Brocade and Procera Detailed Insights for OTT Application Traffic Brocade Packet Broker together with Procera s PacketLogic TM Deep Packet Inspection (DPI) engine is targeted towards mobile service provider networks, to provide clear visibility into Over-The-Top (OTT) application traffic.. The benefits include: l Clear visibility into Over-The-Top (OTT) application traffic within mobile service provider networks. KEY BENEFITS Brocade Packet Broker, when integrated with Procera s PacketLogic DPI engine, provides the following important benefits: Addition of real-time network and subscriber intelligence to make network data much more relevant and actionable. Deep Packet Inspection (DPI) capability to identify all application traffic, allowing operators to provide differentiated offerings that cooperate with OTT applications. Quick and valuable insights into customer usage behavior. l Addition of real-time network and subscriber intelligence to make network data much more relevant and actionable. l DPI capability to identify all application traffic, allowing operators to provide differentiated offerings that cooperate with OTT applications. l Quick and valuable insights into customer usage behavior. BUSINESS CHALLENGE Consumers are reliant on fixed and mobile broadband networks more than ever. Quality problems on those networks often result in dissatisfaction, customer support calls, and subscriber churn. An intelligent network can ensure that high-value applications and real-time traffic meet the subscriber s quality expectations without requiring unlimited bandwidth. In today s business environment, knowing your customers, their interests, and how they interact with their networks and applications is essential to serving them better. For service providers, the challenge is finding a way to cost-effectively gain greater real-time business insights and offer tighter controls, enhanced services, and multiple classes of service on fixed and mobile broadband networks. SOLUTION: BROCADE ENVISION FABRIC AND PROCERA DPI PLATFORM Brocade provides a full suite of network packet broker solutions that can integrate with Procera s PacketLogic DPI technology via the open APIs available on both platforms. A network packet broker is a device that sits between the traffic extraction point in the network (TAP or span/mirror port) and the analytics tools (such as security devices, roaming analytics, usage/billing analytics, video, VoLTE), and manages the traffic to get the maximum performance from all the various analytics tools. Live data is streamed out of a mobile service provider network, typically using optical Test Access Points (TAPs). From that network, this streaming data moves to a separate out-of-band packet broker network. Brocade Packet Brokers can be physical or virtual as required, and they all work together in a single Brocade Envision fabric. From the packet broker, the data then travels to a variety of analytics tools, depending on the kind of visibility and reporting desired. 1
The packet broker network is managed by a software visibility manager. A single visibility manager can manage multiple packet brokers, even across disparate locations. The visibility manager exposes a REST API that the analytics tools can use to control the data flow toward them. Figure 1 BROCADE ENVISION FABRIC NETWORK PACKET BROKER SOLUTION ARCHITECTURE. Mobile Data Center Network Packet Broker Analytics Tools PCRF API Interface Roaming HSS Security Congestion MME MME MME OCS OFCS User 2 Usage/Billing Marketing User 1 Diameter Video User n VoLTE SGW PGW If a hardware (physical) packet broker is used in the solution, its capabilities can be expanded using Brocade Session Director. This clustered scalable software solution provides expert features, such as GTP correlation, packet- and flow-level deduplication, and SmartMatch filtering (filtering with regular expressions). Figure 1 illustrates the Brocade Envision fabric network packet broker solution architecture. This architecture differentiates itself by combining the flexibility and scale of software functionality with the high performance of switching and routing hardware to provide maximum visibility at minimum cost. When Brocade Packet Broker is used with the Procera PacketLogic DPI platform, the packet broker front-ends network traffic aggregation and optimizes Procera s packet inspection capability with its SmartMatch filtering capabilities, available via the REST API in Brocade Session Director. SOLUTION DETAILS Brocade Packet Broker, together with Procera s PacketLogic DPI engine, monitors application usage on mobile service provider, fixed broadband, and enterprise networks, and provides realtime notifications that can be used by third-party systems to block, throttle, or prioritize network traffic by application and subscriber, as required. This combined solution enables organizations to monitor more than 2,000 applications, thanks to the power of Procera s PacketLogic DPI engine. Examples of these applications include: l Communication applications: Skype, WhatsApp, Viber, Line. l Video applications: YouTube, Netflix, Hulu. l Email: Gmail, Yahoo Mail, AOL. 2
