F5 Solutions For Service Providers: Bart Salaets Solution Architect

CONFIDENTIAL
F5 Solutions for
Service Providers
Bart Salaets
Solution Architect
Complex network architectures
Value-added services (VAS)
Video optimization Transparent caching URL filtering

Control Plane
DNS PCRF IMS AAA HSS OCS DRA
End Static port80 based steering into VAS complex

Users
GGSN/PG RTR L2 Switch DPI/TDF LDNS FW CGNAT RTR

Internet
W
BRAS/BNG Challenges
• Complex architecture, hard to
Multiple point product solutions inline in the data path scale
• Resulting high CapEx and OpEx
• Difficulty adding new services
© F5 Networks, Inc CONFIDENTIAL 2

The new network should focus on …
Optimize Monetize Secure

Intelligent steering to VAS Quality of Experience mgmt Network Security (Gi FW)
Consolidate L4-L7 functions Flexible opt-in/opt-out services Dynamic subscriber security
TCP Optimization Flexible charging DNS Security
Migrate to NFV-based solution IPv4/IPv6 Transition

A Consolidated Approach with F5
Simplifying the delivery of L4-L7 network services
BEFORE F5
VAS layer
Static port 80 steering
PGW/ RTR LDNS Policy URL CGNAT Firewall Internet

BNG Enforcement Filtering
WITH F5
VAS layer
Dynamic & intelligent steering
VIPRION
PGW/ Internet
BNG

Consolidate L4-L7 Network Functions with F5
2005–2010 L2–L3 L4–L7 2010–2014
Multi-service
router
L2 switching Full Proxy
MPLS L2 PE IP ROUTING (TCP opt,
TCP OPTIM
HHE) Policy
Enforcement
MPLS L2 PE DPI/PCEF
L3 routing MPLS L3 PE Firewall L7 STEERING

MPLS L3 PE
BRAS/BNG FW/CGN
CGNAT
HTTP HE
BRAS/BNG L3/L4
Steering
Dedicated platforms, Single platform, Dedicated platforms, Unified platform,

different vendors L2–L3 consolidation different vendors L4–L7 consolidation

Purpose Built Platforms for L4-L7 Services
VIPRION
4800
20M L7 RPS
10M L4 CPS
320/640G
L7/L4TPUT
10,000,000
VIPRION
4480
9,000,000 10M L7 RPS
5.6M L4 CPS
160/320G L7/L4
TPUT
8,000,000
VIPRION
2400
L7 Requests Per Second (Inf-Inf)
7,000,000 8M L7 RPS
4M L4 CPS
320G L7/L4
TPUT
6,000,000
VIPRION 2200
5,000,000
4M L7 RPS
2M L4 CPS
160G L7/L4 TPUT
4,000,000
BIG-IP 11050
BIG-IP 10200v 2.5M L7 RPS
BIG-IP 7200v 2M L7 RPS 1M L4 CPS
3,000,000
BIG-IP 5200v 1.6M L7 RPS 1M L4 CPS 40/42G L7/L4 TPUT
775K L4 CPS 40/80G L7/L4 TPUT
1.5M L7 RPS
BIG-IP 4200v 20/40G L7/L4 TPUT
2,000,000 700K L4 CPS
850k L7 RPS 15/30G L7/L4 TPUT
BIG-IP 2200s 300K L4 CPS
BIG-IP Virtual Edition
425K L7 RPS 10G L7/L4 TPUT
1,000,000 Up to 325K L7 RPS 150K L4 CPS
Up to 100K L4 CPS 5G L7/L4 TPUT
10G L7/L4 TPUT
0
BIG-IP Virtual EditionBIG-IP 2000 Series BIG-IP 4000 Series BIG-IP 5000 Series BIG-IP 7000 SeriesBIG-IP 10000 SeriesBIG-IP 11000 Series VIPRION 2200 VIPRION 2400 VIPRION 4480 VIPRION 4800

