Copyright2013AllotCommunicationsLtd.Allrightsreserved.

AllotCommunications,itslogoandcertainnames,productandservicenamesreferencedhereinmayberegisteredtrademarks,trademarks,trade
names or service marks of Allot Communications Ltd. in certain jurisdictions. All other names are or may be the trademarks of their respective
owners.Thecontenthereinissubjecttochangewithoutfurthernotice.
Thematerialcontainedhereinisproprietary,privileged,andconfidentialandownedbyAllotoritsthirdpartylicensors.Thisinformationhereinisprovidedto
thepersonorentitytowhichitisaddressed,foritsownuseonlyandevaluationofthisdocument,thereforenodisclosureofthecontentofthisdocumentwill
bemadetothirdparties,includingwithoutlimitationAllotscompetitors,withouttheexpresswrittenpermissionofAllotCommunicationsLtd










Advantages of Pure-play versus
Embedded TDF for LTE Networks


White Paper
June 2013
Advantages of Pure-play versus Embedded TDF for LTE Networks


2 Allot Communications. All Rights Reserved 2013. www.allot.com
Contents
Executive Summary .................................................................................................................... 3
The Need for Traffic Detection Function in LTE ..................................................................... 4
Pure-Play versus Embedded Solutions .................................................................................... 5
Functionality ............................................................................................................................................................. 5
Performance ............................................................................................................................................................. 6
Fixed-Mobile Convergence ................................................................................................................................. 7
Scalability ................................................................................................................................................................... 8
Traffic Steering to Value Added Services ...................................................................................................... 8
Total Cost of Ownership ...................................................................................................................................... 9
Summary .................................................................................................................................... 10
At-a-Glance Advantages of Pure Play versus Embedded TDF .......................................................... 11


Advantages of Pure-play versus Embedded TDF for LTE Networks


3 Allot Communications. All Rights Reserved 2013. www.allot.com
Executive Summary
Mobile broadband is steadily becoming the preferred medium for accessing the
Internet and its unlimited array of over-the-top content and services. With the rising
use of smartphones, tablets, and mobile-enabled laptops, consumer demand for
downloading, streaming, browsing, creating, and sharing content continues to
increase exponentially. As a result, mobile carriers face increasing over-the-top use
that doesnt translate into proportional revenue growth, and increasing congestion
that negatively impacts the quality of experience (QoE) for everyone on the network.
To remain competitive in this dynamic environment, mobile carriers are
implementing Traffic Detection Function (TDF) solutions to help them:
Optimize the delivery and performance of over-the-top applications and
services
Personalize the user experience by providing tiered service plans
Monetize network utilization through online and offline charging policies
We analyzed two TDF architectures a pure-play architecture that is purpose-built to
identify traffic flows and enforce policy and charging rules; and an embedded
architecture which incorporates these functions into Packet Data Network Gateway
(PGW) equipment. We also compared the performance, scalability, and operability in
converged network environments of these two TDF architectures.
Read on for further details.
Advantages of Pure-play versus Embedded TDF for LTE Networks


4 Allot Communications. All Rights Reserved 2013. www.allot.com
The Need for Traffic Detection Function in LTE
Mobile broadband is the fastest-growing medium for accessing the Internet and its
unlimited array of content and services. With the rising use of smartphones, tablets,
and mobile-enabled laptops, consumer demand for downloading, streaming,
browsing, creating, and sharing content continues to increase exponentially.
Moreover, subscribers left the mobile operators walled garden of services long ago
in favor of a vast selection of over-the-top Internet applications and content that are
driving the demand for more mobile bandwidth.
Perhaps the most important initial factor driving mobile broadband growth was its
predominantly flat-rate billing model which greatly affected usage patterns.
Originally, mobile operators introduced flat-rate billing plans to encourage
subscribers to use their mobile broadband service without worrying about the cost.
As a result, 3G and 3.5G carriers face increasing over-the-top use that does not
translate into proportional revenue growth, and increasing congestion that
negatively impacts the quality of experience (QoE) for everyone on the network.
While LTE technology promises to deliver higher bitrates more bandwidth for data
services, it wont solve all the problems. The increase in bandwidth will simply spawn
a new generation of bandwidth-intensive applications that were previously
insupportable. We already see video applications shifting to higher definition modes
given the LTE access opportunity. Moreover, the issues of congestion, quality of
service, and revenue generation are not confined to the mobile arena, but will be felt
across both mobile and fixed networks as they converge.
To remain competitive in this shifting and dynamic environment, LTE carriers are
looking for ways to maximize their infrastructure investments while managing
network use more effectively. Traffic Detection Function (TDF) solutions are designed
to enable broadband operators to achieve these goals. TDF solutions enable LTE
networks to:
Optimize the delivery and performance of over-the-top applications and
services, depending on network conditions and subscriber expectations.
Personalize the user experience by providing tiered service plans that allow
subscribers to manage their own usage, and control their monthly outlay for
over-the-top services.
Monetize network utilization through online and offline charging policies
that meter over-the-top usage and dynamically adjust service availability and
cost depending on allowance caps, top-up options, free applications,
subscriber location, and other provisions in the tiered service plan.
In this paper, we compare two TDF architectures pure-play TDF and embedded TDF
and analyze their functionality.
Advantages of Pure-play versus Embedded TDF for LTE Networks


