Carlos Contreras 05.

2021
Systems Engineer
 ACCESS SCALABILITY &
ELASTICITY COST

What about Encrypted What is the best approach How can I handle the
Traffic? to monitor User Plane expected Traffic Growth
data? in a cost-effective way?
How to get traffic
visibility while keeping How to avoid the overload What about using
security? of NFV Infrastructure? efficient Metadata
information to enable
How to get an unified What about Automation Cost Optimization….
access to traffic in a and the integration of
Multi Cloud Assurance function with
Environment? Service Policies….

2
3
5G Agnostic & Complete Visibility Service

1 Control Plane Data

Access
1
2 User Plane Data Access

1 3 Control Plane Node

3

2
4 User Plane Node
5
4
5 Tool connectors

Keysight confidential 4
 Compute Node

Compute Node

vProbe
5G Pod vProbe
Node Tool
CPN
Selective mirror
Traffic
vProbe • Packet Optimization
vProbe
Tool
CPN • Subscriber-aware Intelligence
E/W Traffic

vswitch • Application Intelligence

vswitch

TAPs or SPAN from

Spine/Leaf fabric for
(Nx ports)

Probe
Monitoring Network (Monitoring Access Points Probe
Probe
Vision Platform dimensioned
at PoP / DC level
OFFLOAD UP Traffic Monitoring (typically Monitoring
Probes and Tools
North-South) to provide SCALABILITY and avoid OFFLOAD UP Traffic
Management
IMPACT in virtual functions and Virtual
infrastructure 5
Christophe Olivier – Sr. Product Manager – Visibility & Virtualization

6
Keysight
Visibility Keysight
Visibility

Keysight
Visibility
Keysight
Visibility

7
KEYSIGHT VISIBILITY

Visibility Fabric & Assurance & OSS

5G Network Functions
Orchestration

Cloud / Elasticity / Correlation

Control Plane Node
SCP

User Plane Node

Aggregation / Scalability / Optimization

8
Container Monitoring – Integration With or without Service Mesh (SM)

5G Network Visibility Fabric & Assurance & OSS

Orchestration Functions

Visibility Orchestrator

Control
Plane Node

SMF Pod Configuration,

Node Policy, Statistics
AMF Pod
Node

User Plane Node

vTap GRE, VxLAN, VPN

Tunnel
5G SA SBA Nodes (Physical or Virtual)

UPF
9
 CloudLens Manager
(CLMS)
Virtual Network Tapping
• vTap Lifecycle Mgmt.
Mirroring, Filtering, Forwarding • Policy Management

Virtual Network Packet Processing

NetStack, PacketStack, AppStack capabilities

Virtual Tools

PacketStack Security
Physical Tools
Performance
Security
Analytics
Performance

Monitoring
Analytics
Monitoring
vSwitch vSwitch

Monitoring
Ixia Vision Series
Network Packet Broker

GRE-VLAN-ERSPAN – Custom Tunnel

Production Network

10
 CloudLens Manager
• Deployed as a sidecar container. Gives
visibility to inter-POD communication.
USERS
• Filtering at the source sensor.
Public/Private
Cloud
• Agnostic - no dependencies on specific
Metadata networking drivers like Calico, Flanel,
etc.
Security
Group • No impact in the deployed infrastructure
Pod (independent resource assignment)
Node
• Deployed at POD level vs Node level
Pod
Node
vTap
APM
Group
provides:
• Automatic scaling and elasticity
• Independent POD level resource
assignment.
Health
Check
Group
• Security. Isolated at PoD level with no
access to other POD traffic, even if they run
in the same Node.

11
 • New instances are automatically categorized
USERS MANAGEMENT
• Filtering rules are automatically applied based on grouping

Cloud B
Cloud A

Security

Slice 1

Slice 2 SOC

Voice
DB Quality
Group

12
Open5GS Monitoring
Example

Optional Title of the Presentation 13

 ARCHITECTURE OPEN5GS WITH CLOUDLENS AND LOADCORE

CloudLens Manager

Pod Pod Pod Pod Pod Pod

CloudLens CloudLens CloudLens CloudLens CloudLens CloudLens

• Group Policy Management Sidecar
• Policy Management
Sidecar Sidecar Sidecar Sidecar Sidecar
• Automation
NRF AUSF PCF UDR NSSF SMF

5G Service Based Interface

GRE Tunnels N4

Analyse
CloudLens CloudLens CloudLens
Sidecar Sidecar Sidecar

AMF UDM UPF

N1/N2 N6
Pod Pod
Pod Pod Pod
N3

14
Optional Title of the Presentation 15
16
 Vision Edge Vision ONE Vision 7300
Vision X

E10S/E40/E100: 1U – Non-blocking Arch

Size 1U – Non-blocking Arch 3U – Non-blocking Arch 7U – Non-blocking Arch
EOS 7816 – 2U Non-blocking Arch
Modules / 4x Front (NetStack / PacketStack / VAM) Up to 6 Cards (Multiple
N/A VAM internal for Active SSL
Cards 1x Rear - PacketStack options)

E10S: 48x1/10G
E40: 48x1/10G, 6x40G - Breakouts
48x1/10G, 4x40G Up to 384x10G, 96 x
E100: 32x Multispeed (32x 40/100G or Up to 108x10G, 76 x 40G, 60 x 100G Ports
Ports 64 x 50G or 128 x 10/25G Ports)
Breakout 10G to/from 40G 40G, 72 x 100G Ports
possible
EOS 7816: 64 x 40/100G (80x
10G/25G/50G)

NetStack
Up to 40G at E10S
PacketStack Netflow from FPGA (20G)
Up to 160G Up to 2 Tbps Up to 2.4 Tbps

AppStack Up to 30G Up to 600G (75G per CPU) Up to 180G

OOB SSL up to 18G OOB SSL up to 152G (19G per CPU)

SecureStack Inline SSL up to12G Inline SSL up to 200G (25G per CPU)
OOB SSL

GTP corr (1600G UP / 512M ses.)

