RadSec, Securing RADIUS Message Exchange
With the ever-increasing use of mobile devices for data-rich activities, mobile networks have felt the burden of handling larger amounts of data. To gain relief, mobile operators have turned to offloading data onto Wi-Fi networks that are locally available—not only their own networks but Wi-Fi networks owned by their roaming partners. If the roaming partner’s Wi-Fi network is secured, then the subscriber’s credentials are exchanged between the roaming partner and the home operator, typically over the Internet. These credentials need to be secured while traversing the Internet, and the most common method is to use IPSec secure tunnels. Although IPSec secures and encrypts this critical information over the Internet, IPSec is not without issues and risks.
One issue is that the information is encrypted only from firewall to firewall, leaving the data unencrypted within both operator networks. In addition, setting up IPSec can be cumbersome because of the amount of work typically involved and the number of individuals, which can include the server administrator, network administrator, firewall administrator and security individuals. There’s also the issue of performing key exchanges and testing the connections; the entire process is repeated if either end of the connection needs to be altered, resulting in downtime.
A Solution to These Issues Is RADIUS Security (RadSec)
Although RadSec is still a draft specification within the IEEE (RadSec profile for RADIUS), it’s based on TLS RFC 6614 “Transport Layer Security (TLS) Encryption for RADIUS,” which enables the securing and encrypting of RADIUS messages between the RADIUS client and server. RadSec ensures that all RADIUS messages are secured and encrypted not only when they’re sent over the Internet but also when they’re deeper within each operator’s network, starting with the client and server. Because RadSec is based on TLS, the client and server are mutually authenticated at connection time, ensuring a trusted connection by chaining the certificates to a trusted Root Certificate. By using certificates, the revocation of certificates can be used to eliminate unauthorized connections. In addition, TLS offers encryption of the RADIUS exchange. Encrypting the exchange prevents the exposure of sensitive subscriber information at all points between client and server—within the roaming partner’s network, over the Internet and within the mobile operator’s network—making the entire path secure.
RadSec is flexible and scalable. With RadSec, the client or server IP addresses can be altered without having to reconfigure the secure tunnel settings, as is the case with IPSec. The number of peering clients and servers can also be increased as needed based on operational requirements—without requiring additional work to establish new secure tunnels. This flexibility contributes to RadSec’s scalability. With traditional secure tunnels, if additional roaming partnerships formed, firewalls need to be set up to support the new tunnels. With RadSec, at the most, firewall access control lists (ACLs) would need to be updated to allow traffic from and to the new partner; the same certificate can be used for all roaming partnership connections.
Based on the benefits of RadSec, CableLabs has led the work in Wireless Broadband Alliance (WBA) to introduce RadSec to the WBA Wireless Roaming intermediary eXchange (WRiX).
For more information about RadSec, please contact Luther Smith (email@example.com).
Field Trial Results Show Wi-Fi CERTIFIED Vantage™ Devices Offer Significant Improvement to Network Performance
In a high-traffic, high-volume user environments such as subways, airports, and stadiums, maintaining a reliable connection and moving consistently across access points (APs) in a Wi-Fi network has always been a challenge for users and operators. A solution to this issue is now commercially available in the form of Wi-Fi CERTIFIED Optimized ConnectivityTM and Wi‑Fi CERTIFIED Agile MultiBandTM AP and client devices. These are core certifications to the WFA Wi-Fi CERTIFIED VantageTM program. These Wi-Fi Vantage TM devices contain features that optimize management and control frame transmissions, network discovery, authentication, and network transition. A field trial was conducted to measure the performance of a Wi‑Fi network using of Wi-Fi Optimized ConnectivityTM and Wi‑Fi Agile MultiBandTM devices embedded in a highly congested urban environment centered around a busy subway station. Results show the following improvements over non-Wi-Fi Vantage devices:
Optimized Network Discovery
Without Wi-Fi Vantage, the inefficiencies of network discovery and response messages can severely disrupt existing client connections and make it difficult for clients to attach to the network. The optimized network discovery features in Wi-Fi Vantage include suppression of, and broadcast of, probe responses by the AP and also include probe request deferral and suppression by the client. Field trial results show that the number of probe responses in a Vantage network were reduced by 76% on the 2.4 GHz radios and by 72% on the 5 GHz radios. This resulted in a probe response airtime usage reduction of 67% in 2.4 GHz and 44% in 5 GHz.
Without Wi-Fi Vantage, clients can experience long reconnection setup times when moving back into a previously-joined network. With Wi-Fi Vantage, this re-connection setup time is reduced using Fast Initial Link Setup (FILS) Authentication. When FILS Authentication was tested in the Wi-Fi Vantage network, results showed that the connection setup times decreased by 76% (from 228 ms to 55 ms).
Fast Network Transition
Without Fast Network Transition (FT), clients must perform a full Extensible Authentication Protocol (EAP) when roaming, possibly interrupting the end-user experience. With Wi-Fi Vantage, once a client device decides to roam to a different AP, band, or channel, the association and connection happen quickly and seamlessly. Test results show that FT roaming improved client re-connection setup times by 84%, reducing it from 203 ms to 31 ms. In addition, Fast Network Transition can be deployed with, and will work alongside, FILS Authentication to further optimize client connections and roams.