BIG-IP / BIG-IQ – Technology Suite
BIG-IQ BIG-IQ BIG-IQ BIG-IQ BIG-IQ VMWare
Security™ MAM Device™ ADC Cloud™
Cisco
BIG-IQ Platform™ APIC
Microsoft
Plugin SCVMM
Eco
BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP® BIG-IP® MobileSaf BIG-IP® BIG-IP® Syste OpenStack
Carrier Policy Enf. Local DNS Acceleratio Applicatio e Advanced Access
n m
Grade NAT Manager Traffic Modules n and Firewall Policy
(CGNAT) (PEM) Manager (GTM) Manager Security WebSafe Manager Manager AWS
(LTM) (AM) Manager (Versafe) (AFM) (APM)
(ASM) Open
Connector
Programmability iRules®, iApps®, iCall, iStats and iControl®

Manageability RBAC, Logging, SNMP, CLI, GUI
TMOS
Operating System L3/Routing, UDP, IP, IPSec, IPv6, SCTP, TCP, HTTP, SSL,
Core Protocols
FIPS, Tunneling, BWC, Stats, Certifications
Performance / Scalability CMP, VCMP, ScaleN, Firmware, HAL, Sizing Guides ADC
Service Provider
KVM / AWS / Xen Security

TMOS
Fabric VMWare / HyperV Cloud
Orchestration
Appliances
Chassis Software

Key F5 network services – Optimize, Monetize, Secure
A unified platform and single management framework
Intelligent Traffic Per-Subscriber DPI & Local

Steering Policy Enforcement URL Filtering DNS
CGNAT and ICSA Certified TCP

IPv6 Migration Network Firewall Optimization




Policy Enforcement Manager – Policy Definition
Policy Name Bronze
Policy Name Silver CLASSIFIER RULE_10
PolicyRule
Name1 PREC
Gold
PREC 10
10
CLASSIFIER RULE_10
POLICY ACTION RULE_10
Rule 1
Rule 1 Rule 2 CLASSIFIER
PREC 20 RULE_1CLASSIFIER RULE_20 POLICY ACTION RULE_1
Rule 2 PREC 20 CLASSIFIER RULE_20 POLICY ACTION RULE_20
Rule 2 Rule 3 CLASSIFIER
PREC 30 RULE_2CLASSIFIER RULE_20 POLICY ACTION RULE_2
Rule 3 PREC 30 CLASSIFIER RULE_20 POLICY ACTION RULE_30
Rule 3 CLASSIFIER RULE_3 POLICY ACTION RULE_3
POLICY POLICY ANALYTICS &

SUBSCRIBER TYPE ASSIGNMENT
TYPE CHARGING
• Global Policy • Static subscriber • Diameter Gx • Syslog
• Unknown Subscriber • Dynamic subscriber • Predefined • IPFIX
Policy
• Radius • Dynamic (gate, • Radius
• Subscriber Policy QoS)
• DHCP • Gy
• Radius
• Unknown IP SA • Gx Usage Monitoring
• Custom

Classification & Policy Actions
APPLICATION CLASSIF. URL CLASSIF. FLOW CLASSIF. CUSTOM CLASSIF.
• Application Category • URL Category • DSCP • irule / TCL script

(eg. P2P) (eg. Gambling)
• Protocol (TCP/UDP) • Examples
• Application • URL database from third • Other fields in the
(eg. bittorrent) party • IP source address range traffic flow (ip header,
& port http header, ... )
• Some applications are using • Ability to create custom DB
F5 signatures, other • IP destination address • Other fields stored in
applications rely on third • Used for HTTP and range & port the PEM sessionDB
party DPI signature engine HTTPS (SNI check) for that subscriber
(RAT-type, roaming,
• Incoming VLAN tower-id)
REPORTING HTTP REDIRECT HTTP HDR ENR. QOS MARKING
QUOTA MGMT STEERING (NH) STEERING (ICAP) BW CONTROL
SERVICE CHAIN GATE (FWD) CUSTOM / TCL

