F5 Solutions for Service Providers

CONFIDENTIAL
F5 Solutions for
Service Providers
Bart Salaets
Solution Architect

Complex network architectures
Value-added services (VAS)
Video optimization Transparent caching URL filtering
Static port80 based steering into VAS complex
Internet
DNS PCRF IMS AAA HSS OCS DRA
RTR L2 Switch DPI/TDF FW RTR
End
Users
Control Plane
GGSN/PG CGNAT
Challenges
• Complex architecture, hard to
scale
• Resulting high CapEx and OpEx
• Difficulty adding new services
LDNS
BRAS/BNG
Multiple point product solutions inline in the data path
W
© F5 Networks, Inc CONFIDENTIAL 2

The new network should focus on …
Optimize Monetize Secure
Quality of Experience mgmt
Flexible opt-in/opt-out services
Flexible charging
Intelligent steering to VAS
Consolidate L4-L7 functions
TCP Optimization
Migrate to NFV-based solution
Network Security (Gi FW)
Dynamic subscriber security
DNS Security
IPv4/IPv6 Transition

A Consolidated Approach with F5
Simplifying the delivery of L4-L7 network services
BEFORE F5
WITH F5
VAS layer
LDNS Policy
URL
CGNAT Internet
Static port 80 steering
RTR
PGW/ Firewall
BNG
PGW/
BNG
Enforcement
Internet
Filtering
VAS layer
Dynamic & intelligent steering
VIPRION

Consolidate L4-L7 Network Functions with F5
L2 switching
MPLS L2 PE
L3 routing
MPLS L3 PE
BRAS/BNG
2005–2010 L2–L3 L4–L7 2010–2014
Full Proxy
(TCP opt,
HHE)
Firewall
L3/L4
Steering
Policy
Enforcement
CGNAT
TCP OPTIM
DPI/PCEF
L7 STEERING
FW/CGN
HTTP HE
Multi-service
router
IP ROUTING
MPLS L2 PE
MPLS L3 PE
BRAS/BNG
Dedicated platforms,
different vendors
Single platform,
L2–L3 consolidation
Dedicated platforms,
different vendors
Unified platform,
L4–L7 consolidation

Purpose Built Platforms for L4-L7 Services
10,000,000
9,000,000
8,000,000
7,000,000
6,000,000
5,000,000
4,000,000
3,000,000
2,000,000
1,000,000
0
BIG-IP 11050
2.5M L7 RPS
1M L4 CPS
40/42G L7/L4 TPUT
BIG-IP 4200v
850k L7 RPS
300K L4 CPS
10G L7/L4 TPUT
VIPRION
2400
8M L7 RPS
4M L4 CPS
320G L7/L4
TPUT
VIPRION
4480
10M L7 RPS
5.6M L4 CPS
160/320G L7/L4
TPUT
BIG-IP 10200v
2M L7 RPS
1M L4 CPS
40/80G L7/L4 TPUT
BIG-IP 2200s
425K L7 RPS
150K L4 CPS
5G L7/L4 TPUT
BIG-IP 5200v
1.5M L7 RPS
700K L4 CPS
15/30G L7/L4 TPUT
BIG-IP 7200v
1.6M L7 RPS
775K L4 CPS
20/40G L7/L4 TPUT
BIG-IP Virtual Edition
Up to 325K L7 RPS
Up to 100K L4 CPS
10G L7/L4 TPUT
VIPRION 2200
4M L7 RPS
2M L4 CPS
160G L7/L4 TPUT
VIPRION
4800
20M L7 RPS
10M L4 CPS
320/640G
L7/L4TPUT
BIG-IP Virtual EditionBIG-IP 2000 Series BIG-IP 4000 Series BIG-IP 5000 Series BIG-IP 7000 SeriesBIG-IP 10000 SeriesBIG-IP 11000 Series VIPRION 2200 VIPRION 2400 VIPRION 4480 VIPRION 4800
L7 Requests Per Second (Inf-Inf)