A full-featured Wi-Fi Vantage network will benefit overall network performance and user experience, especially in high-traffic, high-volume environments. Some Vantage features may already be included in operator-managed Wi-Fi networks using vendor-specific implementation and nomenclature. Field trial results will allow operators to assess the value of a partial- or full-featured Vantage certified Wi-Fi network. CableLabs’ joint leadership with the operator community (cable and mobile operators) created the vision and roadmap for the Wi-Fi Vantage program while partnering with the Wi-Fi ecosystem and will continue these efforts for the next generation of Wi-Fi Vantage.
Wi-Fi Alliance Launches Wi-Fi CERTIFIED 6™ Certification Program
Wi-Fi 6 has been around for almost a year, in the news and on the shelves. Tuesday, however, marked a key milestone to the deployment of the next generation of Wi-Fi connectivity; the Wi-Fi Alliance has announced the launch of the Wi-Fi CERTIFIED 6 ™ certification program. Wi-Fi CERTIFIED 6™ provides the assurance that certified devices will interoperate and meet the industry-agreed standard requirements. With more than one billion Wi-Fi 6 chipsets expected to be shipped annually by 2022, interoperability is playing a crucial role to guarantee a proper operation of Wi-Fi networks and a seamless user experience.
Based on the IEEE 802.11ax standard, Wi-Fi 6 enhances the former Wi-Fi generations by delivering greater network capacity, improving performance in congested environments, increasing data rates, and improving power efficiency. IEEE 802.11ax Working Group started work on the next generation of Wi-Fi back in 2014. The former 802.11 standards focused primarily on delivering higher peak and aggregated throughput but with the rapid evolution of the Wi-Fi landscape, new use cases and challenges needed to be addressed. The exponential growth of Wi-Fi connected devices made it critical to focus on actual field conditions. 802.11ax, known as Wi-Fi 6, addresses the congestion and interference issues seen especially in dense deployments, to deliver higher average throughput per user. The targeted deployments include busy airports or train stations, public venues, mobile traffic offload, and apartment complexes. For Cable Operators this can translate to improved efficiency by serving multiple users at a higher average throughput in a residential environment or public hotspots.
Wi-Fi CERTIFIED 6™ key features
Wi-Fi CERTIFIED 6™ certification program includes a series of key features listed below:
- Downlink and uplink Orthogonal Frequency Division Multiple Access (OFDMA) where the channel width is split in different sub-channels that allocated to different clients. OFDMA increases the system efficiency while decreasing the latency in dense deployment, making more efficient use of the available spectrum. This allows multiple users to be served simultaneously compared to Wi-Fi 5 and earlier where a single user is served one at a time.
- Downlink Multiple User Multiple Input, Multiple Output (MU-MIMO) increases the system capacity. MU-MIMO was introduced in Wi-Fi 5 and is part of Wi-Fi 6 extends the capability to serve up to 8 users concurrently.
- Quadrature Amplitude Modulation (QAM) 1024 increases the peak throughput by 25% in good conditions compared to Wi-Fi 5.
- Transmit beamforming uses several transmit antennas on the access point to focus the signal to then destination station. This enables higher data rates at a longer range.
- Target Wakeup Time (TWT) is based on a scheduler that allows devices to negotiate when and how often they will wake up to send or receive data. TWT improves battery life of devices, a feature required for Internet of Things (IoT) devices.
- Basic Service Set (BSS) coloring allows for devices to recognize if incoming traffic is from an adjacent network, allowing devices to take measures to adapt transmissions to optimize intra-network activity.
Wi-Fi 6 certified devices must also meet 3 prerequisites:
- Wi-Fi CERTIFIED N (Wi-Fi 4) and Wi-Fi CERTIFIED AC (Wi-Fi 5) certifications ensure a backward compatibility with former Wi-Fi standards.
- Wi-Fi CERTIFIED Agile Multiband allows devices to make intelligent access point, band, and channel selection, improving efficiency and consistency on congested wireless networks.
- Wi-Fi CERTIFIED WPA3 improves security standards for authentication, authorization and encryption, resolving some vulnerabilities issues of WPA2 that emerged over the past years.
The Role of Wi-Fi 6 in the 10G Platform
Earlier this year, CableLabs® introduced 10G™, the cable industry’s vision for delivering 10 gigabit networks. The 10G platform includes a collection of technologies enabling 10 Gbps symmetrical speeds, lower latencies, enhanced reliability, and security. In addition to the wired related technologies such as DOCSIS 4.0 and P2P coherent optics, the platform includes a set of wireless technologies as an integral part of the network (e.g. Dual Channel Wi-Fi™ and Low Latency Wi-Fi). With almost half of the Internet traffic initiated from Wi-Fi connected devices, the cable industry is devoted to developing and enhancing wireless networks for a seamless user experience. Wi-Fi 6 increased capacity, lower latency, and higher throughput is supporting the necessary evolution of the wireless technologies to address the 10G roadmap.
Wi-Fi 6 is also addressed by Kyrio™, a subsidiary of CableLabs. Kyrios’s Wi-Fi 6 test setup (based on Otoscope®) provides a lab environment for controlled testing. In addition, the Kyrio test house is equipped with Wi-Fi 6 devices to simulate a real-world experience and characterize Wi-Fi 6 performance in a residential environment.