POLICY ACTIONS

Intelligent Traffic Steering – Optimize VAS Utilization
INTELLIGENT STEERING
Diameter Gx
PCRF
Radius
RTR Internet
PGW/
BNG VIPRION
Context-aware & policy-driven

CONTEXT steering & intelligent service chaining
SUBSCRIBER Data Center

DEVICE-TYPE
RAT-TYPE
CONTENT (VIDEO, URI, ... ) Video Transparent Parental WAP
CONGESTION Optimization Caching Controls Gateway

Policy Controlled Service Chaining –Beyond SDN
VAS BYPASS LOAD BALANCING

SERVER HEALTH CHECKING Service Provider VAS
TRAFFIC STEERING Video Optimization Parental Control
ICAP
SERVICE CHAINING
HEADER ENRICHMENT
LB LB
PEM
POOL 1 POOL 2
HTTP ICAP
HTTP STEER TO STEER TO HTTP
ASSIGN FLOW
User VIDEO OPT PARENTAL
TO SERVICE CHAIN
POOL CTRL POOL
Internet

Bandwidth and QoE management
PER-SUBSCRIBER BANDWIDTH CONTROL
Gold Subscriber (20 Mbps)
Silver Subscriber (10 Mbps)
Bronze Subscriber (5 Mbps)
PCRF
PGW/GGSN VIPRION
PER-SUBSCRIBER PER APPLICATION BANDWIDTH CONTROL

Even if subscriber is entitled for more by
subscriber bandwidth policy his P2P traffic
Gold Subscr total (20 Mbps) gets reduced to configured value (512kbps)
Gold Subscr p2p (512 kbps)
PGW/GGSN VIPRION
DPI inspection for OTT Identification & Monetization
OTT MONETIZATION & FLEXIBLE CHARGING
Gold Subscr total (acct only)
OTT Service (acct + DSCP mark) PCRF
PGW/GGSN VIPRION
SPECIALIZED
SERVICE
(MNO BRAND)
• Subscription models / bundles for OTT or specialized service

• Bundled into subscription for a lower fee
• OTT traffic excluded from volume bundle
• OTT traffic marked/tagged for differential treatment at radio layer
URL Categorization for filtering & parental control
• URL Filtering
• Built-in Webroot DB (20M most popular sites)
• Custom DB
• SNI based URL categorization
• Categorizing SSL traffic (HTTPS)
1. Trying to access blocked

URL
RTR Internet
PGW/
GGSN
3. Access Denied 2. Integrated Webroot
URL Filtering / Blacklist
Customer Benefit: Set categories based on regional preferences and categorization

on HTTPS
Content Injection for toolbar injection / ad insertion
1. Content being sent
back to subscriber;
data maxed out
3. Subscriber realizes BNG/BRAS Internet

they have maxed out
data 2. Javascript insertion about
quota max
• Insert javascript for branded Insert-content

toolbar • Position <prepend/append>
• Use it for Ad Insertion • Tag-name <tag>
• Value-type <string/tcl-snippet>
• Subscriber policy to control
• Value <abcd>
frequency of insertion
• Frequency <once/once-
• Policy selects insertion position every/always>

PEM – Wide range of use cases
Per-subscriber Application & URL Subscriber Application Analytics Intelligent Traffic Steering
Bandwidth Control & Filtering & Service Chaining to VAS
• Subscriber ID / Rate Plan
• TCP-friendly rate limiter • Steer traffic based on
• Charging rules subscriber profile to Value
• Separate up/down rates
• Application Usage Reporting Added Services &
• Highly scalable solution Optimization Services
• TCP Optimization as a bonus • Intelligent Service Chaining
Online Charging (Gy) URL Filtering & Parental Control OTT Identification & Monetization
• Government lists
• Flexible rating group • Per-subscriber OTT
definitions based on • Per-subscriber parental application detection
applications and/or URI control opt-in/opt-out
• Per-OTT bandwidth, marking
service
• Redirect or block upon quota and charging rules
expiration • For HTTP & HTTPS
Header Enrichment & WAP offload Content Injection / Toolbars Lightweight BRAS/BNG
• HTTP HE for content-based • Java-script based content • DHCP-based BNG model

charging injection for wifi and wireline
deployments
• WAP GW bypass/offload and • Targeted advertisements
replacement • Radius AAA client




