Skip to main content
Nov 22 2011

Mobile Application Assurance

Deep packet inspection brings deep insight

Mobile Application Assurance (Mobile AA) is an Alcatel-Lucent solution for massive, real-time processing and service assurance of mobile IP traffic at Layers 4 to 7 (L4-L7). Traffic inspection techniques performed at these layers (L4-L7) are commonly referred to as deep packet inspection (DPI). As the number of users, devices and IP applications grows and use of data services is more personalized, DPI techniques are becoming essential as they help Mobile Service Providers (MSPs) to:

  • Understand and improve use of network resources
  • Protect network resources
  • Enhance end-user quality of experience (QoE)
  • Define and offer differentiated, new services

Shallow packet inspection (SPI) looks only at basic protocol information in the IP header; it relies on L1-L3 traffic inspection only. SPI doesn’t provide enough information to make application-related conclusions — especially as applications quickly change and adapt to support advanced new protocols and encapsulation methods. To make informed decisions, MSPs need more details about traffic types and associated data volumes. L4 to L7 DPI techniques examine and analyze the characteristics of the user or application traffic (payload) to provide MSPs with such details. For example, L4 to L7 DPI techniques are used to inspect the content of IP Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) flows, reassemble IP datagrams, TCP data streams and UDP packets and sometimes to perform additional traffic analysis. The detailed information gleaned from L4 to L7 DPI can help elevate DPI from a tool for aggregate traffic control to an instrument for per-user and per-device service management and revenue generation (Figure 1).

Getting the application right

Application signature definition is the first and most important step toward any DPI implementation. Application-specific traffic flows are identified by their unique digital signature — their digital “application fingerprint.” A static digital signature library is typically not adequate for a quickly changing and evolving mobile environment to consistently identify all instances and variations of an application, as well as new applications. This is because certain applications, such as peer-to-peer (P2P) flows, change pattern and use encryption to remain unidentified. Having access to a regularly updated library of digital signatures is essential to successfully implement DPI. Figure 2 shows a collection of digital fingerprints, using DPI techniques to look beyond IP headers into IP packet payload.

How Mobile Application Assurance works

Alcatel-Lucent delivers Mobile AA on the Alcatel-Lucent 7750 Service Routers Mobile Gateway – a 7750 SR configured to perform the roles of a Serving Gateway and/or a Packet Data Node (PDN) Gateway for Long Term Evolution (LTE), and/or the role of a Gateway GPRS Support Node (GGSN) for 2G/3G/3G+ wireless packet core environments. Alcatel-Lucent Mobile AA encompasses two steps:

  • Application identification
  • Quality of service (QoS) policy actions

Application identification

Application identification is made on positive matching between a traffic flow and a locally kept database of application signatures. The detection of applications is further facilitated and made more manageable by the use of application filters, which can be customized to define the use of protocol signatures and other criteria that define an application. The following criteria can be assigned to an application rule filter entry:

  • Protocol signature
  • String-based matching: For Hypertext Transfer Protocol (HTTP), Wireless Application Protocol (WAP), Session Initiation Protocol (SIP) and Transport Layer Security (TLS)
  • Flow setup detection
  • Network IP address
  • Network port number
  • IP protocol number
  • Unique application name
  • Unique entry ID number

Network applications of interest are identified and managed by MSPs using a very structured approach. This allows:

  • Quick and easy configuration
  • Applications to be organized into groups
  • Customization of application filters and associated policy actions

Application QoS policy actions

After an application flow is identified and matched to a specific application filter, the flow is checked against a provider-defined set of Application QoS Policies (AQPs). An AQP is a set of rules defining the match criteria and actions to be taken on the identified traffic. Multiple actions for matched flows are supported. The statistics for the flows, along with the subscriber and application context, can also be recorded. Examples of AQP actions include:

  • Bandwidth rate limiting
  • Flow setup rate limiting
  • Flow count limiting
  • QoS re-marking: Discard priority and forwarding class
  • Discard (drop)
  • None: For monitoring and reporting only
  • Charging instructions

Improving monitoring and reporting

One of the most common uses of Mobile AA is to collect information on traffic types, volumes and temporal variations — for a specific user, device, or application. For example, Mobile AA might be used to track and monitor aggregate use of all applications of the same type in the network. This information can then be passed to a collection, archival or reporting system(s) for further analysis. Mobile service providers can use the information about usage patterns in the network at both the individual application and the aggregate (network) level. For example, they might want periodic views of the data for specific network devices and associated applications. These views help MSPs know what actions are needed to improve use of network resources. They also help with network planning.

