Introduction
Modern Network Operations Centers (NOC) depend on the ability to collect, correlate, and analyze mobile network events to quickly identify and respond to security threats. If subscribers are densely populated in a particular area, subscriber-based filtering alone may not be adequate to gain the required visibility for inspection. In addition to subscriber-based filtering, service providers may want to filter the traffic based on geolocation. This Gigamon Validated Design (GVD) illustrates deploying RAN correlation to achieve the said purpose.
Design Overview
The following example illustrates the deployment of Gigamon's Subscriber-Aware Filtering solution in a service provider's 5G mobile core network with Gigamon devices deployed at two sites; San Francisco and San Jose.
At the San Francisco site, control plane traffic that is tapped from the N11 (HTTP2 packets) and N4 (PFCP packets) interfaces is fed to CPN1 and CPN2 where it is filtered and forwarded to local monitoring tools.
Note: CPN1 and CPN2 are logical entities that are located in a single Gigamon device which has one dedicated GigaSMART engineeach.
At the San Jose site, user plane traffic tapped from N3 (GTP-U packets) and N4 (PFCP packets) interfaces is fed to UPN1, UPN2, and UPN3 where it is filtered and load-balanced among identical local monitoring tools. All UPNs are deployed in a single Gigamon two-node cluster,in which each node has a dedicated GigaSMART engine. UPN1 and UPN2 are configured in the first Gigamon device and UPN3 is configured in the second Gigamon device. CPN and UPN Gigamon devices are connected over an IP network for programming the UPNs.
Figure 1: Gigamon's Subscriber-Aware Filtering Solution
To learn more about this solution, read complete details on the Gigamon Community: Deploying-RAN-correlation-for-forwarding-subscribers-traffic-based-on-geolocation-5-10-01.
