INDUSTRY INSIGHTS
Charting the Signaling Storms
Signaling Storm Drivers
 Smartphone penetration and
always-on application...
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights res...
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights res...
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights res...
Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights res...
Upcoming SlideShare
Loading in...5
×

Charting the Signaling Storms - Stoke

190

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
190
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Charting the Signaling Storms - Stoke

  1. 1. INDUSTRY INSIGHTS Charting the Signaling Storms Signaling Storm Drivers  Smartphone penetration and always-on applications  Surges caused by external events (e.g. power outages and mass restarts or upgrades)  Dense small cells deployments  Increase in revenue-generating services (e.g., tiers, loyalty programs, QoS, and value add) Implications to Operators  Unnecessary application-based signaling best controlled by device or application changes  MME requires protection against unexpected surges that can snow ball into other core components Role of Security Gateway  Strategic location enables inspection of control plane  Identify and manage suspicious or unexpected high traffic flows  Take corrective action, per operator policy Multiple Signaling Drivers Higher smartphone penetration with users making continuous queries to the network to access social media sites, email, and instant messaging, coupled with the massive numbers of applications that require constant synchronization with the network have led to a significant increase in signaling traffic in both 3G and LTE networks. Unexpected signaling spikes, initiated by poorly configured, over-the- top applications, malicious hackers, or localized outages, have been known to overload networks elements so much as to cause large-scale network outages. Finally, new operator-provided, revenue-generating services require increased interaction with charging and policy functions within the core network and amplify the signaling load. High signaling traffic loads and unexpected surges impact multiple interfaces in LTE networks, but LTE’s flatter network architecture (without an RNC) exposes the Mobility Management Entity (MME) and magnifies the impact of any interruption of MME service. With multiple drivers of LTE signaling traffic and escalating growth in smartphones and applications, signaling capacity has become a critical consideration when dimensioning MMEs and other core elements. Figure 1. Signaling growth impacts multiple interfaces. This paper discusses the primary drivers of LTE signaling growth, the impacts on each network boundary, and identifies strategies to mitigate threats to the MME from excessive or inappropriate signaling.
  2. 2. Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 2 1 Chatty Smartphones Stressing Networks,” Tammy Parker, fiercebroadbandwireless.com, April 27, 2012. 2 Source: Nokia Siemens Networks, 2012. “On average, one million smart phone subscribers can generate 31,000 transactions per second during the busy hour –almost 450,000 individual messages in total, between RAN, MME, Serving Gateway (SGW), and Packet Gateway (PGW)." The Progressive Impact of Subscriber Transactions A single subscriber transaction creates multiple signaling messages. Subscriber transactions include subscriber-initiated events such as movement between cell sites or networks, receiving a call or message, changing network access, requesting an operator service, and application initiated events such as syncing with a host server. Transactions originate from the RAN or the network, are processed by the MME first, which then initiates multiple messages between other core elements. Figure 2. Average message impact of a single subscriber transaction. As illustrated in Figure 2, the MME bears the brunt of the signaling load and is exposed to as much as five times more signaling than other gateways. Over-the-Top Applications Chattiness Between the user equipment (UE) and the RAN, the main sources of higher signaling are the periodic “keep alive” messages that are sent by the always-on apps in order to maintain their network connection and the constant push notification from the application servers. According to analysts, the chattiest applications can generate as many as 2,400 signaling events per hour.1 If the device is in an idle state, each time an application initiates a message with its servers, the device must transition to an active state and reconnect to the network through a request/release transaction, consisting of between 11-19 individual messages. Conversely, when the application server needs to send a message to the device (e.g. notification of a social media update), the network initiates a service paging request to locate the device before the serving gateway can deliver the data. This paging request, plus the transition between idle and active states requires up to 29 individual signaling messages per transaction. On average, one million smart phone subscribers can generate 31,000 transactions per second during the busy hour –almost 450,000 individual messages in total impacting the MME, Serving Gateway (SGW), and Packet Gateway (PGW).2
  3. 3. Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 3 “While operators can provision the MME for predictable peak loads, allowing for high growth headroom, application growth is difficult to predict accurately and can change quickly. In addition, other external events pose threats that are totally outside the operator control." Reducing Application Signaling Excessive application driven signaling can be significantly reduced by addressing the problem at the device (“keep alive” messages) and at the application servers (push service). Several device chipset and policy vendors are working at targeting background apps signaling, while core vendors are working on targeting push services by monitoring and aggregating multiple application connection attempts. Core-to-Core Drivers (Diameter) Diameter is the language that the Internet protocol (IP) resources in the LTE operator core use to exchange information that’s vital to managing and monetizing mobile data services. Diameter signaling is driven by the growth of personalized and revenue producing services – operator premium applications, more sophisticated and personalized data plans, complex policy use cases and roaming – all of which require interaction with different functions