Harnessing intelligence at the core with DPI for vEPC

John Bonzey portrait

By John Bonzey
Published on: 22.06.2021

Reading time: ( words)
Categories: Network security, Telco analytics, vEPC
#network intelligence, #network optimization
A cellular tower with antennas against a blue sky representing DPI for vEPC
A cellular tower with antennas against a blue sky representing DPI for vEPC
Zoom in

For every byte traversing the mobile network, the core is a crucial point of transit. Packets are forwarded for processing at the core to identify users, manage traffic by type of plans and privileges, assign required policies to applications and finally deliver the traffic timely and reliably.

A fundamental enhancement

The evolved packet core (EPC) defines the core of the 4G LTE mobile network. It signifies a huge leap from the GPRS core network of 3G and 2G, boasting a simpler architecture and a wider range of systems while supporting higher performance. The major roles of an EPC include authenticating users, managing their sessions and keeping logs. While the wider network delivers packets from one point to another, the core validates these packets and controls their pathways in alignment with the operator’s traffic management policies and business rules.

The EPC comprises several key elements, including the mobility management entity (MME), serving gateway (SGW) and package data network gateway (PGW). Decoupling these network functions from hardware and running them as software on virtual machines or in the cloud transforms the EPC into a virtual EPC (vEPC). This shift to network function virtualization (NFV) opens up the possibility for networks to add or remove capacities as needed and to organize network operations to scale and customize the network dynamically based on traffic conditions and application requirements. Transition towards a vEPC redefines operator networks quickly, making them more responsive, scalable and agile.

4G LTE still shaping the future

A key component within the vEPC is deep packet inspection (DPI). DPI is a traffic identification technology to classify protocols and applications including its service types without decryption. Advanced DPI engines, such as R&S®PACE 2, provide cutting-edge capacities to classify unlimited traffic with the highest accuracy on the market, even when encrypted or obfuscated. Within a virtualized network, R&S®PACE 2 can be embedded as part of any virtualized function, be it analytics, traffic management or security.

The importance of DPI in vEPCs is growing along with 4G LTE traffic. Despite the increasing number of rollouts across the globe, 5G networks still account for only a small share of mobile traffic. At the end of last year, only 401 million connections were on 5G, compared to a whopping 6 billion connections on 4G, according to Omdia1. Even across 5G networks, the 5G non-standalone (NSA) architecture is essentially centered around 4G’s core, where the vEPC processes additional data streams beyond native traffic.

Aside from 5G, 4G LTE has been instrumental in enabling new applications over the past years, such as video calling, HD video streaming and mobile gaming. It offers such services through a variety of data plans, which can range from usage-based plans to unlimited data, with various quotas and quality of service (QoS) arrangements in between. This, coupled with the complexities of managing 4G LTE networks as part of the operator’s heterogeneous network strategy, where charging, mediation and offloading are to be well coordinated, increases the network’s reliance on the intelligence at its core.

Powering the core with intelligence

Given these complexities, DPI plays a critical role in the vEPC, providing real-time visibility into the underlying traffic — down to applications and protocols — so that the right traffic policies can be implemented. Prioritizing traffic, for example, queuing downloads of heavy files to make way for real-time broadcast traffic, enables optimizing network resources by their impact on the user experience. Allocating premium routes and low-latency pathways, as another example, allows for delivering higher service level agreements (SLA) on priority plans and customers without jeopardizing the QoS for other users.

Using DPI in a vEPC primarily helps identify content that can be optimized to achieve bandwidth savings and improve the user experience. Localized caching, for example, results in popular content being cached closer to the user. Compression, another technique, frees up bandwidth by creating more lightweight versions of the same content. As content policies hinge on operators’ ability to identify the content, the frequency of access, the users’ location and the device types, core insights from DPI are key to implementing these techniques in good time.

