWORKS ?
F5 Networks, Inc 26 CONFIDENTIAL
Impact of Latency : Web Page Load Times
http://www.igvita.com/slides/2012/webperf-crash-course.pdf
Slide courtesy of Ilya Grigorik @ Google:
F5 Networks, Inc 27 CONFIDENTIAL
TCP is designed to probe the network to figure out available capacity
TCP slow start is a feature, not a bug
Impact of Packet Loss : Throughput Degradation
http://www.igvita.com/slides/2012/webperf-crash-course.pdf
Slide courtesy of Ilya Grigorik @ Google:
Avg HTTP response size
16kB
(so 3 round trips)
In mobile networks packet loss does not necessarily
imply congestion
F5 Networks, Inc 28 CONFIDENTIAL
TCP Congestion Control Algorithms in 3G and LTE
TCP Woodside
F5 created algorithm.
Hybrid loss and latency based algorithm.
Minimizes buffer bloat by constantly monitoring network buffering.
TCP Vegas Emphasizes packet delay rather than packet loss
Detects congestion based on increasing RTT values of packets.
TCP Illinois
Targeted at high speed long distance networks
Loss-delay based algorithm.
Primary congestion of packet loss determines direction of window size change.
Secondary congestion of queuing delay determines the pace of window size changes.
H-TCP Targeted for high speed networks with high latency.
Loss-based algorithm.
F5 Networks, Inc 29 CONFIDENTIAL
Reducing Web Page Load Times with TCP Optimization Real life test results MNO in APAC
Business center
Shopping Mall
Residential Area
Business center
Shopping Mall
Residential Area
Business center
Shopping Mall
Residential Area
Business center
Shopping Mall
Residential Area
Case 1 100 * 64KB images Case 2 1 * 10MB image
Case 3 Regular website 1 Case 4 Regular website 2
Summary
F5 Networks, Inc 31 CONFIDENTIAL
Allows for Policy-based Intelligent Traffic Steering
Offloading & cost optimizing the VAS infrastructure
Allows for Static and Dynamic Service Chaining Today
Avoiding to pipe all traffic through all VAS platforms in sequence
Allows for Enhancing the Mobile Subscribers Quality of Experience
Advanced TCP optimization techiques increases the goodput and user experience over the 2G, 3G and LTE radio infrastructure
Traffic Optimization with TCP & HTTP Proxy
F5 Networks, Inc 32 CONFIDENTIAL
Top Related