Nokia Siemens Networks Flexi Intelligent Service Node

Mastering mass market mobile access to the Internet

2007

Nokia Siemens Networks Flexi Intelligent Service Node

Enabling mass market mobile access to the Internet

There is only one Internet When mobile data services were introduced, many mobile operators relied on the so called walled garden approach, aiming at developing closed service and content portals. Mobile specic portals, originally referred to as mobile Internet were the only viable alternative for early GPRS networks and terminals which lacked capacity and graphical capabilities. Now, the wide availability of high speed mobile access networks, multimedia capable mobile terminals and laptop data cards allows subscribers to use Internet based services and applications. Access to the Internet has become a basic requirement for any mobile operators offering. Mobile operator business opportunity in providing Internet access Mobile operators main asset is their mobile networks wide geographical coverage, which allows for Internet access from anywhere. The operators business opportunity is to charge extra for this premium access method. Subscribers are willing to pay for hassle-free Internet access when they are on the move. With SIM based authentication, the operator is able to provide direct access to the services without registrations, PIN codes or passwords. In emerging markets, mobile networks are widely seen as the primary solution to provide access to the Internet. The trend is towards at fee tariffs The trend is strongly towards at fee tariffs, due to the competitive situation in many markets. Flat fee tariffs are also unbeatable in simplicity and easy to use for the subscribers. However, at fee charging in mobile networks requires subscriber and service related control capabilities in order to make a long-term protable business. Fixed broadband type subscriptions have already been introduced into mobile operator subscription portfolios. Typically, these are scenarios where maximum access speed is offered in alternative steps and/or the monthly data consumption is limited to a certain maximum amount at a xed monthly cost. With Nokia Siemens Networks Flexi ISN bandwidth management and subscription awareness capabilities and Nokia Siemens Networks charge@once online charging system, innovative tariff scenarios can be implemented easily. The challenge of peer-to-peer applications Internet based peer-to-peer applications are increasing in popularity. The most popular applications are used for le sharing and communication purposes. File sharing users are threatening to overload the operator network. Operators who have introduced unlimited at fee Internet access have already seen a small number of subscribers using a major share of the network capacity for le sharing. With Flexi ISN peer-to-peer trafc tracking and control capabilities, the operator can limit the bandwidth consumed by greedy applications to ensure fairer sharing of network resources. Treating Internet-based applications according to preferred business models Internet-based applications can be turned from a threat to an opportunity. This can be done with appropriate treatment of different services and applications in the operator network. Operators must protect radio network resources according to their internal policies. This is to ensure fair sharing of resources, both for individual subscribers and on a service type level. The mobile operator business opportunity is to charge premium rates for prioritized treatment of high value trafc. Flexi ISN allows the identication of both traditional services and applications and proprietary peerto-peer protocols. Service and application usage information can be combined with subscriber identity information.

Seriously scalable deep packet inspection system

The power of a centralized approach Flexi ISN integrates service awareness with standard 3GPP GGSN functionality. This allows the operator to implement a centralized network based control point for managing and charging for IP based services. Flexi ISN interfaces the charging and subscription management systems, giving minimal integration work when new services are introduced into the network. In a decentralized approach, each service needs to be separately integrated to the charging and subscription management systems, whereas in the centralized approach these are already integrated with Flexi ISN. Traditional Service Awareness for open protocols The concept of service awareness was introduced in the Intelligent Service Node in 2003 to track protocols and applications. Analyses of application protocols are based on IP packet analysis performed on OSI layers 3 to 7. Flexi ISN identies the originating and terminating addresses of IP packets on layer 3. The following application protocols are identied (application identication on layer 7): HTTP 1.x, WAP 1.x/2.0, mobile MMS over WAP1.x/WAP 2.0, MMS sender and receiver Streaming (Real Time Streaming Protocol) Push to Talk Over Cellular E-mail sending for SMTP File Transfer Protocol (FTP) i-Mode and video sharing

