fbpx
Skip to main content
Meet the Thunder® Convergent Firewall
Blog

Scale 4G & 5G Security Efficiently, as Mobile Traffic Surges

Gennady Dosovitsky
|
May 13, 2020

Scale 4G & 5G Security Efficiently

Service providers, including fixed and mobile operators, are currently under pressure to supply unprecedented mobile network capacity as mobile data traffic surges and subscribers consume more and more traffic of all different kinds. As operators prepare for and launch 5G networks, they must scale 5G security and other infrastructure to meet these escalating requirements.

Growing 5G Traffic Demand

According to Ericsson, the total number of mobile subscriptions continues to grow at three percent year-on-year reaching around eight billion in Q3 2019 with 61 million subscriptions added during that quarter. Smart-phone subscriptions account for more than 70 percent of all mobile phone subscriptions and are the primary driver of mobile traffic growth of a whopping 27 percent annually between 2019 and 2025, including both 4G and 5G traffic. Growth is also driven by subscribers that are integrating ubiquitous content into their lifestyles and are no longer relying on the broadcast, cable, satellite networks for content delivery but almost entirely on the fixed or mobile internet. This is especially true for younger generations.

Mobile network operators urgently need the means for processing higher traffic volumes in their 4G/LTE and 5G networks and are looking for secure solutions fulfilling these requirements in the most economical way as they continue their 5G deployment and enhance 5G security.

Existing approaches to address the growing demand for mobile network capacity commit mobile network operators to frequent equipment replacement and upgrades to more capable models, which leads to increased capital/operational cost for the provider. It also significantly elevates deployment risk with the new platforms: training and retention of the operational staff is required; adjustments are needed for the network topology to insert more devices; and the reality of a complicated management plane that must manage multiple devices and instances.

Thunder CFW with Scale-out Capability Extends Mobile Network Capacity

The A10 Thunder® Convergent Firewall (CFW) overcomes these limitations with a solution for elastic capacity scaling (referred to as scale-out) that enables operators to seamlessly add nodes to a cluster as a single logical unit, addressing the problem of growing traffic (throughput) demand in a most cost-efficient way. Multiple devices or instances operating within the A10 Thunder CFW cluster extend linear throughput growth and provide built-in redundancy and seamless failover with minimal or no service interruption.

For more information about Thunder CFW performance and characteristics, please read the data sheet

A10 Thunder CFW with scale-out capability:

  • Supports 16 nodes in the cluster with seamless dynamic cluster resizing based on multi-factor orchestration
  • Is agnostic to the external network mechanisms of traffic distribution to the nodes in the cluster
  • Ensures all the nodes are active, efficiently using all resources along with built-in high availability in case one or multiple nodes fail
  • Provides consistent functionality across multiple form factors – hardware, virtual, bare metal, containers, etc.

The scale-out approach preserves the service provider investment into previously purchased equipment with an “add as you grow” strategy instead of replacement.

This approach ensures:

  • Lower upfront capital investment, as equipment expenditures are distributed over years as more capacity is needed.
  • Lower investment risk compared to the massive device replacement required if capacity exceeds device capability.
  • No need for network and management plane changes in the service provider infrastructure (besides just the delivery of the traffic to the newly added nodes)
  • Lower operational cost – no need to retrain the operator’s staff with cluster expanding since the scale-out cluster operates as one logical unit from the management and analytics/visibility perspectives.

Dynamic cluster resizing controlled by external orchestrators delivers unmatched performance resiliency on-demand and built-in redundancy with flexible redundancy schemas (N+M) and seamless stateful failover.

The scale-out capability is available for a single/standalone services like CGNAT and Gi firewall (GiFW) and is applicable for the integrated multi-service platform running firewall, CGNAT, IPv6 Migration and integrated DDoS protection on the same node.

Case Study – Middle Eastern Operator

A recent case study demonstrated the benefits of the scale-out capability.

With digital connections an essential part of people’s personal and work lives, 4G traffic on the service provider’s mobile network was rising sharply. An innovator, the telecom company launched 5G in 2019, and plans to build the largest 5G network in the Middle East.

Deploying Thunder CFW with a scale-out approach enabled the mobile network operator to optimize the performance, security, and cost of its 4G/LTE mobile network and to meet its aggressive plans for 5G. The operator can now add capacity as needed with additional virtual instances. The operator didn’t need to make a large upfront CAPEX investment now to accommodate its throughput needs five years in the future. That savings can be reinvested in innovation.

Categories:

Gennady Dosovitsky
|
May 13, 2020

About Gennady Dosovitsky

Gennady Dosovitsky is a Principal Solutions Architect at A10 Networks covering A10 product line for SP market focusing on A10 5G Security and DDoS protection solutions. Gennady is seasoned professional with many years of domain experience, Prior to A10, he worked for 3Com, P-Cube, Cisco, F5 focusing on deep packet inspection (DPI), application recognition, access control and bandwidth management policing, subscriber awareness and identity, monitoring, reporting, application performance measurement and assurance, prevention of threats and malicious traffic, optimization of the data traffic. Read More