DPI can also help with traffic offloading, a mechanism deployed to ease traffic congestions localized in densely populated areas. In this case, the vEPC is responsible for the intelligence required to manage traffic offloading between 4G LTE and operator WiFi hotspots. 4G LTE traffic is also offloaded to LTE small cells. To determine which traffic remains on the network and which takes the alternative route, DPI is required to filter the data packets to ascertain user plans, locations, application criticality and most importantly, bandwidth availability. Traffic offloading between 3G, 4G LTE and 5G access nodes, where such policies are configured based on signal strength and network capacity, also requires identifying traffic in real time, which is fulfilled by DPI in the core just as well.

Keeping it safe

DPI within a vEPC is essential for managing network security. A vEPC undertakes subscriber authentication via the 4G LTE EPS-AKA method of key agreement. This calls for traffic information beyond the sender’s IP address to identify malicious and suspicious traffic patterns. Combined with firewalls, DPI in the core enables operators to identify cyber threats in real time, allowing them to block such traffic and send traffic notifications to users (via email/SMS).

A notable trend in 4G, especially across its unlimited data plans, is tethering fraud. This involves using a single access point to run applications on a number of devices, resulting in contract violations and abuse of the fair usage policy. DPI engines such as R&S®PACE 2 not only detect tethering, but also identify the number of devices behind a tethered IP and the traffic share of each of these devices. The same way, DPI can detect illegal torrenting and certain usages that are to be filtered or blocked, enabling features such as parental control. Moreover, DPI engines power next-generation firewalls, tethering and a range of services offering unified threat management against malware, ransomware and distributed denial-of-service (DDoS) attacks, all of which are key to securing 4G LTE networks.

Besides, our DPI engine R&S®PACE 2 integrates seamlessly into any cloud and virtualized architecture, supporting packet processing frameworks such as DPDK and VPP, and offers one of the most comprehensive libraries for application traffic signatures on the market.

Supporting operator growth

Beyond traffic management and security, DPI helps develop innovative plans and the right pricing strategies with its data granularity and reporting frequency. With techniques such as machine learning, DPI facilitates the formulation of contextual and personalized offers that are better aligned with their subscribers’ needs.

With 4G LTE making up 57 % of all mobile subscriptions2 at the end of last year and more 5G SA deployments coming into the picture, vEPC capacities will be continuously tested. This is where DPI will play a key part, not only in providing real-time intelligence that fuels the many functions of a vEPC but also in helping operators understand network idiosyncrasies, uncover customers’ true preferences and continuously discover new opportunities for growth.

Download our white paper on DPI for vEPC and find out why DPI is a crucial technology that empowers virtualized network equipment solutions, enabling analytics, policy enforcement, tiered pricing, web and video optimization, content filtering, parental control or security services use cases.

Also, check out our case study with a leading vEPC vendor. Find out how they use R&S®PACE 2 to provide their CSP customers with overall network intelligence at a highly granular level.

John Bonzey portrait

John Bonzey

Contact me on LinkedIn

John Bonzey is the sales manager for the American market, which he opened successfully for ipoque since joining Rohde & Schwarz back in 2013. John has strong expertise in software and hardware system solutions for network operators, enterprise and OEM market segments. John lives with his family in Boston, Massachusetts and is a passionate ice hockey player and adventurous snowmobiler.

Email: John.Bonzey@rsa.rohde-schwarz.com

Related material

Whitepaper Deep packet inspection (DPI) for vEPC vendors
Whitepaper

DPI for vEPC vendors

More information
Case-study-ipoque-deep-packet-inspection-for-vepc-PACE-2
Case Study

Deep packet inspection for vEPC

More information
Blurry tunnel with lights.
Blog post

R&S®PACE 2: a lightweight DPI engine for big network performance gains

More information
A motherboard with a padlock and key on top, representing the importance of container security in the cloud
Blog post

Keeping containers and pods safe in the cloud: How network visibility helps

More information
An aerial view of a busy intersection at night, showcasing the intricate network of roads and the vibrant city life unfolding below.
Blog post

Unlock 5G speeds and low latencies with high-performance DPI for ultra-fast networks

More information
ipoque blog - discover the latest news and trends in IP network analytics

Sign up for our newsletter

Stay informed about the latest news and insights from ipoque

Sign up now