Flexi ISN offers a centralized control point for data services

2007

Nokia Siemens Networks Flexi Intelligent Service Node

Tracking Internet based peer-to-peer trafc

Many ways to detect P2P trafc Traditional deep-packet inspection with protocol analysis is not enough to track P2P applications. In general, there are three basic approaches to P2P trafc detection applied in Flexi ISN: Application signatures detection method: In this approach, protocol-specic patterns inside the packet payloads are searched. When this approach is applicable, it in principle provides 100 percent protocol detection accuracy. The drawbacks are that new emerging protocols or updated existing protocols cannot be detected automatically, requiring the pattern to be updated to the detection engine. Application level pattern search in each transport packet generates signicant processing load for the analyzer and some P2P protocols encrypt their payloads, which makes the analysis more dif cult. Transport layer port identication method: Here the transport layer ports used in the examined traf c ows are compared against the known P2P application ports. This approach can also work with encrypted protocols and is very efcient from a performance point of view. However, today almost all P2P protocols use variable or well-known non-P2P protocol port numbers (HTTP, FTP, etc.) to deliberately avoid port-based identication and to enable rewall traversal. The method cannot automatically adapt to protocol changes or the introduction of new protocols. Network/transport layer heuristics: This approach typically uses a set of network/ transport layer patterns (e.g. simultaneous use of TCP and UDP between peers, packet size distribution, etc). To optimize the processing load, heuristic algorithms typically apply stepwise protocol identication. If the protocol is not identied with rst-step analysis, the algorithm passes the examined packets to the network and waits until the next time the clients communicate. This type of approach typically has a good performance and can also be used to detect trafc associated with unknown P2P protocols. The drawback is that P2P protocols can be built such that they are not detected with this method. Most of the P2P protocols are detected by using the application signature or pattern matching method. The heuristic method is used to detect e.g. encrypted protocols like Skype.

Target services Means of flow identification Charging policy

Traditional Service Awareness Operator own and operator partner provided services

Bandwidth management tools

Peer-to-peer traffic awareness Internet based services and applications Analyzing also proprietary Analyzing standardized protocols; header information and secret protocols; heuristic methods Differentiating charging for Flat fee charging models different services and favor P2P service usage applications Bandwidth management with Service bandwidth management protects 3GPP QoS operator network against greedy applications misusing the network capacity

Extending traditional service awareness to peer-to-peer applications

Powerful Service Awareness

Seriously scalable Service Awareness Flexi ISN Service Awareness is based on deep packet inspection capabilities. Using such analysis, Flexi ISN can identify both IP traf c ows and applications. All traf c processing is performed on a single Service Blade per user session. This means that the traf c analysis has a minimal effect on throughput, with reliable operation achieved by minimizing inter-blade communication. The Service Switching engine in Flexi ISN determines the connection used towards packet data networks, taking network hierarchy and the needs of service providers into account. With service switching, the operators business logic dictates the treatment of each IP packet.

Single Access Point Many operators have discovered that a signicant percentage of attempts to access data services can fail, the majority of them being down to miscongured Access Points in the user terminal. When Flexi ISN is deployed in the network, the subscriber terminal can have single access point settings. The subscription prole denes which services and associated access points are to be activated for use when the user initiates a PDP context. For the operator single APN means simpler service conguration. When introducing new services, new service congurations can be created under the existing single APN.