Protecting network resources

Mobile AA can also be used to ensure fair use of network resources and to protect network resources from unauthorized or excessive and uncontrolled usage. While SPI techniques are restricted to basic per-flow traffic counting and bandwidth measurement in a protocol-agnostic manner, L4-L7 DPI information can be used to properly allocate resources among network users or different classes of network services. Mobile AA techniques can be used to identify users, devices and applications that are consuming significant network resources for P2P file transfers. Heavy P2P usage can jeopardize both service plan agreements and the allocation of network resources for other — possibly premium — users and applications. After applications of interest are identified, MSPs can use service plans and network policies to govern how these applications will use the network resources. The use of network resources can also be prioritized or de-prioritized to indicate premium or non-premium QoS treatment. The result is fairer allocation of network resources among users, devices and applications according to their service eligibility and subscription. This is one example of how the advanced traffic processing provided by Mobile AA can serve as the basis for additional traffic insight and operator functionality. Mobile AA can be applied to other key areas including:

Enabling new services and revenues

Increasingly, MSPs are using L4 to L7 DPI techniques to identify, sort and filter user and application data and correlate this information to their service packages. While new and differentiated services are offered, the need to provide real-time, context-sensitive links to billing and charging systems is increased. Mobile AA can be instrumental to:

  • Address specific users or market segments to increase revenue
  • Differentiate from the competition to increase market share

For example, Mobile AA can facilitate differentiated charging (or zero charging) based on specific traffic types or Web domains (specific URLs).This capability has become increasingly important to improve overall customer satisfaction and competitiveness. Using Mobile AA as part of a larger policy and charging framework While Mobile AA can be used to facilitate monitoring, planning, preventive and corrective activities, it can also be integrated in the network as a part of a larger policy control and charging framework. Most MSPs are moving away from network environments where access, usage control and charging are statically based on user profiles. They’re migrating to real-time environments based on 3GPP-defined network-wide policy control and charging (PCC) architecture. The PCC architecture introduces two network entities:

  • The Policy and Charging Rules Function (PCRF), which collates subscriber and application data, authorizes QoS resources and instructs the user (data) plane element how to further process data traffic.
  • The Policy and Charging Enforcement Function (PCEF), which uses PCC rules to classify traffic by service data flows and apply QoS and charging mechanisms as instructed by the PCRF.

In a PCC architecture, Mobile AA becomes a subset of PCEF functionality, providing extended application-level insight and enforcement capabilities, such as:

  • Identification of unknown or untrusted Internet traffic in L4 to L7
  • Monitoring and reporting when positive identifications are made and policies are enforced, with the ability to deliver service-level and user-level granularity
  • Flexible QoS policy enforcement for both upstream and downstream directions and for all traffic of interest

With these extended capabilities, Mobile AA effectively becomes a key part of the larger policy control and charging framework that is required for policy-based control of network resources in a real-time, dynamic and large-scale environment.

A technical and business imperative

Advanced traffic processing capabilities are a technical prerequisite and an imperative of next-generation mobile broadband networks. To enable technical and business benefits for MSPs, L4 to L7 DPI must:

  • Offer CPU-intensive, sophisticated real-time processing of large traffic volumes
  • Perform traffic inspection, analysis and in-line processing (to avoid the need for additional equipment or “bump-in-the-wire”)
  • Support flexible configurations
  • Be able to help with the evolution of existing business models and services

By being able to extend its vast set of advanced traffic processing capabilities, including Mobile AA, and to provide detailed and direct support to charging and billing systems, the Alcatel-Lucent 7750 SR Mobile Gateway becomes an instrument for further personalization and monetization of mobile services. When used in conjunction with other packet core elements, particularly the Alcatel-Lucent 5780 Dynamic Services Controller (DSC) in the role of PCRF, this set of 7750 SR capabilities turns the packet core into a true business engine and a business instrument for mobile service providers. For more information about Mobile AA on the Alcatel-Lucent 7750 Service Router Mobile Gateway, please read our application note on the topic. To contact the author or request additional information, please send an e-mail to networks.nokia_news@nokia.com.

About Alex Pavlovic

Alex is a telecommunications engineer voluntarily “planted” in IP product marketing team in Nokia (and loving it), and a firm 5G believer. To disconnect and recharge, Alex follows the lead of his two whippets (Lokki and Django), practices the art of Tsundoku, and keeps the valves of his tube audio amps warm with music.

You can connect with Alex on LinkedIn or on Twitter.