GTP-U Load
MobileStack VoLTE/SIP+RTP corr. GTP-U Load Balancing
Balancing
VoLTE/SIP+RTP corr planned
IFC
Inline Except E7816 17
• Running VEOS over EdgeCore AS7816-64X (Tomahawk II switch with 4 pipes)
• Compact 2 RU form factor with redundant power and cooling
• Front to back air or back to front flow cooling design
• NetStack capabilities
GRE / VxLAN tunnel Origination
• 64 x 40/100 G native ports; multispeed capable and Termination now supported
• Up to 40 x (2x50G) at NetStack for ALL Vision Edge
• Up to 20 x (4x 10/25G) devices (E40 / E100 / VEOS 7816)
• 12.8 Tbps non-blocking, bi-directional forwarding architecture
• HTML5 based, easy to use point-and-click GUI
• Support for Ixia Fabric Controller (IFC)

18
Keysight SOLUTION – Correlate, Select and Load Balance up to 1600Gbps

25Gbps
1600
Gbps
25Gbps

8M Whitelist 25Gbps

Ixia Intelligent Stacks ➔ >50% reduced Solution budget!

➔ Scalability with Cost Contention 19
1. AUTOMATION: Automatic Filter Compiler & Clustering – Zero
Touch, Zero Error with NetStack

2. TRAFFIC ADAPTATION: Line Rate Packet Manipulation – Zero

loss with PacketStack

3. COST CONTENTION: High Perf & Scalable Subscriber based

Traffic Optimization with MobileStack

20
 At Session / Subscriber (GTP) level
At Call (VoIP/VoLTE) Level

GTP (CP / UP) Correlation

SIP / RTP Correlation

Based on RAT, ULI, QCI, APN…

Load Balance and Protect probes

Up to 8M discrete subscribers in a whitelist
21
Calling/Called Whitelists for SIP/RTP
Scalable visibility for TelCo Data Centers today and tomorrow.

✓ High density 100 GE, 3RU modular chassis. 6.4 Tbps

switch capacity
✓ Up to 2 Tbps of advanced packet processing –
PacketStack
✓ Up to 600G of Application Intelligence processing –
AppStack
✓ Up to 1600G / 512M Sessions of Mobile traffic
optimization – CP/UP separation - MobileStack
✓ Up to 200G of Active SSL decryption - SecureStack
✓ OOB and inline support
✓ IFC clustering with other Vision platforms
22
 • Mix-and-Match Modules for increased GTP-U or GTP-C capacity
• Allows Independent SCALE for GTP-C and GTP-U

Example Vision X Configurations for GTP

Configuration PacketStack AppStack NetStack Max Number Bandwidth Packets Per # 10G ports # 25G ports # 40G ports # 100G ports
Modules GTP- Modules Modules of Second
U GTP-C Subscribers (GTP-U)

Minimal 1 1 3 128M 400G 40M 108 108 64 52

Standard 2 1 2 128M 800G 80M 108 108 64 48
Large User Scale 3 1 0 128M 1200G 120M 108 108 64 32
Massive User Scale 4 1 0 128M 1600G 160M 108 108 64 40
Large Control Scale 3 2 0 256M 1200G 120M 108 108 52 36
Huge Control Scale 2 3 0 384M 800G 80M 108 108 40 32
Massive Control Scale 1 4 0 512M 400G 40M 108 108 28 28

Optional Title of the Presentation 23

 Northbound Interface
Distributed • KPI’s for ALL user sessions • High level Metadata for all
Event • App ID via L4 port user’s sessions, even
Streaming • “Producer” for Kafka Cluster those that are not
Platform
monitored by the probes.

Standard Visibility
• Correlate
• Probes provide extremely
• Sample detailed XDR and Call flows for
• Whitelist the monitored subscribers and
• Load Balance sessions.

Ixia MobileStack

• MobileStack visibility provides multi-leveled visibility into the EPC, feeding all your backoffice
systems from distributed messaging platforms to monitoring probes.
24
Mobile Core visibility evolution

Control / User Plane communication interface

25
Phase 2 & 3 – Disaggregated and Hybrid

26
But…What about Automation and
the integration of Assurance
function with Service Policies?

27
28
 A Complete Visibility Service for 5G Operations that enable the
OFFLOADING of ASSURANCE functions
ONE Visibility Service to serve multiple purposes

• and modification – ONE Visibility Service Component

• by OFFLOADING Assurance functions.
• by reducing the impact of assurance functions as part of
Service Chain (Virtual or Physical OFFLOAD)
• - ONE Visibility Service.
• Allow – AGNOSTIC to the Network and the Tools
• Enable a way for functional Service validation at Application level –
OPTIMIZATION

29