Optimized DNS Solutions for Service Providers
• Faster DNS responses to provide for 4G/LTE subscriber growth
Local DNS • Manage existing traffic to DNS server infrastructure with BIG-IP
• Enhanced performance through transparent caching, offloading DNS infrastructure

DNS Load Balancing
• Reduce the DNS servers by offloading the DNS infrastructure
Transparent Cache
• High performance DNSSEC validation, offload DNSSEC computations and consolidate services
Caching Resolver
• Proactively manage DNS client traffic for greater availability and stability
• Provide reliable, fast access to online services for in network subscribers
Authoritative • Highly scalable authoritative DNS name server
• Simplify deployment using existing DNS infrastructure to manage the zones
• Enhance the subscriber experience by making intelligent DNS and GSLB decisions
• Enable high availability and performance for subscribers by managing UE/MME PDP sessions
Infrastructure
• Intelligent GSLB with ENUM support for IMS / EPC interoperability and NAT64 delivery

Denial of Service Attacks against DNS
APPLICATION LAYER ATTACKS TRADITIONAL DDOS MITIGATION
100% 50%
86% 45%
90%
40%
80%
70% 35%
70% 30%
60% 25%
20%
50%
“Cybercrime is a
15%
37%
40% 31% 10%
30% 5%
20%
17%
9% 10%
persistent threat in 0%
today’s world and,

10%
0%
despite best efforts, no

HTTP DNS HTTPS SMTP SIP/VoIP IRC Other
DNS is now the second most business is immune.” Of the customers that mitigate DDoS
targeted protocol after HTTP. attacks, many choose a technique
Network Solutions that inhibits the ability of DNS to do
DNS DoS techniques range from:
its job
• Flooding requests to a given host
• DNS is based on UDP
• Reflection attacks against DNS
infrastructure • DNS DDoS often uses spoofed sources
• Reflect / Amplification attacks • Using an ACL block legitimate clients
• DNS Cache Poisoning attempts • DNS attacks use massive volumes of
source addresses, breaking many
firewalls.

DNS The F5 way
CONVENTIONAL DNS
THINKING
External DNS Load Array of DNS Internal Hidden
• Performance = Add DNS
Internet
Firewall Balancing Servers Firewall Master DNS boxes
• Weak DoS/DDoS Protection
• Firewall is THE bottleneck
F5 PARADIGM SHIFT
F5 DNS DELIVERY
REIMAGINED
• Strong DoS/DDoS protection
DNS Firewall
Internet
Master DNS
Infrastructure
DNS DDoS Protection
Protocol Validation
• Consolidation
Authoritative DNS
Caching Resolver • Protects “Back-End” servers
Transparent Caching
BIG-IP
High Performance DNSSEC
DNSSEC Validation
Intelligent GSLB

Authoritative DNS: Scale with DNS Express
• High-speed response and DDoS protection with in-memory DNS
DNS Server
• Authoritative DNS serving out of RAM
• Configuration size for tens of millions of records
• Scale and Consolidate DNS Servers
Answer
Answer
Answe
DNS Express in BIG-IP GTM DNS Manage
DNSr DNS
Query
DNS
Query
Query Records
Answer
Answe Answer
Answe
Admin
r r
DNS
DNS
DNS
DNS OS Auth
Query
Query Query
Query Roles
Internet Answe Answe

