It's an exciting time for mobile service providers. Devices such as the Apple iPhone and RIM BlackBerry mean making phone calls is a nice addition to a platform that allows you to surf the Web and download music and videos. All this requires mobile operators to enter into a new world of IP.
I caught up with Mark Grayson and Kevin Shatzkamer, co-authors of IP Design for Mobile Networks ahead of the Cisco Live event to discuss how mobile operators can implement all-IP networks, what enterprises and service providers can learn from each other, and how IPv6 affects the mobile world.
As a Cisco distinguished consulting engineer, Mark leads Cisco's mobile architecture strategy. He has 15-plus years of wireless experience, and holds more than 50 patents in mobile communications.
Kevin has worked with Tier-1 mobile operators on every continent. For the last year, he has been focused on consulting systems architecture for Sprint-Nextel.
Linda Leung: Why should mobile operators build an IP-based mobile network?
Mark Grayson: IP needs to be positioned both from a bottom line perspective and from a top line perspective. From a bottom line perspective, it's clear that mobile operators need to move to start to offer mobile broadband services. They cannot do that profitably using the legacy SDH/TDM hierarchical approach to building mobile networks. IP allows mobile operators to leverage the Ethernet cost curve to allow them to deliver mobile broadband at a lower cost of production.
From a top line perspective, it's clear that mobile operators need the key service-enabling functionality which then allows them the opportunity to derive value from those IP flows carrying across their networks. As circuit switched voice and simple SMS message commoditize, operators need to learn how to deliver IP services to their subscribers.
Kevin Shatzkamer: IP has historically been more cost-efficient to deploy than legacy TDM infrastructure. As 4th generation mobile networks are all-IP end-to-end, migrating from a TDM network to an IP network in phases, including transport networks and services networks, allows for the foundation IP layer of 4G to be in-place when the radio infrastructure becomes available. Technologies like video, VoIP etc., which have historically been constrained to the fixed and Wi-Fi domains, will be delivered over the wireless WAN in the future. For this reason, an all-IP mobile network is a game-changer for the wireless industry.
LL: Doesn't bringing IP into the mobile world also mean bringing the security issues of IP into the mobile world? What are the major security issues that organizations need to consider when designing an all-IP mobile network?
MG: A very good question. Mobile operator definition and adoption of all-IP networks bring a new set of threat vectors to the network. From the access network perspective, it is critical for operators to understand how a compromised base station or base station site can be used to launch attacks on the rest of the network; clearly the scope of attacks is greater compared to when the base station was connected to the access network via an SDH defined interface.
From an applications perspective, the billions of application downloads from the Apple App Store gives credence to the additional security measures associated with the tethered App Store model, with users having some added confidence that applications downloaded will not include malware or cause increased instability in their device platform. We shall see whether the mobile-device ecosystem aligns around this tethered model or whether the likes of (Google) Android-enabled devices will see the emergence of the generative mobile device we see in the PC world.
KS: Absolutely, but this is more than just a bi-product of bringing IP to the mobile world. It is also a bi-product of devices becoming more intelligent — capable of running more powerful applications, and more "open" to third-party, uncontrolled applications. Open standards-based solutions that reach widespread adoption inherently become targets to those who are malicious. However, not only does bringing IP to the mobile world bring the security issues, but also the security solutions that have long been effective at protecting fixed service-provider and enterprise networks, namely firewalls, intrusion prevention/detection devices, etc.
LL: What can enterprises learn from mobile service provider IP networks?
MG: I would turn the question around: what can mobile service providers learn from enterprise networks? The serving gateway/base station of the latest LTE standard is very close to the Wi-Fi access point/WLAN controller architecture being adopted in the enterprise. Furthermore, if we look at usage on cellular networks we see that a large percentage of that consumption, up to 30% according to Cisco IBSG analysis, happens in the enterprise. Understanding enterprise data and voice adoption will allow service providers to better serve indoor users within the enterprise environment.
KS: Mark raises an excellent comparison, but there are certainly lessons to be learned the other way, as well. Enterprises are quickly becoming part of the "wireless" world — starting with laptops with Wi-Fi and mobile broadband, and now with the strong growth in IT-owned smartphones and sensor networking. Enterprise IT organizations need to look to MSPs (Managed Service Providers) for lessons-learned around asset management, device tracking, connection management, and device provisioning. In addition, the inherent changes occurring in the enterprise workforce — from office worker to telecommuters to the mobile workforce — is driving the enterprise IT organization to understand and implement "mobility" of applications across many different types of networks.
LL: What's the definition of an end-to-end services network? Could you describe such an environment that's live in a customer site and the benefits that they're enjoying?
MG: Cisco provides the infrastructure for international mobile operator 3 to provide Skype access to its users. This allows Skype users access to the application from anywhere, allowing subscribers to communicate with their Skype contacts, including support for Skype features such as presence, instant messaging and more.
KS: An end-to-end services network is one that provides access, authentication, authorization, transport, and delivery of a service — all the infrastructure, both hardware and software, required to deliver content from the source to the requester. One example is the work that Cisco and Sprint did in bringing unified communications solution to the enterprise. This encompasses Sprint mobile transport infrastructure, IP transport infrastructure, voice service infrastructure, and enterprise voice infrastructure. More on this solution can be found in a press release from Sprint.
LL: Could organizations gain the same benefits by deploying fixed-mobile convergence services from service providers rather than building their own mobile IP network?