Flexi ISN implements single Access Point

2007

Nokia Siemens Networks Flexi Intelligent Service Node

Deployment options: service aware GGSN or a traf c analyzer behind an existing GGSN

As a service-aware GGSN
ISN
SGSN

Gn

Gi

Operator IP network Service networks and the Internet

Gi

ISN
SGSN

Gn

GGSN

Gi

Operator IP network
As a traffic analyzer behind a legacy GGSN

Existing PaCo is untouched

Subscriber proling Flexi ISN is capable of downloading subscriber proles from an external subscriber database. The user proles can be fetched using a LDAP or RADIUS interface upon PDP context creation. Dynamic user prole updates are also supported. With subscription proling support, the operator is able to provide differentiated service bundles for different subscriber groups. Combined with service, access and location awareness capabilities, the operator can differentiate the set of services available for different subscriber groups. An example is allowing peer-to-peer le sharing and Voice over IP services usage for specic subscriptions only. Access, location and roaming awareness Access type awareness allows the Flexi ISN to control service and application usage based on the access type. The supported access types are UTRAN, GERAN, and 3GPP WLAN. Location Awareness functionality allows the services to be accessible only in dened area(s) of the network. As an example, the operator can allow P2P le sharing services only at the subscribers home location and nowhere else.

Applied parameters are: Mobile country code (MCC) Mobile network code (MNC) Location area code (LAC) Cell identity (CI) (for 2G network) Service area code (for 3G network)

Flexi ISN roaming awareness allows the control of service usage according to the subscribers roaming status. An example is restricting service awareness for outbound or inbound roamers. P2P le sharing services can, for example be allowed only for local subscribers in their home network. Deployment options Flexi ISN can be deployed as a service aware GGSN implementing standard GGSN functionality and service awareness in a single element. The other option is to introduce service awareness behind an existing third party legacy GGSN. In this option, the Flexi ISN acts as a trafc analyzer. The benet is quick introduction of service awareness. Later on, the same Flexi ISN can be deployed to replace the existing legacy GGSN.

Alias Access Point Name Operator challenge: Access Point Names (APNs) are used as reference points for subscribers to connect to the service networks. In order for the connection request to succeed, the correct APN settings must be congured in the terminal. Network evolution, however, requires the operator to make changes to the Access Point conguration. The changes should be reected in subscriber terminals, as terminal misconguration prevents service usage. Nokia Siemens Networks solution: Flexi ISN implements an Alias APN feature that allows mapping of the requested APN to a correct access point in the Flexi ISN. Alias APN is an important enabler for an operators single APN service access strategy. Operator benet: Operator is able to make service architecture changes without a visible effect for end users. Higher service success rate results in an improved ensuser experience, driving usage and preventing customer care load.

A full set of trafc management functionalities integrated with 3GPP GGSN

Access and location: Bandwidth and service usage can be controlled according to the access network type and subscriber location. An example of access network type based control is to limit the capacity for le sharing services in a cellular network but allow unlimited use in a WLAN network. Location Awareness functionality allows the services to be accessible only in dened area(s) of the network or controlling capacity usage according to subscriber location. An example is the operator allowing the use of P2P le sharing services only in the subscribers home location. Application: On the application level Flexi ISN P2P trafc detection capabilities allow the operator to differentiate the treatment of different P2P applications. Bandwidth limits can be set and application usage can be blocked even though the P2P service would be using the same PDP context as some unlimited service, e.g. browsing. Time of day: Flexi ISN allows traf c policing rules to be congured according to the time of day or day of week. A P2P le sharing traf c prole is typically symmetrical. As subscribers are downloading the les as background activity, there is no variation in the trafc load according to the time of day or day of week. By contrast, normal data traf c has heavy variations.

Service bandwidth management Flexi ISN allows the operator to manage the capacity allocation on a service level. The maximum bandwidth available for identied services and applications can be limited to a congurable value, both on an aggregate traf c level and on an individual subscribers level. This functionality has been developed to ensure fair sharing of network resources between subscribers and services. Combining P2P trafc detection capabilities With the subscription, access and location awareness capabilities that Flexi ISN offers, it is capable of providing multi-dimensional bandwidth management: Subscription: Fixed broadband type charging models can also be applied in mobile networks. The operator can provide subscriptions where the maximum access rate is limited to a certain value. This allows differentiated offerings for subscriber segmentation. P2P service usage can also be included or excluded in a subscription on a service level.