BIG-IQ
Cloud™
BIG-IP®
Advanced
Firewall
Manager
(AFM)
BIG-IP / BIG-IQ – Technology Suite
BIG-IQ
Device™
BIG-IQ Platform™
BIG-IP®
Applicatio
n
Security
Manager
(ASM)
BIG-IQ
Security™
BIG-IP®
DNS
Modules
(GTM)
BIG-IP®
Local
Traffic
Manager
(LTM)
BIG-IP®
Carrier
Grade NAT
(CGNAT)
BIG-IP®
Policy Enf.
Manager
(PEM)
BIG-IP®
Access
Policy
Manager
(APM)
Plugin
Eco
Syste
m
VMWare
Cisco
APIC
Microsoft
SCVMM
OpenStack
AWS
Open
Connector
ADC
Service Provider
Security
Cloud
Orchestration
BIG-IQ
ADC
BIG-IQ
MAM
BIG-IP®
Acceleratio
n
Manager
(AM)
MobileSaf
e
and
WebSafe
(Versafe)
iRules®, iApps®, iCall, iStats and iControl®
Manageability RBAC, Logging, SNMP, CLI, GUI
L3/Routing, UDP, IP, IPSec, IPv6, SCTP, TCP, HTTP, SSL,
FIPS, Tunneling, BWC, Stats, Certifications
CMP, VCMP, ScaleN, Firmware, HAL, Sizing Guides
KVM / AWS / Xen
VMWare / HyperV
Programmability
Core Protocols
Performance / Scalability
TMOS
Operating System
Appliances
Chassis Software
TMOS
Fabric

Key F5 network services – Optimize, Monetize, Secure
A unified platform and single management framework
Intelligent Traffic
Steering
Per-Subscriber
Policy Enforcement
CGNAT and
IPv6 Migration
URL Filtering
ICSA Certified
Network Firewall
TCP
Local
DNS
Optimization
DPI &

Intelligent Traffic
Steering
Per-Subscriber
Policy Enforcement
CGNAT and
IPv6 Migration
URL Filtering
ICSA Certified
Network Firewall
TCP
Local
DNS
Optimization
DPI &

Policy Enforcement Manager – Policy Definition
Policy Name Bronze
Policy Name Silver
Policy Name Gold
PREC 10 CLASSIFIER RULE_10 POLICY ACTION RULE_10
CLASSIFIER RULE_1 POLICY ACTION RULE_1
Rule 1
Rule 2
Rule 3
Rule 1
Rule 2
Rule 3
Rule 1
Rule 2
Rule 3
POLICY
TYPE
• Global Policy
• Unknown Subscriber
Policy
• Subscriber Policy
SUBSCRIBER TYPE
• Static subscriber
• Dynamic subscriber
• Radius
• DHCP
• Unknown IP SA
POLICY
ASSIGNMENT
• Diameter Gx
• Predefined
• Dynamic (gate,
QoS)
• Radius
• Custom
ANALYTICS &
CHARGING
• Syslog
• IPFIX
• Radius
• Gy
• Gx Usage Monitoring

Classification & Policy Actions
APPLICATION CLASSIF.
• Application Category
(eg. P2P)
• Application
(eg. bittorrent)
• Some applications are using
F5 signatures, other
applications rely on third
party DPI signature engine
URL CLASSIF. FLOW CLASSIF. CUSTOM CLASSIF.
• URL Category
(eg. Gambling)
• URL database from third
party
• Ability to create custom DB
• Used for HTTP and
HTTPS (SNI check)
• DSCP
• Protocol (TCP/UDP)
• IP source address range
& port
• IP destination address
range & port
• Incoming VLAN
• irule / TCL script
• Examples
• Other fields in the
traffic flow (ip header,
http header, ... )
• Other fields stored in
the PEM sessionDB
for that subscriber
(RAT-type, roaming,
tower-id)
REPORTING
QUOTA MGMT
HTTP HDR ENR.
STEERING (ICAP)
POLICY ACTIONS
GATE (FWD)
CUSTOM / TCL HTTP REDIRECT
STEERING (NH)
SERVICE CHAIN
QOS MARKING
BW CONTROL