Answer
r
Answer
r
Dynamic
DNS
DNS DNS
DNS NIC DNS
Query
Query Query
Query DHCP

LDNS : Scale with transparent cache
The Business Case The F5 Advantage
• Need to decrease DNS latency and offload • Scale DNS transparent caches as demand
DNS resolvers increases. Offloads existing DNS
• Implement transparent DNS caches close infrastructure
to the subscriber • Provides a simple upgrade path to a full
• Deliver DNS scale without impacting caching resolver
service - Eliminate the need for centralized DNS
F5 DNS Services in Mobile Core F5 DNS Services in Mobile Core
BIG-IP Platform BIG-IP Platform
Distributed DNS Transparent Caches Distributed DNS Transparent Caches
DNS Resolver
Infrastructure

Competitive Analysis: DNS Cache Performance
Infoblox Platform by Platform Comparison with F5
1400000
1200000
1000000
RPS
800000
600000
400000
200000
0
2000S Infoblox 2200S Infoblox 4000S Infoblox 7000S Infoblox 7200V Infoblox
Trinzic Trinzic Trinzic Trinzic Trinzic
1420 2210 2220 4010 4030 Platforms are grouped by like pricing

LDNS : Scale and offload with caching resolver
The Business Case The F5 Advantage
• Need faster and scalable query response • Faster Web browsing and reduced DNS
• Desire lower CapEx and OpEx. No need for latency
additional DNS resolver farms • Hardened appliance consolidates 10s or 100s
• BIG-IP delivers high performance, scalable of servers
• Greater reliability through resiliency, HA
DNS Caching and Resolving on one
• Simplified management, lower cost of
platform ownership
• Consolidate and offload DNS for immediate
F5 DNS Services in Mobile Core F5 DNS Services in Mobile Core
ROI
Distributed DNS Caching Resolvers Distributed DNS Caching Resolvers

Client Protection with DNS RPZ
Prevent subscribers from reaching known bad domains
Prevent malware and sites hosting malicious content from ever communicating with a client.
Internet activity starts with a DNS request. Inhibit the threat at the earliest opportunity.
Live updates
RPZ live feed
BIG-IP GTM
REPUTATION
RESOLVER
VALIDATION
CACHE
PROTOCOL
LISTENER
IPV4/V6
IRULES
DATABASE
SPECIAL
HANDLING

DNS IP and Name Reputation Choices
Ingress DNS path
RESPONSE POLICY ZONES
Screens a DNS request against domains with a bad reputation.
INHIBITS THREATS BY FQDN
Any IP Protocol with iRules

IP INTELLIGENCE
Intercept a DNS response in iRules. Categorize & make a decision.
INHIBITS THREATS BY IP
HTTP, HTTPS and DNS with iRules

URL FILTERING
INHIBITS THREATS BY FQDN Intercept a DNS request in iRules. Categorize & make a decision.
POLICY CONTROL BY FQDN

SP Layered Client Protection
• Response Policy Zones (RPZ) filters out and provides NXDOMAIN / Redirect for know bad doma
• URL Filtering further provides granular policy controls using categories.
• IP Intelligence blocks based on the resolved IP.
• It can also be used in the data path for other protocols.
RPZ Feed Subscriber Policy IPI Feed URL Feed
iControl iQuery
QUERY: WWW.DOMAIN.COM
DNS iRules (Request / Response)
RPZ
RESOLVER
INGRESS DNS PATH
URL Filtering
CACHE
iRule
DNS Request Path
DNS Response Path
IP Intelligence EGRESS DNS PATH

DNS Tunneling: Prevent it with iRules
Suspend
Classify the traffic:
Threshold Determine the SLA for RPS and allowed response size.
When a client sends in a query:

