Delivering subscriber-aware load balancing through GTP correlation

Sebastian Müller portrait

By Sebastian Müller
Published on: 18.11.2021

Load balancing is a network necessity. Without this essential functionality, networks will be plagued by congestion, delays and network outages. Load balancing essentially helps distribute network load across more of the same equipment. This brings down the costs of operating the related equipment and servers and improves their response times and overall performance.

A key concept for session-aware load balancing is GTP, which stands for general packet radio service (GPRS) tunneling protocol. The protocol is used to tunnel user traffic (GTP-U) and control traffic (GTP-C) from the access networks all the way to the core and within the core. While user traffic is subsequently detunneled and routed out to the final destination, control traffic remains in the core, navigating a number of functions including subscriber data management, charging, mediation, DPI and AAA. Routing traffic through these core elements enables session approval and initiation (or termination), usage calculation, assessment application and charging.

Brokering data traffic

Load balancing splits traffic and passes the packets through replicated equipment. This way, in the event of problems, congestion or lack of capacity in one equipment, packets can continue passing through. Load balancing requires network packet brokers (NPB), which act as checkpoints that direct incoming packets to their respective equipment. In distributing these packets, an NPB applies various algorithms that help distribute packets to various ports. Distribution can be based on traffic attributes such as packet rate, total traffic, bandwidth, number of connections or a logical sequence such as round robin or a more complex distribution such as stateless hashing. For example, NPBs can distribute 60 Gbps traffic to six nodes at 10 Gbps or five nodes at 12 Gbps and so on, depending on the availability of various devices and servers. A network packet broker is deployed either in-band or using copies of the data packet as an out-of-band tool.

NPBs are not only located in the core, they are also deployed for IP probes and firewalls in the access and transport network where load balancing is implemented.

Delivering the full picture: GTP correlation

Load balancing by NPBs requires subscriber awareness. Why? When packets are distributed across equipment of the same type, packets from a single subscriber can end up partly in one equipment and partly in another. Subsequently, network equipment receives only a portion of a subscriber’s control traffic and will not have visibility into the total usage. For example, an IP probe receiving only the initial packets of a session will miss out on the total bandwidth consumed or information about the other attributes of the application such as video and audio communication that took place during a session. Since user packets are numerous and do not come in succession, an NPB implementing load balancing must be ‘intelligent’ enough to identify packets from the same subscriber, even though the traffic is tunneled with GTP, before directing those packets to the network elements such as an IP probe or a firewall.

To meet this need, NPBs can deploy our GTP subscriber resolving module (R&S®GSRM). It is an OEM software module that enables intelligent load balancing and avoids such information loss. It correlates control and user traffic within the core of mobile networks to classify and distribute data packets by subscriber, filtering on subscriber IDs or tunnel IDs from ranges of subscribers down to a specific, high-value subscriber. This enhances a network’s load balancing capability by ensuring that data packets that should stay together are kept together when network traffic is distributed across devices.

What can subscriber and session awareness do for mobile networks?

Given the fact that NPBs are making use of our GTP correlation software, R&S®GSRM can be a game changer for mobile operators. The real-time network analytics provide an accurate view of data usage and data performance per subscriber and session in real time. This way, network performance trends and network capabilities can be identified in terms of subscriber needs and usage patterns and used not only to create user plans but also traffic and security management policies that are optimized for the operator’s market.

With R&S®GSRM, quality-of-service (QoS) policies based on a subscriber or subscriber class are easier to implement. The quality of experience (QoE) for selected subscribers or subscriber classes can be monitored comprehensively without chunks of data dropping off the radar. Subscribers affected by network issues and other network degradation can be quickly identified through the real-time correlation analysis of R&S®GSRM so that these subscribers can be notified and their issues remediated.

In terms of security, the ability of R&S®GSRM to provide subscriber and session awareness translates into real-time identification and mitigation of subscriber-related threats such as cyberattacks, network abuse and hijacking. By assembling a subscriber’s data packets in a single point of processing, patterns of malicious activity emerge much faster, allowing the timely arrest of these threats and prompt identification of the subscriber involved.

R&S®GSRM is particularly important when it comes to billing. It ensures reliable accounting, billing and subscription management for mobile subscribers, as all sessions are attributed correctly and accurately to a single subscriber. It cuts down the instances of lost information and errors that take place in a traditional model where traffic from a single subscriber is distributed to different probes and reconciled in a separate process. More importantly, it can reduce incidences of overages for subscribers as excess usage is identified in real time.

With R&S®GSRM, operators can offer premium services because SLAs are easier to monitor and enforce. With our DPI engine R&S®PACE 2, operators can tie this to application-specific plans. Combining R&S®GSRM and R&S®PACE 2 adds a highly reliable classification of applications and protocols as well as metadata extraction to existing subscriber and session awareness. Insights can now be garnered on the types of service being deployed through a network and with the extracted metadata, more granular information such as the time and duration of usage becomes easy to compute.

A smart module for smart equipment vendors

R&S®GSRM employs a multicore architecture that allows it to keep up with the performance requirements of ever-growing IP traffic rates. It utilizes easy-to-use REST APIs, providing direct integration with end solutions such as NPBs, without vendor lock-in. It can support 3G, LTE and 5G NSA networks as well as all standard network interfaces such as Gn, S1-U, S11 and S5.

The volume and diversity of data on mobile networks is only going to increase over the years, making the challenges of load balancing evermore pertinent. In this context, smart load balancing through subscriber awareness can make the difference between a struggling and thriving mobile network. For this reason, network packet broker vendors can highly benefit from integrating R&S®GSRM into their equipment, strengthening their business by improving mobile network operations.

To learn more about GTP correlation provided by R&S®GSRM, check out our product flyer.

Sebastian Müller portrait

Sebastian Müller

Contact me on LinkedIn

Sebastian is a passionate DPI thought leader guiding a cross-functional team to build the networks of the future with leading traffic analytics capabilities. He has over ten years of dedicated experience in the telecom and cybersecurity domain, providing him with deep understanding of market requirements and customer needs. When he’s not at work, you can either find him on his road bike or hiking in the mountains.


Related material

ipoque blog - discover the latest news and trends in IP network analytics

Sign up for the ipoque newsletter

Stay informed about the latest advances and trends in
deep packet inspection and network traffic visibility