Intelligent Traffic Steering – Optimize VAS Utilization
INTELLIGENT STEERING
PGW/
BNG
PCRF
Internet
Diameter Gx
VIPRION
Radius
RTR
Context-aware & policy-driven
CONTEXT steering & intelligent service chaining
Data Center
Video
Optimization
Transparent
Caching
Parental
Controls
WAP
Gateway
SUBSCRIBER
DEVICE-TYPE
RAT-TYPE
CONTENT (VIDEO, URI, ... )
CONGESTION

Policy Controlled Service Chaining –Beyond SDN
Service Provider VAS
Video Optimization Parental Control
LB LB
POOL 1 POOL 2
HTTP ICAP
STEER TO
VIDEO OPT
POOL
STEER TO
PARENTAL
CTRL POOL
LOAD BALANCING
VAS BYPASS
SERVER HEALTH CHECKING
TRAFFIC STEERING
SERVICE CHAINING
PEM
ASSIGN FLOW
TO SERVICE CHAIN
Internet
User
HEADER ENRICHMENT
HTTP
HTTP
ICAP

Bandwidth and QoE management
Gold Subscriber (20 Mbps)
Silver Subscriber (10 Mbps)
Bronze Subscriber (5 Mbps)
PGW/GGSN VIPRION
Even if subscriber is entitled for more by
subscriber bandwidth policy his P2P traffic
gets reduced to configured value (512kbps)
PER-SUBSCRIBER BANDWIDTH CONTROL
PER-SUBSCRIBER PER APPLICATION BANDWIDTH CONTROL
Gold Subscr total (20 Mbps)
Gold Subscr p2p (512 kbps)
PGW/GGSN VIPRION
PCRF

DPI inspection for OTT Identification & Monetization
OTT MONETIZATION & FLEXIBLE CHARGING
Gold Subscr total (acct only)
OTT Service (acct + DSCP mark) PCRF
PGW/GGSN VIPRION
• Subscription models / bundles for OTT or specialized service
• Bundled into subscription for a lower fee
• OTT traffic excluded from volume bundle
• OTT traffic marked/tagged for differential treatment at radio layer
SPECIALIZED
SERVICE
(MNO BRAND)

URL Categorization for filtering & parental control
• URL Filtering
• Built-in Webroot DB (20M most popular sites)
• Custom DB
• SNI based URL categorization
• Categorizing SSL traffic (HTTPS)
1. Trying to access blocked
PGW/
GGSN
Internet
URL
RTR
2. Integrated Webroot
URL Filtering / Blacklist
3. Access Denied
Customer Benefit: Set categories based on regional preferences and categorization
on HTTPS

Content Injection for toolbar injection / ad insertion
1. Content being sent
back to subscriber;
data maxed out
BNG/BRAS Internet
2. Javascript insertion about
quota max
3. Subscriber realizes
they have maxed out
data
• Insert javascript for branded
toolbar
• Use it for Ad Insertion
• Subscriber policy to control
frequency of insertion
• Policy selects insertion position
Insert-content
• Position <prepend/append>
• Tag-name <tag>
• Value-type <string/tcl-snippet>
• Value <abcd>
• Frequency <once/once-every/
always>

PEM – Wide range of use cases
Per-subscriber Application & URL
Bandwidth Control & Filtering
• TCP-friendly rate limiter
• Separate up/down rates
• Highly scalable solution
• TCP Optimization as a bonus
Subscriber Application Analytics
• Subscriber ID / Rate Plan
• Charging rules
• Application Usage Reporting
Intelligent Traffic Steering
& Service Chaining to VAS
• Steer traffic based on
subscriber profile to Value
Added Services &
Optimization Services
• Intelligent Service Chaining
Online Charging (Gy)
• Flexible rating group
definitions based on
applications and/or URI
• Redirect or block upon quota
expiration
URL Filtering & Parental Control
• Government lists
• Per-subscriber parental
control opt-in/opt-out
service
• For HTTP & HTTPS
OTT Identification & Monetization
• Per-subscriber OTT
application detection
• Per-OTT bandwidth, marking
and charging rules
Header Enrichment & WAP offload
• HTTP HE for content-based
charging
• WAP GW bypass/offload and
replacement
Content Injection / Toolbars
• Java-script based content
injection
• Targeted advertisements
Lightweight BRAS/BNG
• DHCP-based BNG model
for wifi and wireline
deployments
• Radius AAA client