MAC Address Randomization: How User Privacy Impacts Wi-Fi And Internet Service Providers
In the era of mobility, location tracking is a major privacy concern for portable device users. Although a growing number of applications make use of location data, operating systems (OSs) provide the ability to turn off location services provided by the GPS or cellular/Wi-Fi connectivity. Wi-Fi access points, however, can monitor device locations without user consent by means of MAC addresses. As a countermeasure to this privacy threat, OS developers are anonymizing MAC addresses, thereby raising technical concerns among network operators.
Unique MAC Addresses Enable User Privacy Infringement in Wireless Networks
Every Wi-Fi radio has a unique 48-bit identifier called a MAC address that is assigned by the manufacturer. The MAC address is a Layer 2 (L2) address used to identify the source (sender) and the destination (receiver) of frames by most 802 network technologies, including Ethernet, Bluetooth and Wi-Fi.
Back in 2013, the privacy implications of targeted probe requests started to become widely publicized. Several companies were reportedly logging and tracking the addresses of nearby devices in unassociated states. In addition, during the connection to the AP, customers were not notified upfront that their movements would be tracked, and historic location data could be used for marketing purposes or sold to third parties.
MAC Address Randomization Increases Device Anonymity …
In response to these privacy vulnerabilities, most OSs—including Android, iOS, and Windows—began to implement their own variant of MAC address randomization while probing the Wi-Fi network. This probe mode guarantees anonymity until the client gets associated with an AP. IEEE 802.11 also stepped up to specify a similar feature in the IEEE 802.11aq Pre-Association Service Discovery amendment to the 802.11-2016 standard.
More recently, OSs have started to implement the use of MAC address randomization for device association to the network. The address is kept consistent per network (i.e., Service Set Identifier [SSID]), so the user doesn’t have to authenticate each time it connects to the same SSID. This feature was added to Android P for experimental purposes, whereas Android Q randomizes the MAC address by default, with per-network customization. Windows 10 implements a similar scheme, while iOS 12 supports the probe mode only.
… But Raises Concerns Over Networking Equipment and Services
Although MAC address randomization is evidently a major step toward user privacy, it can have a wide range of repercussions impacting the Wi-Fi network and other related services. The concerns can be classified into two major categories depending on how/where the MAC address is used, the L2 network layer or the system layer.
At Layer 2, MAC address randomization can impact network components: One client may be reported multiple times, and networking equipment might be filled up with outdated MAC addresses. Changing MAC address can also negate the effectiveness of some wireless features. For example, band steering and client steering that optimize client connectivity in a multiple AP environment depend on a unique MAC address for probes and association. To address these concerns, IEEE 802.11 recently formed a Random and Changing MAC Addresses (RCMA) group that is assessing the impact of changing MAC addresses on 802.11 features, for both associated and unassociated device states.
Because the MAC address is a Layer 2 identifier, its usage was not intended for beyond L2 networking. In a recent Liaison Statement to the Wireless Broadband Alliance, the IEEE 802.11 working group “strongly recommends against using any specific MAC address as an identifier for a user or device, outside the scope of the layer 2 communication.” However, due to its ubiquity and, so far, expected uniqueness, the MAC address is widely used for various purposes, such as security, access control and billing. The following are examples of such uses:
- MAC-based access often admits or denies wireless association based on the connecting device’s MAC addresses. This includes authentication methods using the MAC address in lieu of a username and password, Pay Per Use (PPU) passes and short-term complimentary services.
- Some accounting and billing systems use the MAC address as a unique device identifier.
- MAC address filtering is often used to add an extra layer of protection on the network (white/blacklist) and enforce policies such as parental control.
- Monitoring, troubleshooting and analytics of Wi-Fi deployments, including help desks, often rely on MAC addresses as part of the client identity.
- Lawful interception makes use of MAC addresses.
Although no recent public data are available, the use of randomization is expected to increase in the near future as more OSs implement it. The definition of a universal randomization policy would support user privacy while ensuring that Wi-Fi and Internet service providers can take proactive measures to update applications and upgrade networking equipment. This requires the involvement of all stakeholders, including standards bodies, hardware/software manufacturers, service providers and OS developers.
CableLabs is currently addressing this topic in the wireless R&D group. Please contact me if you’re interested in getting involved. To learn more about our work in standards and industry consortia, see our members-only (login required) wireless space.