Multi-dimensional bandwidth management

2007

Nokia Siemens Networks Flexi Intelligent Service Node

QoS and Service Aware QoS Flexi ISN supports all 3GPP traf c classes: Conversational, Streaming, Interactive 1,2,3 and background to provide a high end-user experience of service quality with optimal network dimensioning. Service based QoS functionality allows the Flexi ISN to update the PDP context QoS level automatically during an active session. This is implemented to ensure optimal use of network resources and that the user experiences high service quality. Examples are forcing appropriate QoS parameter values for non-QoS aware terminals and protecting network resources against intentionally misbehaving terminals. Introducing HSPA for high speed mobile access Operators need to introduce high speed mobile access technologies in order to provide mass market mobile access to Internet resources and to serve business users accessing company intranets.
Different traf c management tools are applied in different parts of the network

Flexi ISN supports High Speed Packet Access (HSPA) with Extended 16 Byte QoS (3GPP Rel-5) prole offering that allows support of HSDPA bit rates up to 16 Mbit/s in the downlink direction and HSUPA bit rates up to 8 Mbit/s in the uplink direction. LTE ready packet core architecture Our Intelligent Packet Core offers best in the market CAPEX and OPEX ef ciency by supporting all major cellular access types - 2G GPRS EDGE, 3G GPRS HSPA, I-HSPA - and operator business models in a single platform. The 3GPP Long Term Evolution (LTE) program aims at improving ef ciency and lowering costs of providing mobile high speed access. The Nokia Siemens Networks SGSN is already aligned with LTE architecture with the Direct Tunnel solution that allows high volume user plane data to bypass the SGSN. High speed mobile access networks have an essential role in making mass market mobile access to Internet resources a reality.

Our Intelligent Packet Core aggregates functions that are common to all accesses

Element management via a Graphical User Interface The main management tool for Flexi ISN is the Web-based Nokia Siemens Networks Voyager. Delivered preinstalled, Voyager provides an extensive set of conguration parameters and element monitoring features, as well as a Graphical User Interface (GUI) for conguration, monitoring and control. It can be used remotely over a secured SSL connection and can be accessed by a Web browser and be run basically on any host. Also, the Command Line Interface (CLI) provides versatile functionality for application management. The CLI provides the same Flexi ISN conguration functionalities as Voyager. NetAct for network management Nokia Siemens Networks NetAct provides troubleshooting to monitor the health and performance at the element and service/ow levels in real-time. This allows problems to be tracked and xed as soon as they appear, ensuring continued delivery of services.

Security considerations Flexi ISN is positioned at the network edge where the user data becomes active on the network layer and where trafc coming from the packet data network is directed to subscribers. This is the point where security control must take place. As the gateway between end-user terminals and public and private IP networks, the Flexi ISN incorporates subscriber rewall functionality at both the IP networking and end-user levels. Packet ltering, based on the traf c classication, is supported for active PDP-contexts, with congurable protection against malicious attacks towards subscribers. The rewall can be congured to meet operational needs, with traf c being denied or allowed according to different ows, such as uplink only, downlink only, vbi-directional or denied.

2007

Nokia Siemens Networks Flexi Intelligent Service Node

Online charging control

Charging is a tool for subscription segmentation Charging is a valuable tool for subscription segmentation. In addition to differentiating tariff schemes, prepaid and postpaid subscriptions can be offered to different Diameter groups. Flexi ISN supports the Diameter interface for online charging control for the benet of both the operator and the subscribers. Flexible charging options allow the implementation of tariff models that best match the operators business strategy. Minimizing prepaid fraud Prepaid charging systems were originally developed for voice calls only. For these calls, an acceptable billing accuracy can be achieved with hot billing systems, where Charging Detail Records (CDRs) are sent immediately from the MSC to the billing center. With the advent of value-added data services, this is no longer the case. Users have the chance to benet from the so called fraud window, the time that elapses between prepaid credit running out and when service is denied. In the few minutes that this fraud window is open, a user could make several ring tone downloads or browse a number of content pages. Flexi ISN implements Diameter based credit control according to 3GPP release 6 specications. Minimizing possible prepaid fraud has been one of the main design criteria and the implementation optimizes both the rating engine load and the use of the credit control interface. Prepaid fraud can be minimized, with online charging and credit control, before the service is used.