Intelligent Traffic
Steering
Per-Subscriber
Policy Enforcement
CGNAT and
IPv6 Migration
URL Filtering
ICSA Certified
Network Firewall
TCP
Local
DNS
Optimization
DPI &

Optimized DNS Solutions for Service Providers
• Faster DNS responses to provide for 4G/LTE subscriber growth
• Manage existing traffic to DNS server infrastructure with BIG-IP
• Enhanced performance through transparent caching, offloading DNS infrastructure
Local DNS
DNS Load Balancing
Transparent Cache
Caching Resolver
Authoritative
Infrastructure
• Reduce the DNS servers by offloading the DNS infrastructure
• High performance DNSSEC validation, offload DNSSEC computations and consolidate services
• Proactively manage DNS client traffic for greater availability and stability
• Provide reliable, fast access to online services for in network subscribers
• Highly scalable authoritative DNS name server
• Simplify deployment using existing DNS infrastructure to manage the zones
• Enhance the subscriber experience by making intelligent DNS and GSLB decisions
• Enable high availability and performance for subscribers by managing UE/MME PDP sessions
• Intelligent GSLB with ENUM support for IMS / EPC interoperability and NAT64 delivery

Denial of Service Attacks against DNS
APPLICATION LAYER ATTACKS TRADITIONAL DDOS MITIGATION
“Cybercrime is a
persistent threat in
today’s world and,
despite best efforts, no
business is immune.”
Network Solutions
86%
70%
37%
31%
17%
9% 10%
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
HTTP DNS HTTPS SMTP SIP/VoIP IRC Other
DNS is now the second most
targeted protocol after HTTP.
DNS DoS techniques range from:
• Flooding requests to a given host
• Reflection attacks against DNS
infrastructure
• Reflect / Amplification attacks
• DNS Cache Poisoning attempts
50%
45%
40%
35%
30%
25%
20%
15%
10%
5%
0%
Of the customers that mitigate DDoS
attacks, many choose a technique
that inhibits the ability of DNS to do
its job
• DNS is based on UDP
• DNS DDoS often uses spoofed sources
• Using an ACL block legitimate clients
• DNS attacks use massive volumes of
source addresses, breaking many
firewalls.

DNS The F5 way
• Performance = Add DNS
boxes
• Weak DoS/DDoS Protection
• Firewall is THE bottleneck
• Strong DoS/DDoS protection
• Consolidation
• Protects “Back-End” servers
CONVENTIONAL DNS
THINKING
External
Firewall
DNS Load
Balancing
F5 PARADIGM SHIFT
F5 DNS DELIVERY
REIMAGINED
Internet
Array of DNS
Servers
Internal
Firewall
Hidden
Master DNS
DNS Firewall
DNS DDoS Protection
Protocol Validation
Authoritative DNS
Caching Resolver
Transparent Caching
High Performance DNSSEC
DNSSEC Validation
Intelligent GSLB
Internet
Master DNS
Infrastructure
BIG-IP

Authoritative DNS: Scale with DNS Express
• High-speed response and DDoS protection with in-memory DNS
• Authoritative DNS serving out of RAM
• Configuration size for tens of millions of records
• Scale and Consolidate DNS Servers
DNS Server
Manage
DNS
Records
Answer
DNS
Query
Answer
Answe
DNS
r
Query
DNS
Query
OS
NIC
Admin
Auth
Roles
Dynamic
DNS
DHCP
DNS Express in BIG-IP GTM
Answer
DNS
Query
Answer
DNS
Query
Answe
r
DNS
Query
Answe
Answer
DNS
Query
Answe
r
DNS
Query
Answe
Answer
DNS
Query
Internet
r
DNS
Query
r
DNS
Query

LDNS : Scale with transparent cache
The Business Case
• Need to decrease DNS latency and offload
DNS resolvers
• Implement transparent DNS caches close
to the subscriber
• Deliver DNS scale without impacting
service
The F5 Advantage
F5 DNS Services in Mobile Core F5 DNS Services in Mobile Core
DNS Resolver
Infrastructure
• Scale DNS transparent caches as demand
increases. Offloads existing DNS
infrastructure
• Provides a simple upgrade path to a full
caching resolver
- Eliminate the need for centralized DNS
BIG-IP Platform
Distributed DNS Transparent Caches
BIG-IP Platform
BIG-IP Platform
Distributed DNS Transparent Caches
BIG-IP Platform