Leveraging Machine Learning and Artificial Intelligence for 5G
The heterogenous nature of future wireless networks comprising of multiple access networks, frequency bands and cells - all with overlapping coverage areas - presents wireless operators with network planning and deployment challenges. Machine Learning (ML) and Artificial Intelligence (AI) can assist wireless operators to overcome these challenges by analyzing the geographic information, engineering parameters and historic data to:
- Forecast the peak traffic, resource utilization and application types
- Optimize and fine tune network parameters for capacity expansion
- Eliminate coverage holes by measuring the interference and using the inter-site distance information
5G can be a key enabler to drive the ML and AI integration into the network edge. The figure below shows how 5G enables simultaneous connections to multiple IoT devices generating massive amounts of data. The integration of ML and AI with 5G multi-access edge computing (MEC) enables wireless operators to offer:
- High level of automation from the distributed ML and AI architecture at the network edge
- Application-based traffic steering and aggregation across heterogeneous access networks
- Dynamic network slicing to address varied use cases with different QoS requirements
- ML/AI-as-a-service offering for end users
ML and AI for Beamforming
5G, deployed using mm-wave, has beam-based cell coverage unlike 4G which has sector-based coverage. A machine learned algorithm can assist the 5G cell site to compute a set of candidate beams, originating either from the serving or its neighboring cell site. An ideal set is the set that contains fewer beams and has a high probability of containing the best beam. The best beam is the beam with highest signal strength a.k.a. RSRP. The more activated beams present, the higher the probability of finding the best beam; although the higher number of activated beams increases the system resource consumption.
The user equipment (UE) measures and reports all the candidate beams to the serving cell site, which will then decide if the UE needs to be handed over to a neighboring cell site and to which candidate beam. The UE reports the Beam State Information (BSI) based on measurements of Beam Reference Signal (BRS) comprising of parameters such as Beam Index (BI) and Beam Reference Signal Received Power (BRSRP). Finding the best beam by using BRSRP can lead to multi-target regression (MRT) problem while finding the best beam by using BI can lead to multi-class classification (MCC) problem.
ML and AI can assist in finding the best beam by considering the instantaneous values updated at each UE measurement of the parameters mentioned below:
- Beam Index (BI)
- Beam Reference Signal Received Power (BRSRP)
- Distance (of UE to serving cell site),
- Position (GPS location of UE)
- Speed (UE mobility)
- Channel quality indicator (CQI)
- Historic values based on past events and measurements including previous serving beam information, time spent on each serving beam, and distance trends
Once the UE identifies the best beam, it can start the random-access procedure to connect to the beam using timing and angular information. After the UE connects to the beam, data session begins on the UE-specific (dedicated) beam.
ML and AI for Massive MIMO
Massive MIMO is a key 5G technology. Massive simply refers to the large number of antennas (32 or more logical antenna ports) in the base station antenna array. Massive MIMO enhances user experience by significantly increasing throughput, network capacity and coverage while reducing interference by:
- Serving multiple spatially separated users with an antenna array in the same time and frequency resource
- Serving specific users with beam forming steering a narrow beam with high gain to send the radio signals and information directly to the device instead of broadcasting across the entire cell, reducing radio interference across the cell.
The weights for antenna elements for a massive MIMO 5G cell site are critical for maximizing the beamforming effect. ML and AI can be used to:
- Identify dynamic change and forecast the user distribution by analyzing historical data
- Dynamically optimize the weights of antenna elements using the historical data
- Perform adaptive optimization of weights for specific use cases with unique user-distribution
- Improve the coverage in a multi-cell scenario considering the inter-site interference between multiple 5G massive MIMO cell sites
ML and AI for Network Slicing
In the current one-size-fits-all approach implementation for wireless networks, most resources are underutilized and not optimized for high-bandwidth and low-latency scenarios. Fixed resource assignment for diverse applications with differential requirements may not be an efficient approach for using available network resources. Network slicing creates multiple dedicated virtual networks using a common physical infrastructure, where each network slice can be independently managed and orchestrated.
Embedding ML algorithms and AI into 5G networks can enhance automation and adaptability, enabling efficient orchestration and dynamic provisioning of the network slice. ML and AI can collect real time information for multidimensional analysis and construct a panoramic data map of each network slice based on:
- User subscription,
- Quality of service (QoS),
- Network performance,
- Events and logs
Different aspects where ML and AI can be leveraged include:
- Predicting and forecasting the network resources can enable wireless operators to anticipate network outages, equipment failures and performance degradation
- Cognitive scaling to assist wireless operators to dynamically modify network resources for capacity requirements based on the predictive analysis and forecasted results
- Predicting UE mobility in 5G networks allowing Access and Mobility Management Function (AMF) to update mobility patterns based on user subscription, historical statistics and instantaneous radio conditions for optimization and seamless transition to ensure better quality of service.
- Enhancing the security in 5G networks preventing attacks and frauds by recognizing user patterns and tagging certain events to prevent similar attacks in future.
With future heterogenous wireless networks implemented with varied technologies addressing different use cases providing connectivity to millions of users simultaneously requiring customization per slice and per service, involving large amounts of KPIs to maintain, ML and AI will be an essential and required methodology to be adopted by wireless operators in near future.
Deploying ML and AI into Wireless Networks
Wireless operators can deploy AI in three ways:
- Embedding ML and AI algorithms within individual edge devices for to low computational capability and quick decision-making
- Lightweight ML and AI engines at the network edge to perform multi-access edge computing (MEC) for real-time computation and dynamic decision making suitable for low-latency IoT services addressing varied use case scenarios
- ML and AI platform built within the system orchestrator for centralized deployment to perform heavy computation and storage for historical analysis and projections
Benefits of Leveraging ML and AI in 5G
The application of ML and AI in wireless is still at its infancy and will gradually mature in the coming years for creating smarter wireless networks. The network topology, design and propagation models along with user’s mobility and usage patterns in 5G will be complex. ML and AI can will play a key role in assisting wireless operators to deploy, operate and manage the 5G networks with proliferation of IoT devices. ML and AI will build more intelligence in 5G systems and allow for a shift from managing networks to managing services. ML and AI can be used to address several use cases to help wireless operators transition from a human management model to self-driven automatic management transforming the network operations and maintenance processes.