5 Allot Communications. All Rights Reserved 2013. www.allot.com
Pure-Play versus Embedded Solutions
Deep packet inspection (DPI) is at the heart of the Traffic Detection Function. DPI
technology provides the ability to identify data flows in real-time and to leverage
that information in order to enforce QoS and charging policies. Today, TDF solutions
can be implemented in one of two ways:
Pure-Play TDF: A pure-play TDF solution, such as Allot Service Gateway, comprises a
dedicated, in-line network element that communicates with policy (PCRF) and
online/offline charging systems. It employs DPI to identify subscriber-application
traffic and enable policy-based QoS and charging actions to be enforced on the
traffic flows in real time. Enforcement actions include traffic shaping, online and
offline charging, and traffic steering to various network and subscriber services. These
are core competences of the pure-play TDF solution.
Embedded TDF: An embedded TDF solution integrates DPI capability to an existing
network element such as a PGW that is already performing fundamental network
tasks, including establishing and managing connections, service flow detection, traffic
shaping, and basic charging.
Functionality
Pure-play TDF
A pure-play TDF solution, such as Allot Service Gateway, employs advanced flow
inspection and analysis algorithms that identify data traffic per application, per
subscriber and per network topology, plus the ability to act upon this valuable
intelligence in real time by mapping it directly into policy enforcement and charging
rules. At Allot, we call this Dynamic Actionable Recognition Technology or DART.
The DART engine in every Allot Service Gateway identifies more over-the-top
applications and protocols than any other solution on the market. Its signature library
is updated frequently to keep pace with new developments, and operators may add
their own user-defined signatures to the library. To enhance accuracy, DART applies
multiple identification methods, including textual, behavioral and statistical analysis
and is able to learn and adapt to changing situations as over-the-top applications
attempt to evade detection through encryption or by altering their connection
behavior or flow patterns.
Allot Service Gateway, integrates seamlessly in the operator network via standard
3GPP interfaces (Diameter Sd, Gy, Gz) to policy and charging systems. Real-time
traffic intelligence is delivered directly to PCRF and OCS/OFCS elements, enabling
policy decisions and charging actions to be taken with the same level of granularity.
The PCRF may determine that certain policies should be enforced by the PGW, while
other policies that require traffic steering, online charging or tiered QoS actions will
be enforced by Allot Service Gateway. Likewise, Online Charging Systems receive the
real-time session data they need to accurately meter and charge for over-the-top
services, while Offline Charging Systems benefit from the granular intelligence
provided by Allot Service Gateway.
Advantages of Pure-play versus Embedded TDF for LTE Networks


6 Allot Communications. All Rights Reserved 2013. www.allot.com

Pure-play TDF integrates seamlessly in the operator network via standard
3GPP interfaces (Diameter Sd, Gy, Gz) to policy and charging systems
Embedded TDF
The DPI function embedded in todays PGW is quite basic and therefore unable to
identify specific over-the-top applications. It uses a simple textual method that
reads the signature in the packet header and allows the PGW to identify 20-50
applications on average. It can also identify basic and known traffic patterns.
The embedded DPI function was introduced to the PGW after its original design and
therefore, the integration of the function is not optimal and suffers from a learning
curve. In some cases, in order to expedite availability, a third party DPI element was
employed by PGW vendors. This makes signature updates a cumbersome and
lengthy process. As a result, these systems are usually limited to detecting types of
applications (such as streaming video) rather than specific applications (such as
YouTube) and their ability to identify over-the-top applications is severely limited.
The limitation of embedded DPI functionality also affects the PGW traffic shaping
and charging capabilities, which depend on accurate identification of traffic flows. For
example, once a flow is identified and traffic shaping is applied, the PGW cannot
adjust to adaptive applications that alter their connection and/or traffic pattern in
response to being shaped. Likewise, operators cannot leverage the PGWs charging
capability for over-the-top applications if the embedded DPI function is unable to
identify most of these applications.
Performance
Pure-play TDF
Pure-play TDF systems are built for performance. When fully configured, a single
Allot Service Gateway can inspect and identify the traffic of up to 8 million
subscribers at speeds of up to160 Gbps. As more LTE networks are deployed, the
ability to monitor large volumes of traffic at high speeds becomes even more critical.
Embedded TDF
Since PGW and DPI functions compete for common resources in the same platform,
mobile operators have noted that when the embedded DPI function is activated,
PGW performance drops off significantly. Performance degradation of 50% is quite
common as the PGW struggles to maintain its core functions and to handle the
additional DPI load. This is especially true in LTE environments, where the PGW is
Advantages of Pure-play versus Embedded TDF for LTE Networks