Is the query for a blocked domain? (A tunnel host)
Drop Is the query rate above allowed rate? Increment score.
Threshold Client previously above allowed rate? Increment score.
Resolve request and analyze response.
- Factor in the response size to the score.
Take an action:
QUERY RATE Is the client above the score threshold?
SCORING
- Drop the request
RESPONSE
SIZE SCORING
- Suspend DNS service for a period.
Client E
Client C
Client D
Client F
Client A
Client B




Пересечение технологий
Маршрутизатор F5 BIG-IP
(пакетная обработка) (обработка на базе сессий)
L2 VPN Балансировка
Traffic steering
L3 VPN NAT44
Безопасность L4-L7
NAT64
Управление SSL и IPsec VPN
абонентами DS-Lite Масштабирование и
безопасность DNS
IP QoS
Ускорение WEB
IP пиринг
32 © F5 Networks, Inc.

Carrier Grade NAT (44, 64)
NAT4(6)4
RTR Internet
PGW/GG VIPRION
SN
Частное адресное Публичное адресное
NAT4(6)4
пространство пространство IPv4 / IPv6
• Динамический NAPT, Deterministic NAPT, Port Block Allocation

• Расширенные возможности ALG, hairpinning, поддержка EIF/EIM
• Беспрецедентное масштабирование и производительность (Gbps, cps, max conns)
• Высокопроизводительное логирование в любом требуемом формате (syslog,
Netflow); возможно изменение формата полей, например добавление Radius ID, http
Url и т.п.
© F5 Networks, Inc 33
CONFIDENTIAL
Вопрос 1: Какое максимальное количество пакетов в
секунду может быть в 1 Gbps канале?
Ответ:
~1.488.096 пакетов в секунду в гигабитном канале

Вопрос 1: Какое максимальное количество пакетов в
секунду может быть в 1 Gbps канале?
Frame Part Minimum Frame
Size
Inter Frame Gap (9.6 ms) 12 bytes
MAC Preamble (+ SFD) 8 bytes
MAC Destination Address 6 bytes
MAC Source Address 6 bytes
MAC Type (or length) 2 bytes
Payload (Network PDU) 46 bytes
Check Sequence (CRC) 4 bytes
Total Frame Physical Size 84 bytes
[1,000,000,000 b/s / (84 B * 8 b/B)] == 1,488,096 f/s (maximum rate)

Вопрос 2: Какое максимальное значение CPS может быть
достигнуто для 1Gbps канала?
Ответ:
~1.488.096 Соединений в секунду

Потому что каждый пакет может инициировать соединение (SYN, первый
UDP пакет в сессии)

Вопрос 3: Сколько CPS может обработать межсетевой
экран F5 Networks?
Connections per second

8
6
21x
Millions
8M
2
600k
400k 350k
0
F5 Juniper Cisco Check Point

(VIPRION 4800) (SRX 5800) (ASA 5585-X) (61000)




Mobile Has Unique Challenges
Why is the web so slow on my mobile device?
Mobile Device Mobile Network Internet Application

• TCP stacks are different • Higher packet loss rate • Low packet loss • Different TCP stacks
on different mobile OS rate
• High network latency: being used on
• JavaScript parsing and 300ms via 3G vs <50ms • Low latency (except servers, some of
execution is relatively on LTE for intercontinental which are not optimal
slow on mobile devices traffic) for mobile networks
• Connections are made
ad-hoc and frequently
dropped to preserve
spectrum and battery
life
Content Optimization – A Changing Environment
SSL / SPDY INCREASE
• In many countries, SSL traffic (HTTPS and SPDY) on mobile

networks is currently reaching around 50% of total Internet traffic
• Top web sites such as Google, Facebook, and Twitter use SPDY
• HTTP 2.0 being standardized in IETF with browsers requiring TLS
encryption when setting up HTTP 2.0 connections
RISE OF ADAPTIVE BIT RATE VIDEO STREAMING
• Top video sites such as YouTube, Netflix, Hulu, and BBC iPlayer
have all embraced ABR video technology
• Video is encoded at different bit rates, client dynamically chooses
or changes appropriate bit rate based on network conditions