Competitive Analysis: DNS Cache Performance
Infoblox Platform by Platform Comparison with F5
1400000
1200000
1000000
800000
600000
400000
200000
0
2000S Infoblox
Trinzic
1420
2200S Infoblox
Trinzic
2210
4000S Infoblox
Trinzic
2220
7000S Infoblox
Trinzic
4010
7200V Infoblox
Trinzic
4030 Platforms are grouped by like pricing
RPS

LDNS : Scale and offload with caching resolver
The Business Case
• Need faster and scalable query response
• Desire lower CapEx and OpEx. No need for
additional DNS resolver farms
• BIG-IP delivers high performance, scalable
DNS Caching and Resolving on one
platform
The F5 Advantage
• Faster Web browsing and reduced DNS
latency
• Hardened appliance consolidates 10s or 100s
of servers
• Greater reliability through resiliency, HA
• Simplified management, lower cost of
ownership
• Consolidate and offload DNS for immediate
F5 DNS Services in Mobile Core F5 DNS Services in Mobile Core
ROI
BIG-IP Platform
Distributed DNS Caching Resolvers
BIG-IP Platform
BIG-IP Platform
Distributed DNS Caching Resolvers
BIG-IP Platform

Client Protection with DNS RPZ
Prevent subscribers from reaching known bad domains
Prevent malware and sites hosting malicious content from ever communicating with a client.
Internet activity starts with a DNS request. Inhibit the threat at the earliest opportunity.
Live updates
CACHE
RESOLVER
PROTOCOL
VALIDATION
IRULES
IPV4/V6
LISTENER
RPZ live feed
BIG-IP GTM
REPUTATION
DATABASE
SPECIAL
HANDLING

DNS IP and Name Reputation Choices
RESPONSE POLICY ZONES
INHIBITS THREATS BY FQDN
IP INTELLIGENCE
INHIBITS THREATS BY IP
URL FILTERING
Ingress DNS path
Screens a DNS request against domains with a bad reputation.
Any IP Protocol with iRules
Intercept a DNS response in iRules. Categorize & make a decision.
HTTP, HTTPS and DNS with iRules
Intercept a DNS request in iRules. Categorize & make a decision.
INHIBITS THREATS BY FQDN
POLICY CONTROL BY FQDN

SP Layered Client Protection
• Response Policy Zones (RPZ) filters out and provides NXDOMAIN / Redirect for know bad domains.
• URL Filtering further provides granular policy controls using categories.
• IP Intelligence blocks based on the resolved IP.
• It can also be used in the data path for other protocols.
QUERY: WWW.DOMAIN.COM
RPZ Feed Subscriber Policy
IPI Feed URL Feed
iControl iQuery
DNS iRules (Request / Response)
CACHE
RESOLVER
RPZ
URL Filtering
DNS Request Path
DNS Response Path
IP Intelligence
iRule
EGRESS DNS PATH
INGRESS DNS PATH

DNS Tunneling: Prevent it with iRules
Client A
Client B
Client C
Client D
Client E
Client F
Suspend
Threshold
Drop
Threshold
Classify the traffic:
Determine the SLA for RPS and allowed response size.
When a client sends in a query:
Is the query for a blocked domain? (A tunnel host)
Is the query rate above allowed rate? Increment score.
Client previously above allowed rate? Increment score.
Resolve request and analyze response.
- Factor in the response size to the score.
Take an action:
Is the client above the score threshold?
- Drop the request
- Suspend DNS service for a period.
QUERY RATE
SCORING
RESPONSE
SIZE SCORING

Intelligent Traffic
Steering
Per-Subscriber
Policy Enforcement
CGNAT and
IPv6 Migration
URL Filtering
ICSA Certified
Network Firewall
TCP
Local
DNS
Optimization
DPI &

Пересечение технологий
Маршрутизатор F5 BIG-IP
(пакетная обработка)
(обработка на базе сессий)
Балансировка
NAT44
NAT64
DS-Lite
Traffic steering
Безопасность L4-L7
SSL и IPsec VPN
Масштабирование и
безопасность DNS
Ускорение WEB
L2 VPN
L3 VPN
Управление
абонентами
IP QoS
IP пиринг
32 © F5 Networks, Inc.