There are high synergies between ML, AI and 5G. All of them address low latency use cases where the sensing and processing of data is time sensitive. These use cases include self-driving autonomous vehicles, time-critical industry automation and remote healthcare. 5G offers ultra-reliable low latency which is 10 times faster than 4G. However, to achieve even lower latencies, to enable event-driven analysis, real-time processing and decision making, there is a need for a paradigm shift from the current centralized and virtualized cloud-based AI towards a distributed AI architecture where the decision-making intelligence is closer to the edge of 5G networks.
The Role of CableLabs
The cable network carries a significant share of wireless data today and is well positioned to lay an ideal foundation to enable 5G with continued advancement of broadband technology. Next-generation wireless networks will utilize higher frequency spectrum bands that potentially offer greater bandwidth and improved network capacity, however, face challenges with reduced propagation range. The 5G mm-wave small cells require deep dense fiber networks and the cable industry is ideally placed to backhaul these small cells because of its already laid out fiber infrastructure which penetrates deep into the access network close to the end-user premises. The short-range and high-capacity physical properties of 5G have high synergies with fixed wireless networks.
A multi-faceted CableLabs team is addressing the key technologies for 5G deployments that can benefit the cable industry. We are a leading contributor to European Telecommunication Standards Institute NFV Industry Specification Group (ETSI NFV ISG). Our SNAPS™ program is part of Open Platform for NFV (OPNFV). We are working to optimize Wi-Fi technologies and networks in collaboration with our members and the broader ecosystem. We are driving enhancements and are standardizing features across the industry that will make the Wi-Fi experience seamless and consistent. We are driving active contributions to 3GPP Release 16 work items for member use cases and requirements.
Our 10G platform complements 5G and is also a key enabler to provide the supporting infrastructure for 5G to achieve its full potential. CableLabs is leading the efforts for spectrum sharing to enable coexistence between Wi-Fi and cellular technologies, that will enable multi-access sharing with 3.5 GHz to make the 5G vision a reality.
Moving Beyond Cloud Computing to Edge Computing
In the era of cloud computing—a predecessor of edge computing—we’re immersed with social networking sites, online content and other online services giving us access to data from anywhere at any time. However, next-generation applications focused on machine-to-machine interaction with concepts like internet of things (IoT), machine learning and artificial intelligence (AI) will transition the focus to “edge computing” which, in many ways, is the anti-cloud.
Edge computing is where we bring the power of cloud computing closer to the customer premises at the network edge to compute, analyze and make decisions in real time. The goal of moving closer to the network edge—that is, within miles of the customer premises—is to boost the performance of the network, enhance the reliability of services and reduce the cost of moving data computation to distant servers, thereby mitigating bandwidth and latency issues.
The Need for Edge Computing
The growth of the wireless industry and new technology implementations over the past two decades has seen a rapid migration from on-premise data centers to cloud servers. However, with the increasing number of Industrial Internet of Things (IIoT) applications and devices, performing computation at either data centers or cloud servers may not be an efficient approach. Cloud computing requires significant bandwidth to move the data from the customer premises to the cloud and back, further increasing latency. With stringent latency requirements for IIoT applications and devices requiring real-time computation, the computing capabilities need to be at the edge—closer to the source of data generation.
What Is Edge Computing?
The word “edge” precisely relates to the geographic distribution of network resources. Edge computation enables the ability to perform data computation close to the data source instead of going through multiple hops and relying on the cloud network to perform computing and relay the data back. Does this mean we don’t need the cloud network anymore? No, but it means that instead of data traversing through the cloud, the cloud is now closer to the source generating the data.
Edge computing refers to sensing, collecting and analyzing data at the source of data generation, and not necessarily at a centralized computing environment such as a data center. Edge computing uses digital devices, often placed at different locations, to transmit the data in real time or later to a central data repository. Edge computing is the ability to use distributed infrastructure as a shared resource, as the figure below shows.
Edge computing is an emerging technology that will play an important role in pushing the frontier of data computation to the logical extremes of a network.
Key Drivers of Edge Computing:
- Plummeting cost of computing elements
- Smart and intelligent computing abilities in IIoT devices
- A rise in the number of IIoT devices and ever-growing demand for data
- Technology enhancements with machine learning, artificial intelligence and analytics
Benefits of Edge Computing
Computational speed and real-time delivery are the most important features of edge computing, allowing data to be processed at the edge of network. The benefits of edge computing manifest in these areas:
Moving data computing to the edge reduces latency. Latency without edge computing—when data needs to be computed at a server located far from the customer premises—varies depending on available bandwidth and server location. With edge computing, data does not have to traverse over a network to a distant server or cloud for processing, which is ideal for situations where latencies of milliseconds can be untenable. With data computing performed at the network edge, the messaging between the distant server and edge devices is reduced, decreasing the delay in processing the data.
