Service Delivery Gateway Overview
The service delivery gateway (running on the MX Series 3D Universal Edge router) consolidates a variety of best-in-class Gi (“i” for Internet or IP network) network services onto a single platform to reduce cost, increase network resiliency, and increase performance. The Gi interface is the connection between a GGSN and the Internet or destination networks connected to a public land mobile network (PLMN). Costs are reduced by using less rack space, less hardware, reduced power and cooling, less cabling, and simplified network management. Resiliency is increased by leveraging the redundancy features of the MX Series 3D routers and by limiting the number of different boxes and OS types that must be managed. Performance is increased by taking advantage of the ability of the MX Series 3D Universal Edge routers to perform many services at line rate in hardware.
The MX Series routers provide industry-leading packet forwarding performance along with a very compelling set of value added services that include carrier grade NAT, firewall, intrusion prevention service, video optimization, server load balancing, MPLS VPN, IPsec VPN and much more. Many of these services can be performed at line rate by leveraging the Trio chipset on the Packet Forwarding Engines. This makes the MX Series routers an ideal and robust platform upon which to host the service delivery gateway.
The following sections describe some of the services that are required on the service delivery gateways:
Carrier-grade network (CGN) is rapidly increasing in importance now that the Internet Assigned Numbering Authority (IANA) has run out of IPv4 addresses. Some operators are already moving to IPv6, but this does not solve the IPv4 exhaust problem because most of the Internet is still only reachable via an IPv4 address. The answer for many mobile operators that are faced with rapid smart phone growth is carrier grade NAT. Juniper Networks provides a complete implementation of CGN on the service delivery gateway. In the mobile operator’s domain, the IPv4 address exhaust problem is more severe than in the wireline world because there is exponential growth, and because of the move to always-on connectivity with smartphones. Always-on connectivity indicates that the subscriber has a session and an IP address even when the device is idle. The two approaches that have received the most attention in the mobile world are dual stack and IPv6-only. Dual stack allows the mobile device to access content that is either IPv6 or IPv4 addressable. To make this work in a seamless fashion, the mobile device must have both an IPv4 and an IPv6 session up and active at the same time. This is possible beginning in 3GPP Release 8. The other approach that is receiving a lot of attention is IPv6-only. In this implementation, the mobile device establishes a single IPv6 session, and traffic headed for the IPv4 Internet is translated using NAT64. The drawback is that the mobile device must use IPv6 native applications. Problems during roaming might also occur, and the device does not work on most Wi-Fi networks, which can be mitigated by using IPv4 when connecting to Wi-Fi.
Firewalls and Intrusion Prevention System
Firewalls are an essential part of any mobile Gi network that connects to the Internet. In many cases, firewalls are also tightly linked with the CGN function. Some operators require a dedicated security device and Juniper Networks SRX Series Services Gateways provides rich firewall services with industry leading performance and scale. The service delivery gateway, in combination with the SRX Series, allows Juniper Networks to address a wide variety of deployment scenarios. Intrusion prevention system (IPS) takes the firewall concept one step further by analyzing traffic using deep packet inspection (DPI) to identify threat signatures. Juniper’s library of threat signatures is constantly upgraded to handle the latest security vulnerabilities. The primary focus of a firewall and IPS function on the Gi network is to prevent attacks from being launched against the mobile network and mobile users from hosts out on the Internet.
An essential part of any mobile packet core design is the method by which data traffic is steered as it moves from the mobile device through to the correct GGSN, and from there to the correct Gi network. Access point nodes (APNs) are the traditional solution to the problem, but they can be administratively complex. Not only must mobile devices be configured with the correct APN, but so must the network infrastructure (SGSNs, DNS, and GGSNs). Juniper Networks has developed Traffic Direct as an alternative to APNs. This is a much simpler solution to the challenge of making sure that users get where they need to go. The Traffic Direct feature sits on an service delivery gateway and can steer traffic from the GGSN to the correct Gi network. There are several instantiations of Traffic Direct, of which the most popular is Static Bypass Traffic Direct. This feature makes use of the service delivery gateway’s policy routing feature. The service delivery gateway is capable of routing on any of the elements of the IP header which include the source and destination IP addresses, source and destination port numbers, and protocol type. Forwarding is handled in hardware at line rate by the Juniper Networks Junos Trio chipset. This approach is a simple way of guaranteeing that all users get to the correct Gi network.
Load Balancing and Adaptive Services
The service delivery gateway services umbrella leverages the Multiservices-Dense Port Concentrator (MS-DPC), in-house Junos services, the Junos Software Development Kit (SDK) and external third-party platforms and applications. Offered services can run in standalone mode or can be consolidated (chaining with next hop routing), as long as the chained combination is meaningful, to concurrently run in the same chassis or blade. Scaling is achieved by adding MS-DPC blades in the chassis. The combination of consolidated services also dictates the number of MS-DPC blades to be used. Needed services that are not directly hosted by the service delivery gateway are collocated with the service delivery gateway within the different service complexes to provide specific value-added services. As an example, such service complexes include the user equipment (UE) DNS service complex and Juniper Networks Mobile Video Optimization service complex.
Some of these service complex functions can be integrated by leveraging Junos SDK capabilities. Service complexes and packet gateways (such as GGSN and PGW) attach to active or standby service delivery gateway in VRRP groups leveraging MC-LAG. The services delivery gateway pair connects to the core routers using LAG. Services delivery gateway can be deployed to act as a CE or a PE router, with BFD enabled. Server load balancing (SLB) towards service complexes is performed using ECMP. RPM probes are configured to provide server status updates in the complex. An event script or an operational script can be leveraged to take appropriate action upon detection of a status change.
Leveraging adaptive delivery controllers (ADC) from MS-DPC is another possible avenue. ADCs for the MX Series 3D Universal Edge Router offers advanced router-integrated ADC functions that enables service providers and enterprises to efficiently scale service capacity and increase service performance.
Configuring load balancing requires an aggregated Multiservices (AMS) system. AMS involves grouping several Multiservices PICs together. An AMS configuration eliminates the need for separate routers within a system. The primary benefit of having an AMS configuration is the ability to support load balancing of traffic across multiple services PICs.