Stoke, Inc.

Products: Blueprint for a Mobile Broadband GW

Stoke Session Exchange: A Blueprint for New Machinery.
With a dearth of telecommunications investment and innovation marking the first half of this decade, Stoke stands out for designing forward-looking systems that focus on emerging requirements using contemporary technologies.

Stateful management of tens of thousands of secure, reliable, high-quality subscriber sessions over multiple access types requires modern product design. New challenges - such as cost-effective scaling of multi-access subscriber connections, granular session management, and improved service creation and control - must be addressed at the system level. With this perspective, and in compliance with leading standards, the Stoke Session Exchange (SSX) was designed and developed.

To deliver fundamental feature, price and performance advantages over re-purposed routers or legacy session-oriented platforms, the SSX delivers innovations in four fundamental system design elements:

• Processing Resources that Balance Performance and Flexibility
• A Systems Architecture to Improve System Latency and Redefine Scalability
• High Capacity Data Plane And Control Plane Processing
• A Contemporary, Reliable Operating System

Powerful Subsystems Balance Performance and Flexibility
Delivering converged broadband services demands high performance network systems, but efficient pursuit of current and emerging opportunities demands functional flexibility. These two requirements are often at the opposite ends of system design choices, but by using purpose-built technologies for well-defined, highly repetitive tasks like encryption/decryption and forwarding lookups, and programmable technologies for packet and control processing functions which evolve over time, Stoke assures the SSX delivers an optimal balance between raw performance and adaptability.

With these design principals and the broad set of contemporary carrier edge requirements, Stoke developed four key processing subsystems for the SSX, enabling it to deliver a full set of multi-access IP session management functions today, and meet the requirements of tomorrow.

The control processing subsystem manages subscriber sessions, service continuity (mobility), charging events and data collection, QoS, and policy enforcement. Functions within this subsystem must remain current with standards activities and are often optimized to meet individual operator requirements. Processing resources are dedicated to this subsytem that is largely based in programmable technologies.

The security processing subsystem provides scalable, high-throughput encrypting and decrypting of secure subscriber sessions. It provides many encryption options for meeting the demands of most operators. Purpose-built technologies are employed to perform these repetitive functions at very high speeds.

The packet processing subsystem provides packet parsing, application classification, and policing. Network processors provide a framework for high speed packet processing and the Stoke operating system directs those resources to extract critical details from the packet stream to empower other session management and control processes within the system.

The packet forwarding accelerator provides high-speed lookups for packet forwarding activities. It coordinates closely with routing processes running on system management cards, and maintains forwarding tables for up to 250 virtual routers, or "contexts", within a system.

Contemporary Architecture Removes Latency, Improves Scalability Economics
Latency and jitter can be catastrophic to multimedia application performance. Stoke designers recognized that co-locating packet processing resources can reduce the number hops packets take through the system and remove latency in the process.

Using multiple devices for packet processing functions requires that packets be pulled off the wire, processed, and put back on the wire several times, introducing latency with each "hop". Likewise when appliances are collapsed as discrete-function blades inside a chassis, packets must hop from blade-to-blade for processing before being forwarded on, again adding latency with each hop. An additional artifact in the chassis-based system is that application-specific blades, like IPSec security, are often added at the expense of throughput and subscriber capacities.

"One Hop" Minimizes Latency and Jitter
Stoke breaks away from legacy architectures, integrating all packet and control processing subsystems on every line card. Stoke's "one hop" architecture eliminates the shuttling of packets from box-to-box or blade-to-blade for processing, dramatically reducing system latency. Resulting latency in the Stoke Session Exchange is measured at less than 30 µ seconds. By contrast, latency for currently deployed systems is measured in tens of milliseconds (1000 µ seconds = 1 millisecond). Stoke's distributed architecture also removes contention for processing resources found in centralized systems, improving consistency in processing time and reducing jitter.

Breakthrough Economies: Scaling Services While Scaling Subscribers
Another important benefit of Stoke's architecture is linear scaling of supported subscribers, feature resources, and throughput capacity. By delivering complete session management functions on every line card, capacity for subscribers and services scale linearly as line cards are added. Growing subscribers is matched and in lock-step with scaling processing resources, supporting "pay as you grow" cost models.

Control Plane and Data Plane Capacity to Meet Emerging Needs
Another observed shortcoming of legacy network elements is their bias towards either data plane or control plane functions. Routers are heavily weighted with data plane functions, as would be expected given their design purpose. Mobile network gateways, like PDSNs and GGSNs, heavily favor control plane functions, offering very limited data plane capacity for all of the sessions they support. Contemporary access requirements include significantly increased control processing and data throughput requirements, and Stoke incorporates high capacity for both in a single system.

Superior Bearer Capacity for Mobile Broadband Services
There can be no doubt the contemporary edge will have to cope with increasing volumes of data traffic and at increasing data rates. The SSX provides 4 Gbps (line rate) encrypted throughput on each line card, up to 16 Gbps in the 5 RU SSX-3000, and up to 96 Gbps per 7' rack. At a little more than 3 Gbps of bearer capacity per rack unit, the SSX stands above legacy and competing access gateway systems.

Control Capacity to Meet Contemporary Edge Demands
In conjunction with forwarding more service traffic, the SSX delivers vast amounts of control processing. The SSX offers a full suite of QoS functions, policy management, and traffic classification and control. It collects and distributes charging records per service, per application, and per subscriber, and interacts with subscriber authentication and policy enforcement systems. The SSX also supports new process-intensive protocols like Mobile IP (MIP), and IKEv2 Mobility and Multihoming (MOBIKE) for subscriber mobility.

The SSX dedicates 2x 1GHz PowerPCs for control processing functions on each line and management cards. The SSX holds more control processing capacity on a single line card than is typically found in a large fully populated core router. System design also includes dedicated and redundant control data transmission paths between all cards to ensure instant, reliable communications inside the system.

Reliable, Hardened, Carrier-Class Operating System
As converged operators evolve their network edge, new operating systems are needed with the right underlying architecture and feature set to ensure ongoing service differentiation, rapid time to revenue, operational efficiency, and high availability. Stoke's operating system harnesses the power of the underlying hardware subsystems and offers the flexibility to deliver reliable operation years into the future.

SSX software employs the latest high availability design principles. A hardened kernel runs separately from processes such as applications and services, device drivers, protocol stacks, and the file system. Each process runs in protected memory and can be stopped and started individually without affecting other processes, and watchdog functions monitor processes and can restart them automatically if a process fails.