Pushing processing to edge devices, instead of streaming data to the cloud for processing, decreases the need for high bandwidth while increasing response times. Bandwidth is a key and scarce resource, so decreasing network loading with higher bandwidth requirements can help with better spectrum utilization.
From a certain perspective, edge computing provides better security because data does not traverse over a network, instead staying close to the edge devices where it is generated. The less data computed at servers located away from the source or cloud environments, the less the vulnerability. Another perspective is that edge computing is less secure because the edge devices themselves can be vulnerable, putting the onus on operators to provide high security on the edge devices.
What Is Multi-Access Edge Computing (MEC)?
MEC enables cloud computing at the edge of the cellular network with ultra-low latency. It allows running applications and processing data traffic closer to the cellular customer, reducing latency and network congestion. Computing data closer to the edge of the cellular network enables real-time analysis for providing time-sensitive response—essential across many industry sectors, including health care, telecommunications, finance and so on. Implementing distributed architectures and moving user plane traffic closer to the edge by supporting MEC use cases is an integral part of the 5G evolution.
Edge Computing Standardization
Various groups in the open source and standardization ecosystem are actively looking into ways to ensure interoperability and smooth integration of incorporating edge computing elements. These groups include:
- The Edge Computing Group
- CableLabs SNAPS programs, including SNAPS-Kubernetes and SNAPS-OpenStack
- OpenStack’s StarlingX
- Linux Foundation Networking’s OPNFV, ONAP
- Cloud Native Compute Foundation’s Kubernetes
- Linux Foundation’s Edge Organization
How Can Edge Computing Benefit Operators?
- Dynamic, real-time and fast data computing closer to edge devices
- Cost reduction with fewer cloud computational servers
- Spectral efficiency with lower latency
- Faster traffic delivery with increased quality of experience (QoE)
The adoption of edge computing has been rapid, with increases in IIoT applications and devices, thanks to myriad benefits in terms of latency, bandwidth and security. Although it’s ideal for IIoT, edge computing can help any applications that might benefit from latency reduction and efficient network utilization by minimizing the computational load on the network to carry the data back and forth.
Evolving wireless technology has enabled organizations to use faster and accurate data computing at the edge. Edge computing offers benefits to wireless operators by enabling faster decision making and lowering costs without the need for data to traverse through the cloud network. Edge computation enables wireless operators to place computing power and storage capabilities directly at the edge of the network. As 5G evolves and we move toward a connected ecosystem, wireless operators are challenged to maintain the status quo of operating 4G along with 5G enhancements such as edge computing, NFV and SDN. The success of edge computing cannot be predicted (the technology is still in its infancy), but the benefits might provide wireless operators with critical competitive advantage in the future.
How Can CableLabs Help?
CableLabs is a leading contributor to European Telecommunication Standards Institute NFV Industry Specification Group (ETSI NFV ISG). Our SNAPS™ program is part of Open Platform for NFV (OPNFV). We have written the OpenStack API abstraction library and contributed it to the OPNFV project at the Linux Foundation—“SNAPS-OO”—and leverage object oriented software development practices to automate and validate applications on OpenStack. We also added Kubernetes support with SNAPS-Kubernetes, introducing a Kubernetes stack to provide CableLabs members with open source software platforms. SNAPS-Kubernetes is a certified CNCF Kubernetes installer that is targeted at lightweight edge platforms and scalable with the ability to efficiently manage failovers and software updates. SNAPS-Kubernetes is optimized and tailored to address the need of the cable industry and general edge platforms. Edge computing on Kubernetes is emerging as a powerful way to share, distribute and manage data on a massive scale in ways that cloud, or on-premise deployments cannot necessarily provide.
Mobility Lab Webinar #3 Recap: Inter-Operator Mobility with CBRS
Today we hosted our third webinar in the Mobility Lab Webinar series, “Inter-Operator Mobility with CBRS.” In case you missed the webinar, you can read about it in this blog or scroll down to see the recorded webinar and Q&A below.
Multiple service operators (MSOs) may be motivated to provide mobile services using the new 3.5 GHz spectrum introduced with Citizens Broadband Radio Service (CBRS). However, because CBRS operates low-power small cells to provide localized coverage in high-traffic environments, MSOs may rely on mobile virtual network operator (MVNO) agreements to provide mobile service outside the CBRS coverage area. In this scenario, MSOs will be motivated to:
- deliver a seamless transition,
- minimize the transition time between the home CBRS network and the visitor MVNO network, and
- maximize device attachment to the home CBRS network.
For inter-operator roaming, mobile operators use one of the two 3GPP roaming standards—Home Routing (HR) or Local Break Out (LBO)—to support the transition between a home network and roaming partner visitor networks. The international or domestic roaming agreements between home and visitor operator networks require the two networks to share roaming interfaces, as dictated by the 3GPP-defined roaming models. Because mobile operators are motivated to keep their subscribers on their network as long as possible to minimize LTE offload, they have little incentive to provide open access and connection to MVNO partners. Thus, the CBRS operator and host MVNO operators may have different and opposing motivations.
Our Webinar: Inter-Operator Mobility with CBRS
The “Inter-Operator Mobility with CBRS” webinar provides key findings that may assist MSOs in evaluating the implementation of the two roaming models for CBRS use cases with regards to:
- inter-operator mobility using network-based triggers for connected and idle modes,
- sharing of roaming interfaces,
- Public Land Mobile Network (PLMN) configurations, and
- higher-priority network selection timer.
