There has been more news lately about some high-profile botnets, and the latest was one of the largest ever seen in Internet history, causing Internet slowdowns to hundreds of millions of users. The scale was orders of magnitude larger than anything seen before, affecting the very core Internet routers that make the Internet function. As mobile networks evolve to all-IP networks, these are the very security concerns operators should be focused on.

In this latest episode, attackers first targeted Spamhaus, and then the security company hired to break the attack, CloudFlare. A domino-effect ensued for any and all companies and groups associated with either Spamhaus or CloudFlare, peaking with a stream of data as big as 300 billion bits per second, which compromised sites – slowing them down or making them unavailable – for as many as nine days.

At the core of the assault was a powerful botnet — a network of thousands of remotely controlled, infected computers that caused a distributed denial of service (DDoS) attack. That attack is expected to be re-launched in upcoming days, according to Internet chatter, and it is causing security experts like Kaspersky Labs to note that DDOS-type activity is increasing rapidly, and far more malicious than fraudulent service and network security breaches of the past.

How Can DSRs and Policy Servers Help Mobile Operators?

For mobile operators, the rise in malicious attacks highlights a need to go beyond a socialized approach where one appliance is trusted as a security gateway. It pushes everyone toward a multi-layered-security approach, where operators protect the core, the transport layer and the application layer from rogue sites.

The Diameter Signaling Router (DSR) and Policy Server (PCRF) can strengthen security at particularly the control and application layers. Because botnets exploit routing software and servers, DSRs and Policy Servers play a role in preventing amplifications that otherwise get out of control and bring down networks.

For example, in our recent whitepaper, “Multi-layer Security for the Digital Lifestyle Provider,” we describe Access Control(ACL) Lists, Topology Hiding, Encryption, Congestion Control and other security measures augmented by the DSR and/or PCRF.

We look at the ways in which operators can add layers of protection, such as by implementing topology hiding, which protects the network host names from a DDOS. and we look at how encryption can be used for safeguarding subscriber data.

All in all, the operators’ strategies have to be proactive and multi-layered in order to prevent access from unknown partners or rogue sites. There’s no question the growing sophistication of services, and the mobilization and social revolution underway will mean not only innovation, but also more malicious security threats among operators and the third parties with which they will work – intentionally or not.

When natural disasters like tropical storm Sandy hit, IP networks bring about a different challenge than traditional networks. Where network operators traditionally could block or throttle traffic after a storm to ensure congestion would not bring down networks, the status quo now is to have many elements of the network under the control of a 3rd party, which means operators cannot directly control all parts of their networks in a crisis.

Because IP invites many new methods for communicating, it also has to invite many new methods for managing the network. And as we see it, the network must be controlled at two different points: the packet network where the data flows, and the control plane where the signaling controls the sessions.

We also see two distinct forms of signaling, with signaling in the RAN and signaling at the core with Diameter. These forms of signaling serve different purposes. The signaling at the RAN typically establishes data session (or voice session if applicable), and signaling in the core uses Diameter to authorize and authenticate subscribers. Though the latter is not invoked as frequently as RAN signaling, it is just as critical to the operations of the network.

As proven during Sandy and other natural disasters, congestion of the core signaling network is a key concern operators have to address when friends and families flood lines in search of loved ones. When the core fails, nothing works, therefore making the core becomes a critical component in the network. This was also true within the SS7 domain, where operators also blocked traffic at the core level.

But, in using a point-to-point architecture, where the Diameter end-points are actually embedded within a network element, blocking of traffic could become difficult, if not impossible. That is attributable to the fact that congestion control can be applied only at the point at which the function resides. It’s well accepted, therefore, that a centralized approach to end-to-end core network congestion control is most effective.

The Importance of a Diameter Signaling Router in Crisis Situations

Geographic redundancy and traffic control is paramount to a robust signaling network that can survive any crisis. There exist countless examples of how the SS7 network survived calamities such as floods, earthquakes, fires, and even terrorist attacks. It was usually geographic redundancy and optimal routing managed through the core rather than the end points that made this possible.

In a Diameter world, the Diameter protocol itself does not inherently support automatic re-routing and disaster recover functions like SS7 did, but the same can be accomplished through a centralized routing function in the network core. That’s why a Diameter routing agent like our Diameter Signaling Router (DSR) is becoming so important to preventing core signaling outages during a crisis. The DSR ensures messages reach their destination through alternative routes known to the DSR. That means the messages so important to subscriber databases like the Home Subscriber Server (HSS) , policy servers (PCRF), charging systems and gateways will get through in times of disaster.

And most importantly, it means operators can continue to generate revenue from services requiring Diameter signaling, even in times of disaster.

4X4SJXBU78FH

Next week Tekelec will be sponsoring and speaking at 4G World in Chicago, Ill.

Randy Fuller, director of strategic marketing, will speak as a panelist at the “Role of Network Services in Delivering Differentiated Services” session during the “Service Enabling Strategies For 4G” track. Mr. Fuller will focus on policy management and enforcement, real-time charging and network intelligence that will enable service providers to profit from 4G services. The panel will be held on October 25 at 3:40 p.m. CT.