Diameter for online charging Diameter is exible and complete enough protocol to implement the key functionalities needed by most operators without vendor-specic extensions. As an improvement to Radius, it offers more scalability, more reliability and more ef ciency. Diameter uses TCP, a connection-oriented and stateful protocol that guarantees reliable and orderly delivery of information. The Diameter implementation in Flexi ISN utilizes the experience acquired through earlier on-line charging solutions, the GGSN-based Radius solution and the SGSN-based CAMEL solution. Functionality has been developed in close co-operation with operators and is aligned with the latest standards. Flexi ISN brings 3GPP REL 6 based online credit control into commercial networks.

10

Time step charging

Time step charging Operator challenge: Need to nd an easy to understand charging model for sporadic data service users. Subscribers do not want to be in a hurry when using services, which is the case with time based charging. With volume based charging schemes, the subscribers are not able to estimate the costs of service usage. Nokia Siemens Networks solution: Time based charging applies the same charging philosophy as applied in hotel WLANs: the subscriber is able use the service for a predened time interval for a xed fee (e.g. $10/hour). When the rst packet of the service is let go a predened time interval (step) is always charged whatever the user behavior during this interval. After this interval, a new step will be charged at the time the next packet is let go. Operator benet: Increased service usage and more revenue due to easy to understand charging schemes. Subscriber benet: Time step charging improves the users understanding of service charging, as cost is easily predictable.

11

2007

Nokia Siemens Networks Flexi Intelligent Service Node

Temporary subscriptions Flexi ISN supports the DIAMETER interface for online charging control. This allows implementing temporary subscriptions with the support of an Online Charging System, for example, the Nokia Siemens Networks charge@once. Temporary subscriptions allow the operator to limit the maximum volume used during a certain time period (e.g. one month) to a certain congurable value. For example, the subscription may limit the monthly usage to maximum 10 Mbit or 50 Mbit with a xed fee. When the volume limit has been reached, service usage can be either barred until the end of the subscription period or another tariff can be applied. The operator may, for example, apply volume or time based charging when the limit has been reached. A notication can be pushed to the subscriber to inform them of the tariff change.

Limited rate packages With Flexi ISN QoS capabilities, the operator is able to implement subscriptions where the maximum access rate is limited to some congured value. This allows the operator to differentiate the subscriptions for different subscriber groups. Differentiated charging Flexi ISN allows the conguring of charging rules to differentiate charging according to the accessed service. Accounting options are: Layer 3 or layer 7 volume Time based accounting Accounting on event basis on layer 7 Mixing of different accounting: combinations of time, volume and event

An example of differentiated charging is charging a xed fee per MMS or per ring tone download, in other words, the service cost is independent of the number of bits transmitted

Multiple wallet charging Operator challenge: Companies are concerned about the costs incurred because of employees using non business related services and may not allow their employees to use mobile data services at all. Corporate customers are likely to churn and this calls for the differentiating of corporate offerings to retain existing subscribers and attract new ones. Nokia Siemens Networks solution: Flexi ISN supports charging to multiple wallets according to the accessed service. The wallets can have different charging proles (post-paid or prepaid). Work related service usage (e.g. company intranet access) can be charged to a corporate postpaid account whereas other services usage can be charged to a personal prepaid wallet. Operator benet: Retaining and increasing corporate customer base. End user benet: Cost control for mobile data services allows corporate segment to allow data services to all employees without risk of excess costs.