7 Allot Communications. All Rights Reserved 2013. www.allot.com
being asked to perform these additional functions at much higher speeds (10Gbps
instead of 1Gbps) and on larger volumes of traffic than in 3G networks. Also, PGWs
tend to incorporate many more network functions than their GGSN counterpart,
leaving even fewer resources for deep packet inspection. The result is a PGW whose
performance is compromised by the add-on functions.
Fixed-Mobile Convergence
Pure-play TDF
The converged network environment is where a pure-play TDF solution like Allot
Service Gateway truly shines. The reason is simple. It provides a single point for
policy enforcement and online charging across any type of access. As a unified
platform for traffic monitoring, QoS, charging, steering and added-value services,
Allot Service Gateway enables real-time convergence at the core. This pure-play
system already interfaces with both RADIUS and DHCP authentication systems (as
well as all-Diameter environments that have no RADIUS); with both PCRF and OSS
provisioning systems; and with OCS/OFCS and Mediation systems. It can be deployed
in the core network or closer to access networks or both, depending on the scope of
the solution needed by the operator. In contrast, the core function of a PGW dictates
its location and limits its interoperability.

Allots pure-play TDF solution provides a single point for traffic inspection, policy
enforcement and online charging across any type of access. In the embedded TDF
solution, each PGW and BRAS vendor must provide its own interface to
authentication, policy and charging systems.
Embedded TDF
In converged fixed-mobile networks, the limitations of an embedded TDF solution
are most pronounced. Converged networks contain different signaling and
interconnection elements depending on the access that the subscriber is using
GGSN or PGW in mobile networks, and BRAS or edge routers in fixed networks. To
provide unified services over different access networks, the same capability would
have to be embedded in each of these different elements and they would have to be
Advantages of Pure-play versus Embedded TDF for LTE Networks


8 Allot Communications. All Rights Reserved 2013. www.allot.com
able to communicate with a central PCRF or other policy server. The same is true
when GGSNs or PGWs from multiple vendors are deployed in the network. This lack
of interoperability severely limits the converged operators ability to provide unified
services over any access network.
Scalability
Pure-play TDF
The modular architecture of a pure-play TDF like Allot Service Gateway means you
can start small and scale upward as needed, both in terms of core competence and
value-added services capacity. Modular blades deliver incremental port density and
throughput (from 32 to 160 Gbps) in a single platform. Platform clusters can scale to
provide up to 1 Terabit/second of aggregate throughput. As a pure-play vendor,
Allot offers a complete portfolio of end-to-end solutions, starting with entry-level
bandwidth management devices and scaling all the way to chassis-based platforms
with a full complement of pluggable blades that can be tailored to any network
environment and performance requirements.
Embedded TDF
In the TDF platform, there are a limited number of slots available for the DPI services
that vendors embed in their equipment. Most of real-estate of the PGW remains
devoted to its core functions. Therefore, the ability to expand an embedded TDF
solution within the same platform is quite constrained. At some point, the only way
to expand is to deploy additional PGW equipment. This is an expensive proposition.
Unlike the breadth of pure-play devices and platforms, the embedded TDF requires a
full PGW system, which limits the ability to match deployment to growing needs.
Traffic Steering to Value Added Services
Pure-play TDF
A pure-play TDF solution such as Allot Service Gateway is able to steer subscriber-
application traffic in real time to a variety of services such as video optimization,
media caching, URL filtering, botnet containment, DDoS mitigation, and others. It
also balances the load among multiple service elements as needed. These services
may be hosted externally, or on modular blades within Allot Service Gateway
platform, making deployment easier and more cost-effective. For example, instead of
deploying multiple in-line systems, only Allot Service Gateway is deployed. Instead of
each service having its own interface to provisioning and charging systems, Allot
Service Gateway provides a single interface for all services. Moreover, the platforms
open and standards-based architecture is designed to facilitate the integration of
third-party services, opening the door to current and future service creation
opportunities.
Embedded TDF
Some PGWs are able to divert traffic to external systems, however they mostly do
so based on Layer 3/Layer 4 and cannot steer traffic based on the specific application
(Layer 7). On the other hand, the PGW is able to steer traffic to services within the
PGW platform. The main drawback is that the platform usually has no physical room
Advantages of Pure-play versus Embedded TDF for LTE Networks