Carrier Grade NAT (44, 64)
NAT4(6)4
RTR Internet
Публичное адресное
пространство IPv4 / IPv6
PGW/GG VIPRION
SN
Частное адресное
пространство
NAT4(6)4
• Динамический NAPT, Deterministic NAPT, Port Block Allocation
• Расширенные возможности ALG, hairpinning, поддержка EIF/EIM
• Беспрецедентное масштабирование и производительность (Gbps, cps, max conns)
• Высокопроизводительное логирование в любом требуемом формате (syslog,
Netflow); возможно изменение формата полей, например добавление Radius ID, http
Url и т.п.

Вопрос 1: Какое максимальное количество пакетов в
секунду может быть в 1 Gbps канале?
Ответ:
~1.488.096 пакетов в секунду в гигабитном канале

Вопрос 1: Какое максимальное количество пакетов в
секунду может быть в 1 Gbps канале?
Frame Part Minimum Frame
Inter Frame Gap (9.6 ms) 12 bytes
MAC Preamble (+ SFD) 8 bytes
MAC Destination Address 6 bytes
MAC Source Address 6 bytes
MAC Type (or length) 2 bytes
Payload (Network PDU) 46 bytes
Check Sequence (CRC) 4 bytes
Total Frame Physical Size 84 bytes
[1,000,000,000 b/s / (84 B * 8 b/B)] == 1,488,096 f/s (maximum rate)
Size

Вопрос 2: Какое максимальное значение CPS может быть
достигнуто для 1Gbps канала?
Ответ:
~1.488.096 Соединений в секунду
Потому что каждый пакет может инициировать соединение (SYN, первый
UDP пакет в сессии)

Вопрос 3: Сколько CPS может обработать межсетевой
экран F5 Networks?
Connections per second
8
6
4
2
0
Millions
400k 350k
Juniper
(SRX 5800)
Cisco
(ASA 5585-X)
600k
Check Point
(61000)
21x
8M
F5
(VIPRION 4800)

Intelligent Traffic
Steering
Per-Subscriber
Policy Enforcement
CGNAT and
IPv6 Migration
URL Filtering
ICSA Certified
Network Firewall
TCP
Local
DNS
Optimization
DPI &

Mobile Has Unique Challenges
Why is the web so slow on my mobile device?
Mobile Device
• TCP stacks are different
on different mobile OS
• JavaScript parsing and
execution is relatively
slow on mobile devices
Mobile Network
• Higher packet loss rate
• High network latency:
300ms via 3G vs <50ms
on LTE
• Connections are made
ad-hoc and frequently
dropped to preserve
spectrum and battery
life
Internet
• Low packet loss
rate
• Low latency (except
for intercontinental
traffic)
Application
• Different TCP stacks
being used on
servers, some of
which are not optimal
for mobile networks

Content Optimization – A Changing Environment
SSL / SPDY INCREASE
• In many countries, SSL traffic (HTTPS and SPDY) on mobile
networks is currently reaching around 50% of total Internet traffic
• Top web sites such as Google, Facebook, and Twitter use SPDY
• HTTP 2.0 being standardized in IETF with browsers requiring TLS
encryption when setting up HTTP 2.0 connections
RISE OF ADAPTIVE BIT RATE VIDEO STREAMING
• Top video sites such as YouTube, Netflix, Hulu, and BBC iPlayer
have all embraced ABR video technology
• Video is encoded at different bit rates, client dynamically chooses
or changes appropriate bit rate based on network conditions

TCP Protocol Review
• TCP is a connection-oriented protocol
• Client and server must establish a connection before any data can be
transfered
• TCP provides reliability
• Knows that data it sends is correctly received by the other end
• Acknowledgements confirm delivery of data received by TCP receiver
• Ack for data sent only after data has reached receiver
• TCP implements flow control and congestion control
• Sender can not overwhelm a receiver with data
• Sender will "back off" when under congestion

