STOKE SESSION MANAGEMENT FOR THE CONTEMPORARY CARRIER EDGE
The "anywhere" broadband Internet opportunity is forcing new requirements on carrier edge networks. In addition to managing much higher data rates and volumes, along with longer active session durations, Stoke delivers a wide range of IP session management capabilities including:
Multiple access technology support;
Secure subscriber communications;
Multimedia session delivery;
Application awareness and control;
QOS and policy enforcement;
Session continuity over multiple access networks; and
Flexible service definition and charging
Every function listed above is required to deliver true mobile Internet services. These functions ensure secure multimedia sessions over multiple access networks including support, control, and properly monetized in-house and over-the-top applications while providing seamless mobility for subscribers moving between access points and access networks.
Until now, operators have been forced to refit existing equipment and surround them with discrete-function appliances to deploy the require functionality, complicating the network and undermining service business goals. Stoke's robust software implementation and innovative hardware platform delivers all of these requirements in one scalable, manageable system. Moreover, the purpose-built SSX delivers these functions at breakthrough price points.
Multiple Access Technology Support
Multi-radio handsets and computers are becoming common place today, and operators will benefit from embracing alternate access technologies to improve wireless coverage indoors, offload traffic from the Radio Access Network (RAN), and provide higher speed service access. Edge networks will support multiple access technologies including wireless LANS, UMA, and Femtocells in the near term, with WiMAX and LTE on the horizon.
Each of these access technologies come with different, standardized functions and roles, and reference interfaces for communicating with core systems. The SSX multi-access convergence gateway is designed to fulfill many access network gateway roles concurrently, including 3GPP/2 wireless LAN interworking, UMA, and Femtocell gateway functions today, with WiMAX and LTE support on the product roadmap. System design distributes control processing to each line card and management card, and there are redundant, dedicated control data communications links between each system card. Delivering broad support of access technologies in a single, multi-function device offers a leveraged capex investment and ensures a long service life.
Strong, Scalable Session Security
Service access via wireless LANs or femtocells may present out-of-franchise backhaul situations, traversing several un-trusted networks to reach the operators services network or Internet portal. To preventing service tampering and possible hijacking, subscriber communications must be secured.
The SSX supports a comprehensive IKE and IPSec implementation, offering powerful authentication and encryption options. Authentication options include PSK, digital certification, or EAP (IKEv2), and encryption options include DES, 3DES, and AES, among others. The Stoke operating system allows different IPSec policies to be created and applied on routing contexts, ports, and interfaces; or for the entire chassis as a simple configuration alternative. This provides tremendous flexibility in service deployment.
Security processing resources in the SSX are resident on the line cards and are matched to card session, packet processing, and throughput capacities to ensure line rate performance and eliminating traditional session vs. service feature trade-offs.
Optimized for Multimedia Traffic
A key requirement for broadband mobile services is effective delivery of high bandwidth, delay sensitive multimedia traffic. Video is a primary driver for mobile Internet demand, and poor performance will impact customer satisfaction and subscriber retention. Delivering mobile video over broadband means higher data rates, larger traffic volumes, and longer active sessions.
The SSX supports considerably more encrypted managed session capacity per rack unit than any other platform, up to 96Gbps per 7' rack, and its system architecture dramatically reduces latency and jitter. By reducing the number of "hops" the packet must make when traversing the system, and eliminating processing resource bottlenecks, system latency is reduced to less than 30 ΅ seconds and jitter is practically non-existent. In addition, the SSX supports up to 16 service classes for each session and QoS functions to ensure delay sensitive traffic is prioritized over email, web browsing, and other less sensitive application traffic (see QoS below).
Fine-grained application awareness and control
Deep awareness of the applications within subscriber sessions is a key enabler for many service delivery operations, including triggering charging events on specific application use, and applying QoS policies to individual application flows. As applications become more complicated and use common transport protocols, identifying applications requires inspection of the packet contents.
Traffic classification as a natural extension to session management functions, and SSX designs integrates this capability. It is capable of traffic classification via payload inspection up to the maximum rated system throughput of 16Gbps. Application classification is accomplished using dedicated hardware resources and either static, user-configured regular expression filters, or a pre-configured application protocol set. Additionally, application identification is linked to policy enforcement and charging functions, providing the intelligence to apply application-specific policies, and tracking and reporting application use. The SSX's hardware assisted payload inspection resources are resident on all system line cards which improve performance, scalability, and costs when compared to centralized chassis- or appliance-based approaches.
QoS and Policy Enforcement
As a critical ingress and egress point in the network, the SSX provides robust QoS and policy enforcement capabilities to enable priority service delivery and fair network use. As networks move to an open access model, application and service prioritization, together with controlling rogue applications and users become increasingly important.
SSX QoS functions include bi-directional traffic policing, packet priority marking and remarking, and traffic queuing and scheduling. IETF standard Three Color Marker (RFC 2697) policing features can forward, drop, or mark packets based up to 64 defined policing profiles. Marking and remarking can set or reset IP Precedence, DSCP, or ToS bits based on payload inspection and other parameters. Output ports on the SSX support 8 traffic queues with traffic priorities identified by Precedence/ToS/DSCP bits. The queue scheduling service uses Deficit Round Robin and queue-specific bandwidth rates to forward traffic according to QoS policies.
The SSX policy enforcement function helps manage general bandwidth, application, and subscriber-specific traffic policies. Policies can be configured on the device directly by the operator, or they can be provisioned dynamically by a network resident policy decision function. Standard protocols RADIUS and DIAMETER provide the communications link between policy enforcement functions in the SSX, and policy decision functions in the operator core.
Flexible Service Classification and Charging
Transitioning to open access networks from a pure walled garden model requires an ability to identify, treat, and track applications that do not originate in the operator network. The challenge is complicated by a trend in so-called "Web 2.0" applications that are mash-ups of disparate flows originating from multiple sources. Consistent accounting for, and treatment of, these applications is no easy task. Moreover, IMS promises to dramatically reduce service rollout timeframes, placing further demands on the network's ability to quickly discover and track new revenue-bearing services.
SSX provisioning options include "service classes" which allow operators to define a flow or set of flows as a discrete service or application, and to specify the QoS policies that apply. This feature ties closely to the application awareness capabilities and the QoS and policy enforcement functions to ensure applications are properly identified and optimally delivered. Service classes are also linked to SSX charging functions, so that Call Detail Records (CDRs) can be generated and made available to upstream billing systems. With these capabilities, operators can use the SSX for network-based tracking of partner over-the-top application use, and have a solid foundation for shoring up revenues in an open access network business model.
Service Continuity
Subscriber demands for anywhere connectivity mandate robust mobility solutions. Stoke session management capabilities provide voice and data session continuity when subscribers move among and between access points and access networks.
Supporting mobility protocols MOBIKE and Mobile IP Foreign Agent, the SSX participates in, or is aware of, control signaling between user equipment and carrier core systems to support seamless hand-over from one access network to another. Moreover, being bearer- and application-aware enables the SSX to make intelligent mobility decisions to ensure service continuity. For example, the SSX can buffer application traffic locally and re-route those packets directly to the subscriber device as soon as the mobility transaction is complete to avoid risking service interruption when an application server is forced to resend data.
The SSX delivers these seamless mobility features through balanced, dedicated control plane and data plane processing resources. Both resource sets are resident on all line cards and matched with session and throughput capacities to ensure non-blocking function execution.