9 Allot Communications. All Rights Reserved 2013. www.allot.com
left to host these value-added services. Most slots in the chassis are dedicated to
interconnection functions. Additional slots perform DPI functions. Only what remains
can be used for other services. Moreover, additional services would further impinge
upon performance as the system is already straining to accommodate the deep
packet inspection and other capabilities that were added on to its core functions. In
this regard, the pure-play solution offers far more functionality and flexibility than
the embedded solution.
Total Cost of Ownership
While a comparative analysis of TCO is beyond the scope of this paper, operators
should consider the following factors when deciding what kind of TDF solution to
deploy.
High cost of PGW hardware and software modules and the further system
expansion that may be required as a result of performance degradation
caused by DPI activation.
Can existing PGWs in the network be upgraded rather than fork-lifted and
replaced? If not, further acquisition and deployment costs must be taken into
account.
The price of DPI software licenses offered by Telco Equipment Manufacturers
(TEM) is typically higher than the equivalent license from a pure-play DPI
vendor.
Annual service contracts are derived from the cost of the hardware/software.
If capex is higher, service costs will also be higher.
Other Considerations
In addition to up front capital expenditures and ongoing maintenance, operators
should consider the ability to steer traffic to network and subscriber services hosted
in or outside the pure-play platform and the potential cost-savings and/or revenue
that could be generated as a result. While TEMs can embed DPI within their
equipment, they cannot leverage DPI the way that a pure-play solution can. Allot
Service Gateway not only provides superior traffic intelligence at multiple levels, it
also leverages that intelligence to enable the creation and deployment of services far
beyond traffic management and charging. These include cost-saving services such as
video caching and video optimization, which is becoming a must-have as Internet
traffic it overtaken by video content and operators seek to ease the load on the
network. It also includes security services such as botnet containment and clean-up
that help operators avoid blacklisting and keeps harmful traffic from overloading the
network.
Operators can also leverage Allot Service Gateway to tier and personalize service
packages in a variety of ways including bandwidth tiers, QoS tiers, parental control,
usage allowances, real-time charging, pay-as-you-go plans, real-time notification of
charge, and many other revenue-generating use cases.
Advantages of Pure-play versus Embedded TDF for LTE Networks


10 Allot Communications. All Rights Reserved 2013. www.allot.com
Summary
When comparing apples to apples, the pure-play TDF solution clearly provides
superior functionality, performance and scalability over embedded solutions. It also
may offer a lower total cost of ownership. But thats only part of the story. The pure-
play versus embedded argument is really more like comparing apples to oranges
because the embedded solution simply cannot compete with pure-play TDF in terms
of unlocking new revenues through policy, charging, and service enablement.
Advantages of Pure-play versus Embedded TDF for LTE Networks


11 Allot Communications. All Rights Reserved 2013. www.allot.com
At-a-Glance Advantages of Pure Play versus Embedded TDF
Functionality and TCO have been graded from 1 (low) to 5 (high) for easy
comparison.
Pure-Play TDF Grade
1-5
Embedded TDF Grade
1-5
Functionality Flow detection
Policy enforcement
Online charging
Offline charging
Interoperable with existing PGW
Service tiering
Traffic steering
Service hosting
5 Flow detection
Policy enforcement
Online charging
Offline charging
PGW
3
DPI Capability Core competence, proprietary
technology
5 Secondary competence usually
provided by 3
rd
party
3
DPI Accuracy 1000+ application signatures
Over the top
Textual
Pattern recognition
Behavioral
Statistical
Adaptable
Encrypted
Per subscriber
Per network topology (e.g., cell)
User-defined signatures
5 20-50 application signatures
Textual
Pattern recognition
1
DPI Updates Frequent, automated update of
signature library, including custom
user-defined signatures.
5 Long cycle to update 3
rd
-party DPI
software, signatures
2
Performance Purpose-built for DPI and service
enablement tasks
5 PGW is not designed for DPI tasks.
When DPI is activated in a fully
populated PGW, performance
degrades significantly.
2
Scalability Modular HW architecture
Expand capacity without
compromising performance
From 32 to 160 Gbps
4 Modular HW architecture
Limited slots available for add-on
DPI. Most slots devoted to core
PGW function
2
3GPP
Compliance
Yes
1
Yes
1
Convergence Single Traffic Detection point. For
any type of access. Enables real
convergence at the core.
5 Multiple Traffic Detection points.
Needed per access type (GGSN,
PGW, BRAS). Same limitation when
PGWs are provided by multiple
vendors.
1
Traffic Steering Steering to value-added services
hosted in the Service Gateway
Platform or hosted externally
3 Diverting to external services only at
L3/L4 not per application.
Diverting to services within the PGW
is limited by available slots and
activation further impinges on PGW
performance.
2
Value Added
Services
OTT video caching
OTT video optimization
URL filtering
Botnet containment
DDoS mitigation
Open to 3
rd
party services
4 Basic video optimization
URL filtering
Not enough resources to support
many services
2
Overall Grade

42

19