Impact of Latency – Web Page Load Times
Source: Ilya Grigorik, Google

Impact of Packet Loss – Throughput Degradation
• TCP designed to probe the network to figure out available capacity
• TCP slow start is a feature, not a bug
Avg HTTP
response
size 16 kB (3
round trips)
In mobile networks packet
loss does not necessarily
imply congestion
Source: Ilya Grigorik, Google

TCP Optimization with F5
High Goodput Minimal Buffer
Flow Fairness
Bloat
VIPRION
Origin
Server
INTERNET
PGW/
GGSN
RTR
2G/3G
LTE
Mobile
Client
TCP
EXPRESS Cell-optimized TCP stack WAN-optimized TCP stack

TCP Congestion Control Algorithms
• Loss-based algorithms
• Reno, New Reno, High-Speed,
Scalable, BIC, CUBIC
• Delay-based algorithms
• Vegas
• Bandwidth-estimating algorithms
• Westwood, Westwood+
• Hybrid delay/loss algorithms
• Illinois, Woodside (F5)
RENO CUBIC
ILLINOIS

TCP Congestion Control Algorithms in 3G and LTE
TCP Woodside
• F5 created algorithm.
• Hybrid loss and latency based algorithm.
• Minimizes buffer bloat by constantly monitoring
network buffering.
TCP Vegas
• Emphasizes packet delay rather than packet loss
• Detects congestion based on increasing RTT
values of packets.
TCP Illinois
• Targeted at high speed long distance networks
• Loss-delay based algorithm.
• Primary congestion of packet loss determines
direction of window size change.
• Secondary congestion of queuing delay
determines the pace of window size changes.
H-TCP
• Targeted for high speed networks with high latency.
• Loss-based algorithm.

TCP tuning for mobile networks
• Mobile networks have a large BDP
• Tune your TCP buffers accordingly
• Mobile networks can exhibit random packet loss
• Choose a TCP congestion control algorithm/technique that takes this into
account (don’t get into slow start upon random packet loss)
• Mobile networks can suffer from buffer bloat issues
• Choose a TCP congestion control algorithm that does not rely solely on packet
loss
• Enable TCP rate shaping to ensure ‘smoother’ delivery packets (less strain on
buffers)
• Mobile networks have relatively high latency
• Tune your settings to increase performance and web page load times (window
size, initial congestion window, ... )
• Real life mobile performance is very ‘variable’ – room for market

Reducing Web Page Load Times with F5 TCP Express
Real life test results – MNO in APAC
Business
center
Shopping
Mall
Residential
Area
Business
center
Shopping
Mall
Case 1 – 100 * 64KB images Case 2 – 1 * 10MB image
Residential
Area
Business
center
Shopping
Mall
Residential
Area
Case 3 – Regular website 1 Case 4 – Regular website 2
Business
center
Shopping
Mall
Residential
Area
Optimized (sec)
As-is (sec)
Improvement (%)

HTTP Performance Tests – Radio Strength Variances
Real life test results – MNO in EMEA
200%
180%
160%
140%
120%
100%
80%
60%
40%
20%
0%
3G 4G
HTTP large download
HTTP small download
196% 95% 22% 14%
Poor coverage Good coverage
Large download: HTTP page with large images (throughput test)
Small download: HTTP page with small objects (web browsing test)
40%
35%
30%
25%
20%
15%
10%
5%
0%
HTTP large download
HTTP small download
38% 33% 20% 28%
Poor coverage Good coverage
TCP OPTIMIZATION BENEFITS INCREASE UNDER POOR RADIO COVERAGE

TCP Optimization – Summary
Increases “goodput” on radio network and keeps latency under control
Works for > 90% of all Internet traffic regardless of encryption or
encoding
Lengthens life span of radio infrastructure and enhances user
experience
Deployed inline on Gi LAN, optionally consolidated with other L4-7
functions

To stay in touch please join our LinkedIn Group!

F5 Solutions for Service Providers

F5 Solutions for Service Providers

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to F5 Solutions for Service Providers

Similar to F5 Solutions for Service Providers (20)

More from BAKOTECH

More from BAKOTECH (20)

Recently uploaded

Recently uploaded (20)

F5 Solutions for Service Providers

Editor's Notes