within the core network. Industry standard bodies have defined more than 85 Diameter interfaces in 3G, Internet protocol multimedia subsystem (IMS) and LTE networks, with the majority occurring between the MME or PGW and the policy control systems (PCRF), subscriber databases (HSS) and online/offline charging systems (OCS/OFCS). Managing Diameter Signal Growth Diameter routing agents (DRA) and controllers are the primary mechanisms available to operators to manage diameter signal growth. RAN-to-MME Signaling Poor MME performance can degrade the service for a large number of users. The MME is the first core element to receive RAN-originated signaling, and controls the signaling flow into all other core elements, so it is especially important to protect it against signaling excesses or anomalies. While operators can provision the MME for predictable peak loads, allowing for high growth headroom, application growth is difficult to predict accurately and can change quickly. In addition, other external events pose threats that are totally outside the operator control. Operators must take additional steps to protect their core network while avoiding costly, over-provisioning of MME and other core element capacity. Signaling Spikes External events can cause unexpected signaling spikes. Outages can occur as overwhelmed network nodes cannot process the incoming traffic load and further deny service to a larger part of the network. External events include:  Power outages that cause a large number of eNodeBs or devices to simultaneously request reconnection to the network.
  4. 4. Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 4 3 Source: Stoke analysis and University of Surrey, February 2013. 4 3GPP TR 33.401, 3GPP System Architecture Evolution (SAE): Security Architecture, 2012. “SeGW’s role has started to expand beyond security. It protects the network against sudden and unexpected surges in signaling and user data traffic, whether the result of malicious attack, configuration error, or spikes in subscriber activity."  Faulty smartphone applications that are quickly adopted and generate excessive quantities of active/idle transitions.  Malicious attacks in which an unknown source intentionally alters messages and/or states to gain access to or disrupt a network. These types of events create a denial-of-service (DoS) attack, where the network is flooded with so many packets of data that it becomes difficult or impossible to be reached for legitimate traffic. Even if the MME (or other EPC element) remains operational, the overload of traffic results in the network being all but unusable. Small Cell Environments Mobility signaling from closely located small cell deployments will further increase signaling load on the MME and other gateways. In macro cell environments, a mobility/handover signaling would occur when a devices passes between cell sites in order to ensure that the call or session is not dropped. With small cells, even pedestrian movement can initiate handover, as subscribers walk around a shopping mall or school complex. As illustrated in Figure 3, as the radius of the cell site gets smaller (as would be expected with small cell deployments), the signaling load to the MME proportionately increases. Figure 3. Small cell density increases MME message load.3 Protecting the MME – the Widening Role of the Security Gateway The 3GPP defines the security gateway function (SeGW) to terminate IPsec tunnels for control and user plane between the MME and RAN4. Logically located in front of the MME, tasked with the role inspecting and decrypting traffic from the RAN, the SeGW can also provide important functions to further protect the MME from excessive or malicious signaling: “SeGW’s role has started to expand beyond security. It protects the network against sudden and unexpected surges in signaling and user data traffic, whether the result of malicious attack, configuration error, or spikes in subscriber activity……The edge of 1000 600 500 400 300 200 100 Cell Site Radius (meters) MME Messages per Second
  5. 5. Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2013 Stoke, Inc. All rights reserved. Lit# 150-0032-001 5 5 “Radio-to-core protection in LTE - The widening role of the security gateway”, Monica Paolini, Senza Fili Consulting. “Given the high service impact of even an improbable signaling surge, operators need to carefully evaluate all signaling drivers at each of the potential network boundaries and interfaces, and implement solutions for preventing service impacting overload." the core is an ideal place to monitor incoming traffic from the RAN and to identify and manage suspicious or unexpectedly high traffic flows…that may disrupt network access and service availability.” Monica Paolini, Analyst, Senza Fili Consulting5 Stoke Solution for the Mobile Access Border The Stoke Security eXchange™ with Mobile Border Agent extends beyond the 3GPP security gateway definition and includes expanded functionality to protect, optimize and enhance LTE core resources against overload events and attacks that can paralyze core network resources. Figure 4. The Stoke Security eXchange, with Mobile Border Agent, protects core assets. The solution continually monitors the signaling volume and transactions state from the eNodeB to assure proper and acceptable signaling levels into the MME. If traffic volume exceeds operator defined thresholds or policy, the solution can take action to shape the traffic volume appropriately, thus preventing overload to the MME that would further overload other network elements and potentially cause a large-scale network outage. Implications to Operators As mobile operators roll out their networks, their requirements for performance, security, and traffic load evolve. During the launch of the initial LTE networks, operator focus is on basic functionality and reliability. Signaling capacity requirements may be understated as subscription numbers are expected to be low. However in the last couple of years, several high profile outages in early LTE networks have been attributed to signaling storms, proving that the high number of devices or traffic volume in an LTE network are not the driving factors. Given the high service impact of even an improbable signaling surge, operators need to carefully evaluate all signaling requirements at each of the network interfaces and boundaries, consider the role of a security gateway in protecting the MME, and implement comprehensive solutions for preventing service impacting overload.

×