Multi-Tool Subscriber Traffic Forwarding to Enable Inspection on User Plane Nodes (6.3)

Introduction

Complex service provider networks rely on multiple tools to monitor performance, perform troubleshooting, and enforce security, among other areas. Each tool has its own requirements in terms of the traffic monitored and tool capacity thus causing traffic overlap. Delivering the right traffic to each of the tools may not be accomplished completely with the regular monitoring solutions.

This Gigamon Validated Design (GVD) illustrates how our Subscriber-Aware Visibility solution can meet each of the tool requirements by enabling correlation in a traffic overlap mode while supporting all existing traffic optimization capabilities, such as forward-listing, sampling, filtering and load-balancing. Correlation in overlap mode evaluates every session and packet independently based on a port-group policy containing the forward rules and flow-sample map. This allows overlap mode to replicate specific traffic to multiple probes when required.

Design Topology

Design Overview

The design topology illustrates Gigamon visibility fabric deployed on a mobile core network. The traffic tapped from the User Plane functions within the network is forwarded to one or more GigaSMART engines within the Visibility Fabric where control and user plane correlation takes place. Different subscriber-filtering policies are applied independently to the correlated traffic feed, which is then delivered to the proper tools according to the rules in each of the policies. Additionally, each subscriber policy defines which method is used to deliver the traffic to each tool (IMSI or SUPI load-balance, Giga stream, single tool port, and so on). For the overlap mode, each traffic policy is framed to include one forward-list map and one flow-sample map with multiple filtering rules.

For this validation, the configuration will be based on the following policies and requirements:

Probe Requirements Configuration Required
Network Performance

  • 100% of traffic

  • All traffic to be load-balanced across 2 servers, each with 2*10 G ports.

  • LB port-group with 2 gigastreams with 2x10G ports each (PROBE_A)

  • Flow-sample map: rule to match any imsi with percentage 100 to PROBE_A
Troubleshooting Tools

Allow - listed traffic only

No other traffic must be forwarded

Traffic forwarded towards three tools: one with 2 ports, the other two with 1 port each.

  • LB port-group with 1 gigastreams (2x10G) and 2x10G ports (PROBE_B)

  • Forward-list map: to PROBE_B
Subscriber Analytics

60% of all traffic

Traffic to be load-balanced across 4 * 10 Gb tool ports.

  • LB port-group with 4x10Gb tool ports (PROBE_C)

  • Flow-sample map: rule to match any imsi with percentage 60 to PROBE_C

 

To learn more about this solution, read complete details on the Gigamon Community:

Multi_Tool_Subscriber_Traffic_Forwarding_to_Enable_Parallel_Inspection_on_User_Plane_Nodes