The next day at 2:30 p.m. CT, Matt McCann, principal architect, CTO Office, will discuss how to cost effectively scale and secure Diameter traffic in 4G networks. Mr. McCann will speak on key Diameter interfaces and policy, charging and mobility management. Discussion topics include several Diameter routing use cases:

• Policy, charging, roaming and home subscriber server (HSS) access networks
• Connection and transaction scalability
• Screening and topology hiding
• Stateful and stateless routing
• Network monitoring and intelligence

To view more information, check our press release.

Lane Liley, Director of Product Management, discusses the importance of having a robust Customer Experience Management solution to determine subscriber QoE.

Tekelec will participate at TM Forum’s Management World 2011 as a summit chair and sponsor. Chief Marketing Officer Susie Kim Riley will lead the “Future of the Telecom Provider” session on May 24 at 4:15 p.m.

The session is part of the “Enabling Service Innovation Summit” portion of the “Driving Business Innovation Forum.” Presenters include representatives from Deutsche Telecom, IBM, Alcatel-Lucent and Telcordia who will cover topics such as:

• Developing new business models to create new revenue sources
• Establishing profitable relationships with applications and content providers
• Empowering marketers to drive service innovation in India

The full agenda can be found here.

Riley brings more than 20 years of technology innovation and development focused primarily around policy control, quality of service, and networking. She has been well recognized as the thought leader and key advocate for policy control, starting with her founding Camiant in 2003.

Supporting Resources

Customer Experience Management White Paper

Customer Experience Management Portfolio

Smartphones and tablet devices are selling like hotcakes and mobile Internet demand is through the roof. Unfortunately for operators, while mobile data traffic is exploding, revenue is not. To cope, they must both maximize efficiency to trim the bottom line and create new services to grow the top line.

Join Tekelec and Yankee Group at this webinar on April 21 to learn how Network Intelligence (NI) can help operators address this challenge. NI’s combination of managing session data, granular subscriber usage data and device information coupled with network performance management gives operators the insight, control and agility they desperately need.

Sign up today.

The rapid uptake in smartphones and data-hungry applications such as mobile video and social networking has set the stage for the mobile data explosion. Operators are being forced to evolve their networks to higher bandwidth IP networks such as long term evolution (LTE) to handle the surge in mobile application bandwidth demands.

Attend this free Tekelec webinar  on March 17 to learn more about the path to LTE and how operators can create an intelligent network core and create new revenue opportunities. Topics of discussion include:

• Factors driving the mobile data explosion
• Scaling the control plane in packet core networks
• Managing and monetizing mobile data services

Register today.

By Olivier Terrien, Director of Strategic Marketing

We are in the age of the data tsunami. Equipped with increasingly smart devices, dongles and tablets, consumers are devouring mobile bandwidth at an unprecedented pace with no end in sight.

Unfortunately, radio access network (RAN) technologies, delivery architectures and economics haven’t kept pace with customers’ increasing appetite for mobile broadband access. Techniques used by handset manufacturers to optimize the customer experience, such as saving battery life, are severely impacting the signaling load and resources in the RAN. Mobile network congestion is increasing as more and more subscribers flock to data-intensive devices and applications. This congestion strains network resources and bandwidth, negatively impacting subscriber’s quality of experience (QoE) and creating churn because subscribers – especially smartphone users – won’t remain loyal if service quality doesn’t meet their expectations.

RAN congestion is a complex challenge, and there’s no simple solution to the problem. Each network reacts differently to bandwidth surges and rapidly changing usage patterns, depending on its capacity and network resources. Adding capacity to the network to prevent peak-usage congestion – essentially over provisioning the network – isn’t a cost-effective or practical answer since RAN bandwidth is still very expensive compared to core network bandwidth. Yet, finding a solution to RAN congestion is critical to long-term success, since RAN congestion has a direct and immediate impact on QoE and ultimately to subscriber loyalty.
Maintaining optimal QoE takes more than simply mitigating RAN congestion. It requires the ability to improve the customer experience with intelligent policy shaping that dynamically balances QoE with available network resources. That’s the idea behind Tekelec’s RAN-Aware Policy Management solution. It combines both historical and real-time data collected, parsed and analyzed from several sources including passive signaling and user data probes, RAN alarms, Location base servers with subscriber profile information to inform the policy-decision process. The solution delivers static and dynamic visibility into the RAN, which the operators need to detect what’s taking place and uses that visibility to shape policy management in real time.

As the mobile broadband market heats ups, RAN congestion management will continue to take center stage. There’s no doubt that it’s a vital component in the quest to ensure QoE. However, long-term success in this highly competitive and consumer-drive market takes more than simply delivering bandwidth. It requires end-to-end, context-aware solutions that enable operators to dynamically shape and influence policy, tune and balance network resources in real time, and measure quality of experience to continually improve service usage and customer loyalty, yielding higher revenues.

More information about how to tackle RAN congestion can be found here.

Director of Strategic Marketing Olivier Terrien discusses RAN congestion and the benefits of Tekelec’s RAN-Aware Policy Management solution.