Importance of Gi-LAN functions consolidation in the 5G world
Today’s LTE and 4G networks have been playing an important role in supporting mobile broadband services (e.g., video conferencing, high-definition content streaming, etc.) across millions of smart devices, such as smartphones, laptops, tablets and Internet of Things (IoT) devices. The number of connected devices is on the rise, growing 15 percent or more year-over-year and projected to be 28.5 billion devices by 2022 according to Cisco VNI forecast.
Mobile service providers have been challenged to support such a high growth of connected devices and their corresponding increases in network traffic. Adding networking nodes to scale-out capacity is a relatively easy change. Meanwhile, it’s essential for service providers to keep offering innovative value-added services to differentiate service experience and monetize new services. These services including parental control, URL filtering, content protection and endpoint device protection from malware and ID theft, to name a few. Service providers, however, are now facing new challenges of operational complexity and extra network latency coming from those services. Such challenges will become even more significant when it comes to 5G, as this will drive even more rapid proliferation of mobile and the IoT devices. It will be critical to minimize latency to ensure there are no interruptions to emerging mission-critical services that are expected to dramatically increase with 5G networks.
Gi-LAN Network Overview
In a mobile network, there are two segments between the radio network and the Internet: the evolved packet core (EPC) and the Gi/SGi-LAN. The EPC is a packet-based mobile core running both voice and data on 4G/ LTE networks. The Gi-LAN is the network where service providers typically provide various homegrown and value-added services using unique capabilities through a combination of IP-based service functions, such as firewall, carrier-grade NAT (CGNAT), deep packet inspection (DPI), policy control, traffic and content optimization. And these services are generally provided by a wide variety of vendors. Service providers need to steer the traffic and direct it to specific service functions, which may be chained, only when necessary, in order to meet specific policy enforcement and service-level agreements for each subscriber.
The Gi-LAN network is an essential segment that enables enhanced security and value-added service offerings to differentiate and monetize services. Therefore, it’s crucial to have an efficient Gi-LAN architecture to deliver a high-quality service experience.
Figure: Gi-LAN with multiple service functions in the mobile network
Challenges in Gi-LAN Segment
In the today’s 4G/ LTE world, a typical mobile service provider has an ADC, a DPI, a CGNAT and a firewall device as part of Gi-LAN service components. They are mainly deployed as independent network functions on dedicated physical devices from a wide range of vendors. This makes Gi-LAN complex and inflexible from operational and management perspective. Thus, this type of architecture, as known as monolithic architecture, is reaching its limits and does not scale to meet the needs of the rising data traffic in 4G and 4G+ architectures. This will continue to be an issue in 5G infrastructure deployments. The two most serious issues are:
- Increased latency
- Significantly higher total cost of ownership
Latency is becoming a significant concern since lower latency is required by online gaming and video streaming services even today. With the transition to 5G, ultra-reliable low-latency connectivity targets latencies of less than 1ms for use cases, such as real-time interactive AR/ VR, tactile Internet, industrial automation, mission/life-critical service like remote surgery, self-driving cars and many more. The architecture with individual service functions on different hardware has a major impact on this promise of lower latency. Multiple service functions are usually chained and every hop the data packet traversing between service functions adds additional latency, causing overall service degradation.
The management overhead of each solution independently is also a burden. The network operator must invest in monitoring, management and deployment services for all devices from various vendors individually, resulting in large operational expenses.
Solution – Consolidating Service Functions in Gi-LAN
In order to overcome these issues, there are a few approaches you can take. From architecture perspective, Service-Based Architecture (SBA) or microservices architecture will address operational concerns since leveraging such architecture leads to higher flexibility and automation and significant cost reduction. However, it less likely addresses the network latency concern because each service function, regardless of VNF or microservice, still contributes in the overall latency as far as they are deployed as individual VM or microservice. 
So, what if multiple service functions are consolidated into one instance? For example, CGNAT and Gi firewall are fundamental components in the mobile network, and some subscribers may choose to use additional services such as DPI, URL filtering. Such consolidation is feasible only if the product/ solution supports flexible traffic steering and service chaining capabilities along with those service functions. By consolidating Gi-LAN service functions into one instance/ appliance, it helps drastically reduce the extra latency and simplify network design and operation. Such concepts are not new but there aren’t many vendors who can provide consolidated Gi-LAN service functions at scale.
Therefore, when building an efficient Gi-LAN network, service providers need to consider a solution that can offer,
- Multiple network and service functions on a single instance/ appliance
- Flexible service chaining support
- Subscriber awareness and DPI capability supported for granular traffic steering
- Variety of form-factor options – physical (PNF) and virtual (VNF) appliances
- High performance and capacity with scale-out capability
- Easy integration and transition to SDN/NFV deployment
How A10 Networks Can Help
Thunder CFW consolidates Gi-LAN network components, including Gi/SGi firewall, CGNAT, DDoS protection, load balancing, and DPI along with service chaining capabilities. It can be enabled concurrently at scale, whether physical (PNF) or virtual (VNF) options. A10’s solution has taken a service-bases architecture (SBA) approach enabling the best level of services granularity to provide the optimum latency and TCO characteristics.
For more details of our 5G Gi-LAN solution, please refer to:
- Solution Brief: Efficient Gi-LAN In Consolidating DPI and CGNAT Into Gi-FW
- Webinar: Evolution of Security in 5G Networks
- Blog: The Threat in Your Pocket: Why Mobile Security is Critical to Today’s Security Strategy
- Website: 5G Mobile Network Security
 Section 4.1 of the 5G-PPP white paper] – “since each microservice contributes in the overall latency, it is challenging to predict the latency of a specific service, especially in cases of large and distributed systems.”