Gi LAN Functions in 5G


LTE and 4G network have been playing an important role to support mobile broadband services Hundreds of millions of mobile devices such as smartphones, laptops, tablets and also IoT devices use video conferencing, high-definition content streaming, and many other services.

The number of connected devices is on the rise, growing 15% or more year over year and will be 28.5 billion networked devices by 2022 according to Cisco’s VNI forecast. Mobile service providers have been challenged to support such high growth of connected devices as well as network traffic volume. Adding networking nodes to scale out its capacity is a relatively easy but may result in adding more complexity. This is an operational and management challenge.

Meanwhile, it’s also essential for service providers to keep offering innovative value-added services to differentiate themselves. These include parental control, URL filtering, malware protection, and ID theft to name a few. Service providers, however, now are facing new challenges of operational complexity and network latency. This is due to services using multiple dedicated appliances from many different vendors.

Such challenges become more serious for 5G. Expect an even more rapid proliferation of mobile and the Internet of Things (IoT) devices. It’s critical to minimize latency. Otherwise it can hinder the growth of emerging mission-critical services expected to increase drastically in the 5G.

Gi LAN Network Overview

In the mobile network, there are two segments between radio network and the Internet; the Evolved Packet Core (EPC) and the Gi/SGi LAN. The EPC is a packet based mobile core running both voice and data on 4G LTE network. The Gi LAN is the network where service providers typically provide various homegrown and value-added services. They use unique capabilities through a combination of IP-based service functions such as firewall, Carrier Grade NAT (CGNAT), deep packet inspection (DPI), policy control, traffic and content optimization. These are technologies are generally provided by a variety of vendors.

Network functions such as a firewall and CGNAT are fundamental services. However, service providers need to classify the traffic and direct it to specific service functions. This may be chained, when necessary, in order to meet policy enforcement and specific service level agreement for each subscriber.

The Gi LAN network is an essential segment which enable enhanced security services and value-added services to differentiate, innovate, monetized services. Therefore, it is crucial to have an efficient Gi LAN architecture to deliver a high-quality service experience.
GI LAN with multiple service functions

Challenges in Gi LAN Segment

Consolidation of networks functions in the 5G infrastructure is increasingly becoming critical. This is especially the case in the Gi LAN segment where mobile service provider offers essential and various value-added services. The typical 4G LTE service provider will have an application delivery controller (ADC), DPI, CGNAT, and a firewall device as Gi LAN service components.

These components are mainly deployed as independent network functions on dedicated physical devices from a wide range of vendors. This makes Gi LAN management and operations complex and inflexible. The network architecture is reaching its limits and not scaling well. The challenge is the continuous rise in data traffic in the existing 4G and 4G+ architectures. This will certainly be an issue in 5G infrastructure deployments.

The two most serious issues with Gi LAN are:

  1. Increased network latency
  2. Higher Total Cost of Ownership (TCO)

Network latency is emerging as a significant cause of concern not only in the current 4G deployments, but also in the new 5G network architectures. Lower latency is highly valued by online gaming and video streaming services today. Ultra Reliable Low Latency Connectivity (URLLC) in 5G targets latencies of less than 1ms. Some of the many use cases include real-time interactive augmented reality, virtual reality, tactile internet, industrial automation, mission/life-critical service like remote surgery, self-driving cars and many more.

Having individual service functions, each on different hardware devices, are detrimental to lower latency. Multiple service functions are usually chained and every hop for a data packet to traverse adds latency, causing overall service degradation. Needless to say, removing some of these services is not a choice because they serve critical needs.

The overhead of managing each solution independently is an additional burden. The network operator must invest in monitoring, management, and deployment services of all devices from various vendors, resulting in a higher TCO.

Consolidating Service Functions in Gi LAN

The efficient Gi LAN segment architecture to overcome those problems is the consolidation of Gi LAN service functions. The easiest example for consolidation is combining CGNAT and the firewall. These are fundamental components in the mobile network.

Other capabilities such as DPI, load balancing, and traffic steering are important functions that expand the service offering and should be consolidated where possible. That way, service providers can further reduce the number of dedicated devices and simplify network operation even with a service chaining architecture.

In addition, the issues of latency and TCO have proven to be applicable for physical network function, virtual appliances or VM based virtual network functions (VNF), and container (microservices based VNF) network functions. You can read more about this from the 5G-PPP Software Network Working Group in their paper, From Webscale to Telco, the Cloud Native Journey.

This concept is not new but there are not many vendors who can tackle multiple Gi LAN service functions at scale. Therefore, when building an efficient Gi LAN network, service providers should consider the solution that can offer the following:

How A10 Networks Can Help

Thunder CFW enables a consolidation of Gi LAN network components. It combines a Gi/SGi firewall, CGNAT, DDoS protection, load balancing, and DPI with application visibility and control. All of this can be enabled concurrently and at scale, whether physical or virtual form factor.


Takahiro Mitsuhata
December 30, 2018

About Takahiro Mitsuhata

Taka brings 15 years of experience in security and networking, with a focus on DDoS protection and application networking. Taka manages the Technical Marketing function at A10 Networks in San Jose, Calif, providing solutions for customers ranging from enterprises to service providers. Prior to A10 Networks, Taka held various technical and management positions at Extreme Networks and Nissho Electronics. READ MORE