TCP Protocol Review
• TCP is a connection-oriented protocol

• Client and server must establish a connection before any data can be
transfered
• TCP provides reliability

• Knows that data it sends is correctly received by the other end
• Acknowledgements confirm delivery of data received by TCP receiver
• Ack for data sent only after data has reached receiver
• TCP implements flow control and congestion control

• Sender can not overwhelm a receiver with data
• Sender will "back off" when under congestion

Impact of Latency – Web Page Load Times
Source: Ilya Grigorik, Google

Impact of Packet Loss – Throughput Degradation
• TCP designed to probe the network to figure out available capacity

In mobile networks packet
• TCP slow start is a feature, not a bug loss does not necessarily
imply congestion
Avg HTTP
response
size 16 kB (3
round trips)
Source: Ilya Grigorik, Google

TCP Optimization with F5
High Goodput Minimal Buffer Flow Fairness

Bloat
2G/3G VIPRION
LTE
INTERNET
PGW/ RTR
GGSN
TCP
EXPRESS
Cell-optimized TCP stack WAN-optimized TCP stack
Mobile Origin
Client Server

TCP Congestion Control Algorithms
RENO CUBIC
• Loss-based algorithms
• Reno, New Reno, High-Speed,
Scalable, BIC, CUBIC
• Delay-based algorithms
• Vegas
• Bandwidth-estimating algorithms
• Westwood, Westwood+
• Hybrid delay/loss algorithms ILLINOIS

• Illinois, Woodside (F5)

TCP Congestion Control Algorithms in 3G and LTE
• F5 created algorithm.
• Hybrid loss and latency based algorithm.
TCP Woodside
• Minimizes buffer bloat by constantly monitoring
network buffering.
• Emphasizes packet delay rather than packet loss

TCP Vegas • Detects congestion based on increasing RTT
values of packets.
• Targeted at high speed long distance networks

• Loss-delay based algorithm.
• Primary congestion of packet loss determines
TCP Illinois direction of window size change.
• Secondary congestion of queuing delay
determines the pace of window size changes.
• Targeted for high speed networks with high latency.

H-TCP • Loss-based algorithm.

TCP tuning for mobile networks
• Mobile networks have a large BDP
• Tune your TCP buffers accordingly
• Mobile networks can exhibit random packet loss

• Choose a TCP congestion control algorithm/technique that takes this into
account (don’t get into slow start upon random packet loss)
• Mobile networks can suffer from buffer bloat issues

• Choose a TCP congestion control algorithm that does not rely solely on packet
loss
• Enable TCP rate shaping to ensure ‘smoother’ delivery packets (less strain on
buffers)
• Mobile networks have relatively high latency

• Tune your settings to increase performance and web page load times (window
size, initial congestion window, ... )
Reducing Web Page Load Times with F5 TCP Express
Real life test results – MNO in APAC
Case 1 – 100 * 64KB images Case 2 – 1 * 10MB image
Business Business
center center
Shopping Shopping
Mall Mall
Residential Residential
Area Area
Optimized (sec)
As-is (sec)
Case 3 – Regular website 1 Case 4 – Regular website 2 Improvement (%)
Business
Business
center
center
Shopping Shopping
Mall
Mall
Residential
Residential
Area
Area

HTTP Performance Tests – Radio Strength Variances
Real life test results – MNO in EMEA
3G 4G
200% HTTP large download
40% HTTP large download
180%
HTTP small download 35%
160% HTTP small download
30%
140%
120% 25%
100% 20%
80%
15%
60%
10%
40%
20% 5% 38% 33% 20% 28%
196% 95% 22% 14%
0% 0%
Poor coverage Good coverage Poor coverage Good coverage
Large download: HTTP page with large images (throughput test)

Small download: HTTP page with small objects (web browsing test)
TCP OPTIMIZATION BENEFITS INCREASE UNDER POOR RADIO COVERAGE

TCP Optimization – Summary
Increases “goodput” on radio network and keeps latency under control
Works for > 90% of all Internet traffic regardless of encryption or

encoding
Lengthens life span of radio infrastructure and enhances user

experience
Deployed inline on Gi LAN, optionally consolidated with other L4-7

functions

To stay in touch please join our LinkedIn Group!

