The Fast Mode spoke to Johan Ledin, Product Marketing Manager at Emblasoft on new encryption technologies and their impact on today's networks. Johan joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: How does encryption affect telecom operators in managing their networks?
Johan: Control and user plane data has, traditionally, provided an independent, objective source of information that can be used to support network assurance programmes. It has also been a valuable source for analytics processes that are used to understand subscriber behaviour and much more.
Network operators have been able to access this information via specialised monitoring platforms that use passive tap points to capture the raw data, which is then processed and filtered via mediation solutions, delivering output that can be visualised, shared with other processes, and so on.
The data shows what actually happens during network events and sessions – for example, when a mobile device attempts to attach to a cell, to initiate a session, or to place a call to another terminal – in the network or elsewhere.
We’ve been able to use this data for all generations of the mobile network and a significant industry has grown around this, helping operators to access this data and to present it in usable formats.
However, 5G brings a different approach. That’s because traffic (control and user plane) is encrypted – so traditional passive monitoring approaches cannot work, because the data cannot easily be decrypted for further processing and subsequent analysis.
An alternative approach to passive monitoring depends on analysis of reporting information provided by the vendors of the Network Functions (NF) that handle sessions, admission and so on. However, this data is not objective in the sense that it is dependent on internal logic and control by the NF concerned.
It is a valuable source of data and, of course, remains a necessary resource for mining information, but it is not sufficient. It’s always been the combination of vendor solution data output and network control and user plane data that has yielded the most effective means of delivering outstanding assurance – and hence insights and optimised customer experiences.
As a result, operators must either decrypt all traffic data – by definition, a difficult or unachievable task – or rely solely on the data provided by vendor NFs. This will impede troubleshooting and undermine efforts to optimise network performance and, ultimately service and subscriber experiences. An alternative solution is required so that operators can obtain the objective source of data they need to complement and supplement vendor-provided NF data.
Tara: What technologies/techniques can potentially help in delivering visibility into encrypted traffic?
Johan: Active Monitoring is the optimum solution to this problem. With Active Monitoring, specific traffic patterns and scenarios can be modelled and tested, in production networks. It depends on the use of software ‘agents’ that are deployed in the live network and which participate in real sessions, just as user or end-devices do. However, they can capture metrics regarding each session, which can be used for assurance purposes – providing the insights necessary to supplement vendor-provided NF data.
With Active Monitoring from Emblasoft, any kind of session can be created, so that all valid (or invalid) traffic scenarios can be modelled – giving operators a realistic picture of actual service and network performance, from the perspective of the devices that experience the connectivity delivered.
By scaling up and down the number of active agents, results can be obtained from samples that reflect real levels of activity and the number of active subscribers and devices.
This approach solves a key problem – the inability to access encrypted streams of control and user plane data. However, it also goes beyond this, because, even if it were possible to always access encrypted traffic, the volume of data traversing the network with 5G services would demand correspondingly massive increase in the processing capabilities of passive monitoring solutions – vastly increasing cost and complexity. The overhead of managing passive solutions would scale disproportionately – adding to the cost base of operators that are already challenged by the CAPEX demands of rolling out 5G networks.
A further complication is the service diversity that 5G brings. There will be new forms of differentiated services, designed and optimised for IoT applications and devices, as well as new kinds of human interaction. These will have more complicated KPIs and service performance parameters, and require mapping between traditional KPIs and new ones that are required for different industrial and vertical sectors.
However, with Active Monitoring, sessions can be tailored to exactly mimic the conditions required in such services and, with the agents directly replicating services, highly granular control and reporting can be enabled, so that service experiences can be understood with the requisite accuracy.
Active Monitoring provides a more accurate and cost-effective approach to handling new 5G services, applications and traffic scenarios, as well as the volume of data traffic, while avoiding the issue of encryption, that enables operators to deliver the assurance they – and their customers – will demand.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.