MG: To scale to provide for the massive scale of mobile broadband adoption requires the integration of smaller cells in order to deliver the required Mbps/km2. Both enterprises and service providers can look to leverage unlicensed Wi-Fi technology for providing offload of the macro network and a lower cost of production as the expensive transport network is offloaded. Cisco already offers a range of solutions looking to integrate Wi-Fi in order to create an FMC service.
KS: Yes and no — there is certainly the point raised by Mark. Integrating unlicensed Wi-Fi technology and offloading the macro network is critical to the future of mobile networks. In general, the access technology becomes agnostic, and a subscriber should seamlessly be able to move between Wi-Fi, WiMAX, LTE (Long Term Evolution) technology, as well as between a public and private/enterprise network, without any interaction. This means that enterprise and service providers will need to work together to bring about the business transformations that wireless broadband offers: collaboration, unified communications, single-number reachability, presence- and location-based services, for instance. Just as enterprises have historically leveraged their ISP to provide IP services such as VPN, the mobile service provider is a key component in the value chain for mobile services.
LL: What are the performance considerations organizations must take into account when designing mobile IP networks?
MG: Performance and in particular scale is critical as to how best to design mobile IP networks. Cisco's own Visual Network Index predicts a 66-fold increase in mobile data over the next five years. Being able to scale networks for massive adoption of mobile broadband systems will be key for operators in the future.
KS: And the growth actually comes from two different phenomena, so to speak. First, there is a growing list of high-performance, feature-rich devices. The RIM BlackBerry, Apple iPhone, Palm Pre, and T-Mobile G1 are just the beginning. These devices consume massive amounts of data — on average between 400MB and 1GB per month. These smart phones consume approximately 33-times more than the typical multimedia-feature phone. Second, sales of mobile data cards are growing exponentially. This laptop-based connectivity option changes the mobile traffic model completely to one similar to a broadband subscriber, and consumes approximately 450-times more data than the typical multimedia smart phone. Between data cards and smart phones, operators have two unique traffic models to consider: one that encompasses sporadic, short-duration, high-bandwidth access from a relatively small number of devices (i.e., the data card "short tail"), and one that encompasses always-on, medium-bandwidth access from a very large number of devices (i.e., the smartphone "long tail").
LL: Let's talk about Mobile IP. This IETF standard is part of both IPv4 and IPv6 standards. Do you advise customers planning a Mobile IP network to design using IPv4 now and turn on IPv6 later on, or design for IPv6 now?
MG: We are facing the reality of IPv4 exhaustion. In many cases the typical way that mobile service is deployed is via a NAT with NET10 addresses being allocated to the attached devices. The key issue is that most users expect to access the Internet on their mobile device and so unless such content migrates to IPv6, then a pure IPv6 device will need to access via a NAT64 device. Cisco is developing carrier-grade NAT solutions to allow operators to decouple the client addressing from content and services.
Operators need to start planning now how they will deal with IPv4 exhaust.
KS: It's always a "cart before the horse" question with IPv6 — there is no need for IPv6 until a large percentage of the Internet, and mobile devices, support IPv6 natively. Let's take devices, first.
On the PC side, this is slowly happening with migrations to Windows Vista, and hopefully picks up steam with the release of Windows 7 — both of which will natively support IPv6. On the handset side, we have been hearing about IPv6-capable devices for some time, but none have reached production yet. However, many of the smartphones being deployed today should have IPv6 capability via software-only upgrades.
On the Internet side, it was good to see Google IPv6-enable its content. With many of the most-visited websites under its umbrella, Google has the ability to drive such technology transformations as IPv6 migration. Unfortunately, there is still a very large percentage of Internet content that cannot be used with IPv6.
When I speak to a mobile operator, I tell them to design for IPv6 now. That doesn't mean "implement now" — it means understand the impacts, understand the necessary steps to transition, keep a constant model of IP address exhaustion, and execute the design at the appropriate time. Planning three to five years into the future and having the right plans and models in-place are always key for service-provider success.
LL: It is said that Mobile IP has a number of security issues. For example, firewalls could block incoming packets in a Mobile IP network; it is possible for eavesdroppers to listen in on conversations; and there are risks of hackers hijacking sessions and posing as legitimate nodes. How far have these security concerns been addressed?
MG: Since IP addressing is static, then today mobility is always achieved by using tunnels. Mobile IP tunnels, GRE [generic routing encapsulation] tunnels, GTP [General packet radio service Tunneling Protocol] tunnels are all used to architect different mobile networks. Because Mobile IP is a host protocol, special attention has been given to security threats, compared to GTP which has no embedded security mechanisms. In all cases, security in mobile networks is based on a hop-by-hop paradigm. This means that if a user is concerned with eavesdropping then they should implement normal techniques for protecting sensitive information, e.g., using SSL/TLS.
KS: Mobile IP has been deployed in 3GPP2 networks for close to a decade. No technology is without its security issues, but proper design and deployment mitigates a lot of these concerns. We can go across the board — SIP, RTSP, HTTP, etc — any non-encrypted protocol has, in the past, and will be, in the future, hacked and cracked. For an enterprise, over-the-top encryption mechanisms is a solution to protect sensitive information. For a service provider, proper planning, understanding of traffic patterns, implementing policy control points, and certainly protecting key databases and infrastructure are part of day-to-day operations that will protect against the vast majority of such attacks.
LL: Final question, what will you be doing at Cisco Live?
MG: I'll be at the Mobility Meet the Expert on Monday, June 26, and speaking on "NG Mobile Networks: Architectural Transformation and Evolution Toward IP."
KS: I've left the Live! event to Mark this year. I will be spending time with the family when Mark talks architectural transformation.
Linda Leung is an independent writer and editor in California. Reach her at firstname.lastname@example.org.