The webinar also discusses the alternative solutions to network-based transition, such as:
- device transition controlled with an external server and
- enhancing dual SIM functionality.
You can view the webinar, webinar Q&A and technical brief below:
If you have any questions, please feel free to reach out to Omkar Dharmadhikari. Stay tuned for information about upcoming webinars by subscribing to our blog.
5G Link Aggregation with Multipath TCP (MPTCP)
The unprecedented growth of data traffic and the number of connected devices has made it evident that the current end-to-end host-centric communication paradigm will not be able to meet user demand for massive data rates and low latency. The wireless industry is constantly pushing technology frontiers to cope with this increasing user demand.
The advent of the fifth-generation cellular architecture (5G), along with the evolving LTE and Wi-Fi networks, will boost the ability of the wireless industry to support the new connected reality. The heterogeneous environment, with multiple access networks coexisting, will require end devices to connect to all available wireless access networks to efficiently use the available network resources and spectrum. The use of multi-homing by deploying multi-interface connectivity at the wireless edge of the network has become increasingly prominent. One of the most widely adopted, practically implemented multihoming techniques is Multipath TCP (MPTCP). With successful deployments of MPTCP by some wireless operators aggregating diverse wireless access technologies such as LTE and Wi-Fi, the use of MPTCP has been considered a base feature for 5G.
Multipath TCP (MPTCP)
Traditional TCP is a single-path protocol. An established TCP connection is bound to a specific IP address between the communicating nodes. The wireless industry was motivated to come up with MPTCP because all next-generation networks are multipath (where mobile devices have multiple wireless interfaces), data centers have multiple paths between servers, and multihoming has become the norm.
MPTCP, a proxy-based aggregation solution led by Internet Engineering Task Force (IETF), is simply an overlay network to the underlying IP network. MPTCP is an extension of traditional TCP, ensuring application compatibility (i.e., the ability to run applications on MPTCP that run on TCP) and network compatibility (i.e., the ability to operate MPTCP over any Internet path where TCP operates). MPTCP allows multiple paths to be used simultaneously by a single transport connection.
MPTCP in 5G
MPTCP is now an integral part of 5G mobile networks as a standard feature of 3GPP Release 16. The 3GPP 5G mobile core features Access Traffic Steering, Switching and Splitting (ATSSS) and has officially standardized on MPTCP as a foundational capability. ATSSS allows operators to direct traffic through certain access networks, switch traffic across access networks and aggregate traffic over multiple access networks. Continuous user experience with higher throughout is delivered as the mobile device moves around and among access network technologies such as 5G NR, Wi-Fi and others. The following diagram illustrates how ATSSS is integrated into the 5G mobile core and 5G mobile device.
The user equipment (UE), or mobile device, contains the MPTCP client and ATSSS rules, which instruct the UE how to configure and execute MPTCP operations. The 5G core User Plane Function (UPF) contains the MPTCP proxy. Traffic from applications is directed to the UPF, which then invokes multi-path traffic management toward the UE. 5G RAN and WLAN access networks are portrayed above to carry separate MPTCP traffic flows. The UE provides measurement reports to the UPF such that switching, or traffic aggregation balance decisions made by the UPF, can be done with UE input. This completes the MPTCP user traffic management plane.
The Unified Data Management (UDM) contains the mobile subscriptions, which includes ATSSS as a subscribed feature. The Policy Control Function (PCF) applies policy to traffic flows arranged under the MPTCP user plane as managed by the Session Management Function (SMF).
In summary, MPTCP will be a fully integrated and standard feature within 3GPP Release 16. MPTCP implementation can be enhanced with dual connectivity, software-defined networking and segment routing.
MPTCP with 5G Dual Connectivity (DC)
Introduced in 3GPP Release 15, DC is a feature that allows data exchange between mobile devices and the NR base station, with simultaneous connection to an LTE base station when tight interworking is established between LTE and the 5G NR base station.
The current DC architecture does not support backup and packet duplication to address the latency and out-of-order packet delivery issues with DC. The existing DC algorithm needs enhancements to dynamically select the best available path for a given radio condition considering the ongoing traffic and congestion levels to optimally use each radio link.
MPTCP—composed of path manager, schedular and congestion control mechanism—can address these issues. By integrating MPTCP with the DC and 5G protocol stack to make MPTCP implementation aware of all available network interfaces, the full potential of link aggregation can be realized.
MPTCP Path Control Using Software Defined Networking (SDN)
SDN addresses the issue of out-of-order packet delivery with MPTCP when multiple radio links have varying delays by tracking the available capacity and selecting the best available path considering the varying network conditions. With an SDN-enabled network, an SDN application running on an MPTCP client can monitor data rates on connected paths to identify poor links that increase the number of packets that need reordering. The paths with relatively lower capacity can be removed from link aggregation consideration with MPTCP and can be added back with the availability of sufficiently larger capacity. Using an SDN controller, the capacity over multiple radio links can be estimated, allowing MPTCP to dynamically control the sub-flows.
