Introduction
Modern Network Operations Centers (NOC) heavily depend on the ability to collect, correlate, and analyze the mobile network events to quickly identify and respond to security threats. Gaining visibility into the right subscribers' traffic without overloading the existing security monitoring tools can be challenging. Lack of visibility not only results in analyzing all subscribers' traffic that can adversely impact the tool's performance, but also limits an organization's ability to scale as the demand increases. Gigamon's subscriber-aware filtering solution helps in mitigating both of these challenges by selectively filtering subscriber traffic (both control and user traffic) and load-balancing them among multiple tools. This Gigamon Validated Design (GVD) illustrates whitelisting VIP/high-value/suspicious subscriber traffic based on subscriber ID (like SUPI), and then load-balancing it among identical tools.
Design Overview
The following example illustrates the deployment of Gigamon's Subscriber-Aware Filtering solution in a service provider's 5G mobile core network with Gigamon devices deployed at two sites, such as San Francisco and San Jose.
At the San Francisco site, control plane traffic tapped from the N11 (HTTP2 packets) and N4 (PFCP packets) interfaces is fed to CPN1 and CPN2 where the control traffic is filtered and load-balanced among identical local monitoring tools.
Note: CPN1 and CPN2 are logical entities that are located in a single Gigamon device having one dedicated GigaSMART engine each.
At the San Jose site, user plane traffic tapped from interfaces N3 (GTP-U packets) and N4 (PFCP packets) is fed to UPN1, UPN2, and UPN3 for filtering and load-balancing the traffic among identical local monitoring tools. All UPNs are deployed in a single Gigamon two-node cluster having a dedicated GigaSMART engine each. UPN1 and UPN2 are configured in the first Gigamon device and UPN3 is configured in the second Gigamon device. CPN and UPN Gigamon devices are connected over an IP network for programming the UPNs.
Figure 1: Gigamon's subscriber-aware filtering solution
To learn more about this solution, read complete details on the Gigamon Community: Forwarding-selective-subscribers-traffic-to-the-identical-monitoring-tools-5-10-01.