SOLUTIONS CASE STUDY BRIEF Monitoring application usage provides businesses with key insights for improving security, customer service, and revenue streams. For instance, trend monitoring of OTT applications can expose threats to existing voice, video, or other data revenues. While troubleshooting real-time data traffic can help organizations more quickly resolve customer support issues. Brocade Packet Broker is out of band to the production network, thus eliminating both the possibility of introducing latency into that network as well as any potential disruptions to production traffic. The traffic flow is as follows: 1 A copy of network traffic is made at the TAP. This data comes to Brocade Packet Broker (including Brocade Visibility Manager and Brocade Session Director) at its network (ingress) ports. 2 Brocade Packet Broker applies smart filters based on the requirements programmed by the Procera PacketLogic DPI system. It has a rich suite of functions, including packet data masking for sensitive data, data deduplication, packet timestamping, replication, packet modifications like header stripping, pattern matching, and many others essential for efficient functioning of the analytics tools. 3 Now the data is in the format most consumable by the Procera tools. This traffic is then sent by Brocade Packet Broker to the Procera PacketLogic DPI engine from its tool (egress) ports. The traffic can also be load-balanced across these ports for a clustered scale-out system. USE CASE: MONITORING MOBILE RAN AND CORE NETWORKS Figure 2 shows the topology for monitoring a mobile Radio Access Network (RAN) and core network. The system monitors traffic at various points in the RAN and core network, and can send notifications in real time to the external network s firewall in order to block or throttle application or subscriber traffic. Figure 2 MONITORING MOBILE RAN AND CORE NETWORKS Radio Access Network (RAN) Core Network (EPC) External Network Mobile User SGW PGW MME PCRF TAP d Traffic TAP d Traffic Block IP Notification 3
SOLUTIONS CASE STUDY BRIEF USE CASE: MONITORING FIXED BROADBAND NETWORKS Figure 3 shows how the same solution can be used to monitor a fixed broadband network. In this case, traffic is TAP d at the transport or ISP networks, and the access control notifications are sent to the router that connects the ISP to the Internet. Figure 3 MONITORING ENTERPRISE NETWORKS Subscriber Premises Subscriber line (xdsl) Transport Network (ATM or ethernet) ISP Network (IP) Internet xdsl router DSLAM BRAS Internet Router Block IP Notification Passive TAP USE CASE: MONITORING ENTERPRISE NETWORKS This solution also can be used to monitor an enterprise network. As shown in Figure 4, the network traffic is obtained from the enterprise LAN, and the access control is then applied at the remote access servers and the gateway router, which provides access to the enterprise ISP. Figure 4 MONITORING ENTERPRISE NETWORKS Telecommuters File Servers Server Farm Internet Local ISP Remote Access Server L2 Switch Gateway Router Passive TAP In addition to monitoring application usage (as described in the three use cases), this solution also can be used for bandwidth, network and marketing analytics, and tool traffic optimization. 4
LEARN MORE Brocade partners with companies of all sizes to deliver innovative solutions that help organizations maximize the value of their most critical information. To learn more, visit www.brocade.com. ABOUT BROCADE Brocade networking solutions help organizations achieve their critical business initiatives as they transition to a world where applications and information reside anywhere. Today, Brocade is extending its proven data center expertise across the entire network with open, virtual, and efficient solutions built for consolidation, virtualization, and cloud computing. Learn more at www.brocade.com. ABOUT PROCERA Procera Networks, the global Subscriber Experience company, is revolutionizing the way operators and vendors monitor, manage, and monetize their network traffic. Elevate your business value and improve customer experience with Procera s sophisticated intelligence solutions. For more information, visit proceranetworks.com or follow Procera on Twitter at @ProceraNetworks. Contact your Procera sales representative to find out more about this solution and how it can help you transform your business. v20161215 ABOUT PROCERA NETWORKS Procera Networks, the global Subscriber Experience company, is revolutionizing the way operators and vendors monitor, manage and monetize their network traffic. Elevate your business value and improve customer experience with Procera s sophisticated intelligence solutions. For more information, visit proceranetworks.com or follow Procera on Twitter at @ProceraNetworks. CORPORATE OFFICES Procera Networks, Inc. 47448 Fremont Blvd Fremont, CA 94538 P. +1 510.230.2777 F. +1 510.656.1355 CORPORATE OFFICES Procera Networks Birger Svenssons Väg 28D 432 40 Varberg, Sweden P. +46 (0)340.48 38 00 F. +46 (0)340.48 38 28 ASIA/PACIFIC HEADQUARTERS Unit B-02-11, Gateway Corporate Suite, Gateway Kiaramas No. 1, Jalan Desa Kiara, Mont Kiara 50480 Kuala Lumpur, Malaysia Copyright 2015 Procera Networks. All rights All rights reserved. reserved. All other All other trademarks trademarks are property are property of their of respective their respective owners. owners.