12

The winning architecture

Carrier-Class Architecture Flexi ISN has carrier-class availability that minimizes downtime and impact on revenue, an essential requirement for trusted operation. Flexi ISN provides ve 9s (99.999 %) platform availability, with yearly downtime measured in seconds. PDP context level redundancy The Flexi ISN architecture makes it possible to implement load balancing and achieve redundancy on a PDP context level. The user data ow in the Flexi ISN is the simplest possible: from Interface Blade via Switch Blade to Service Blade and back to Interface Blade. The Interface Blades provide physical interfaces, intelligent load balancing of user sessions and routing. Session level load balancing is implemented by directing incoming PDP context requests to the least loaded Service Blade. The result is an evenly distributed load in a redundant system, with every Service Blade being active and there are no extra standby blades. PDP contexts are made resilient by the Service Blade, which creates a standby session to the next least loaded service blade. This ensures service continuity if a Service Blade is removed or fails. Another advantage is that no peak in traf c is generated on failover caused by re-establishing connections. This makes the design of Flexi ISN superior to the traditional load balancing commonly applied in xed IP networks.

Simplicity of design: all traf c processing intelligence implemented on a single Service Blade

13

2007

Nokia Siemens Networks Flexi Intelligent Service Node

PDP context level redundancy

Simplicity of design Signaling is distributed on Flexi ISN Service Blades for high reliability and scalability. Removing any signaling bottleneck is important for on-line credit control to allow prepaid, dynamic policy control and frequent inter-system handovers. The heart of the Flexi ISN software runs on the Service Blades. Both the user and control planes are implemented in the Service Blades, which realize the traf c processing intelligence. In addition to the Interface and Service Blades, the Flexi ISN consists of Management Blades, Switching Blades and Hard Disk Blades.

Scalability to accommodate growth Together with high reliability, increased capacity has been a key driver in introducing a new platform for Flexi ISN. It offers excellent scalability, from a minimum sellable capacity of 1000 PDP contexts and 1 Mbit/s throughput, to the maximum of 4 Million PDP contexts and 10 Gbit/s throughput with four fully equipped chassis in a standard telecom rack.

14

Nokia Siemens Networks Flexi ISN - Building a smart yet invisible network

Flexi ISN brings carrier-grade service awareness to the Packet Core network. An open connectivity and control element, it provides secured access, high end-user service quality and charging and subscription control for cellular, wireless and wireline data networks. Our key differentiators are: Nokia Siemens Networks is a single provider for packet switched core Flexi ISN offers high availability with 99.999 % reliability for one shelf Flexi ISN offers superior performance with truly scalable deep packet inspection Flexi ISN has a graphical user interface and is easy to congure to reduce OPEX Flexi ISN offers a future-proof evolution path towards mobile broadband services

Nokia Siemens Networks is a leading global enabler of communications services. The company provides a complete, wellbalanced product portfolio of mobile and xed network infrastructure solutions and addresses the growing demand for services with 20.000 service professionals worldwide. Nokia Siemens Networks is one of the largest telecommunications infrastructure companies. Nokia Siemens Networks has operations in some 150 countries and is headquartered in Espoo, Finland. It combines Nokias Networks Business Group and the carrier related businesses of Siemens Communications. For more information please visit www.nokiasiemensnetworks.com.

15

Nokia Siemens Networks Corporation P.O. Box 1 FI-02022 NOKIA SIEMENS NETWORKS Finland Visiting address: Karaportti 3, ESPOO, Finland Switchboard +358 71 400 4000 (Finland) Switchboard +49 89 5159 01 (Germany)

Nokia Siemens Networks and the wave logo are registered trademarks of Nokia Siemens Networks. Other company and product names mentioned herein may be trademarks or trade names of their respective owners. Products and solutions herein are subject to change without notice. Copyright 2007 Nokia Siemens Networks. All rights reserved. Code: 11498 - Nokia Siemens Networks 07/2007 Activeark Oy

www.nokiasiemensnetworks.com