F5 Solutions For Service Providers: Bart Salaets Solution Architect

Uploaded by

Copyright:

Available Formats

F5 Solutions For Service Providers: Bart Salaets Solution Architect

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

F5 Solutions For Service Providers: Bart Salaets Solution Architect

Uploaded by

Copyright:

Available Formats

CONFIDENTIAL

Video optimization Transparent caching URL filtering

DNS PCRF IMS AAA HSS OCS DRA

End Static port80 based steering into VAS complex

GGSN/PG RTR L2 Switch DPI/TDF LDNS FW CGNAT RTR

© F5 Networks, Inc CONFIDENTIAL 2

Optimize Monetize Secure

© F5 Networks, Inc CONFIDENTIAL 3

PGW/ RTR LDNS Policy URL CGNAT Firewall Internet

© F5 Networks, Inc CONFIDENTIAL 4

2005–2010 L2–L3 L4–L7 2010–2014

L3 routing MPLS L3 PE Firewall L7 STEERING

Dedicated platforms, Single platform, Dedicated platforms, Unified platform,

© F5 Networks, Inc CONFIDENTIAL 5

© F5 Networks, Inc CONFIDENTIAL 6

Programmability iRules®, iApps®, iCall, iStats and iControl®

KVM / AWS / Xen Security

© F5 Networks, Inc CONFIDENTIAL 7

A unified platform and single management framework

Intelligent Traffic Per-Subscriber DPI & Local

CGNAT and ICSA Certified TCP

© F5 Networks, Inc CONFIDENTIAL 8

A unified platform and single management framework

Intelligent Traffic Per-Subscriber DPI & Local

CGNAT and ICSA Certified TCP

© F5 Networks, Inc CONFIDENTIAL 9

POLICY POLICY ANALYTICS &

© F5 Networks, Inc CONFIDENTIAL 10

• Application Category • URL Category • DSCP • irule / TCL script

REPORTING HTTP REDIRECT HTTP HDR ENR. QOS MARKING

QUOTA MGMT STEERING (NH) STEERING (ICAP) BW CONTROL

SERVICE CHAIN GATE (FWD) CUSTOM / TCL

© F5 Networks, Inc CONFIDENTIAL 11

Context-aware & policy-driven

SUBSCRIBER Data Center

© F5 Networks, Inc CONFIDENTIAL 12

VAS BYPASS LOAD BALANCING

© F5 Networks, Inc CONFIDENTIAL 13

PER-SUBSCRIBER PER APPLICATION BANDWIDTH CONTROL

Gold Subscr total (acct only)

OTT Service (acct + DSCP mark) PCRF

• Subscription models / bundles for OTT or specialized service

1. Trying to access blocked

Customer Benefit: Set categories based on regional preferences and categorization

3. Subscriber realizes BNG/BRAS Internet

• Insert javascript for branded Insert-content

© F5 Networks, Inc CONFIDENTIAL 17

• HTTP HE for content-based • Java-script based content • DHCP-based BNG model

© F5 Networks, Inc CONFIDENTIAL 18

A unified platform and single management framework

Intelligent Traffic Per-Subscriber DPI & Local

CGNAT and ICSA Certified TCP

© F5 Networks, Inc CONFIDENTIAL 19

• Enhanced performance through transparent caching, offloading DNS infrastructure

• Provide reliable, fast access to online services for in network subscribers

Authoritative • Highly scalable authoritative DNS name server

• Simplify deployment using existing DNS infrastructure to manage the zones

© F5 Networks, Inc CONFIDENTIAL 20

today’s world and,