MPTCP with Segment Routing (SR)
Unlike traditional routers, which forward IP packets by looking up the destination IP address in the IP header and find the best path towards the destination from the routing table, SR leverages the source-based routing model. Similar to labels in Multiprotocol Label Switching (MPLS), segment routing uses segments, which are instructions that a router executes on the incoming packet. With SR, the source router chooses a path to the destination and encodes the path in the packet header as an ordered list of instructions (segments).
The flow allocation mechanism of SDN-based MPTCP solutions increases the forwarding rules, consuming a lot of storage resources. Combining MPTCP and SR for traffic management will limit the storage requirements.
The Role of CableLabs
CableLabs is an active contributor to 3GPP Release 16 work items that leverage MPTCP via ATSSS. CableLabs has worked with our member operators to bring contributions into 3GPP that address traffic bonding to fixed customer premise equipment (CPE) and mobile devices for higher performance and service availability. Other use cases of interest include the continuous user experience across access networks. CableLabs has been active in 3GPP to drive member requirements into work items that leverage ATSSS for the sake of member priority use cases and member requirements are now part of the 5G standard in 3GPP Release 16.
Mobility Lab Webinar #3: Inter-Operator Mobility with CBRS
The emergence of spectrum sharing with Citizen Broadband Radio Service (CBRS) has unlocked opportunities for new entrants including traditional multiple service operators (MSOs) to provide mobile service. CBRS networks will use low power small cells which inherently provides short distance coverage and thus target deployment in high traffic areas. Operators will likely have to rely on macro-cell network coverage to compensate for mobile service outside CBRS network coverage. Mobile Virtual Network Operator (MVNO) agreements are a common solution to support this strategy. Mobility and roaming between MSO-owned CBRS network and mobile network operator (MNO) owned licensed LTE network could potentially become a hurdle for MSOs with the need to share roaming interfaces and the need to have mobility parameters configured on both networks.
Inter-operator mobility with CBRS can be achieved with two 3GPP standardized roaming models for inter-operator mobility, each posing different challenges, benefits and tradeoffs to MSOs:
Home Routed (HR)
HR is ideal for MSOs who have a strong relationship with an MNO where sharing multiple interfaces and configuring mobility parameters is not an issue. HR benefits MSOs by enabling seamless connected mode mobility for subscribers while transitioning between the two operators but incurs high latency with user traffic being routed back to the home network.
Local Break Out (LBO)
LBO is ideal for MSOs who desire the least dependency on the MNO and plan to offer only data services with CBRS. Voice service offering with LBO implementation can degrade user experience because service disruption is expected during network transition with no S10 interface sharing. LBO, however, offers efficient routing in terms on bandwidth and latency as the user traffic is serviced by the visitor network.
CableLabs conducted testing to analyze requirements for the two 3GPP based roaming models with regards to network infrastructure, roaming interfaces, mobility configuration and mobility triggers. The testing documents key findings and observations that could assist MSOs to evaluate the benefits and challenges offered by the two roaming models.
Register for our Webinar
CableLabs is hosting another webinar as part of the “Mobility Lab Webinar Series” on “Inter-Operator Mobility with CBRS”, scheduled for April 16th, 2019.
The webinar provides:
- An understanding of 3GPP based network implementations for roaming used for inter-operator mobility along with their benefits and tradeoffs
- An overview of inter-operator mobility testing at CableLabs
- A brief description of alternate implementations that could overcome challenges faced with 3GPP based network Implementations for roaming
- A lab demonstration of connected mode handover using Home Routed (HR) model between MSO owned CBRS network and MNO owned licensed LTE network
In case you missed our previous webinars, you can find them below:
Mobility Lab Webinar Recap: Over-the-Top (OTT) Aggregation
This week, we hosted our second installment of the Mobility Lab Webinar series on “Over-the-Top (OTT) Aggregation.” If you were unable to attend the webinar, you can read about it in this blog or scroll down to see the recorded webinar and Q&A below.
Wireless operators have always been driven to meet increasing user demand by achieving higher data rates and improving quality of service. To fulfill these needs, wireless operators have used various types of carrier aggregation, including several commonly used industry-standard solutions:
- Traditional multi-carrier aggregation
- Aggregating carriers in either licensed or unlicensed spectrum, using a single technology like LTE
- Aggregating carriers by using both LTE in licensed spectrum and Wi-Fi in unlicensed spectrum
Each aggregation solution offers benefits such as higher date rates, improved QoS, more efficient spectrum utilization and enhanced user experience. But these benefits need to be weighed against certain tradeoffs in terms of capital investments, deployment complexities, spectrum and network infrastructure ownership. This may result in barriers for Multiple Service Operators (MSOs) with no cellular infrastructure.
Our Webinar: Over-the-Top (OTT) Aggregation
OTT aggregation is an alternate solution to industry-standard aggregation solutions. OTT aggregation solutions leverage existing cellular and Wi-Fi infrastructures without requiring any significant changes on the network and end-user devices. Thus, OTT aggregation solutions offer an economical approach for an MSO to provide high data rates and improved user experience.
The webinar provides the following:
- An understanding of why aggregation is important
- An overview of traditional aggregation solutions
- A detailed description of OTT aggregation solutions compared with industry-standard aggregation solutions
- An overview of the testing conducted by CableLabs to validate the benefits of aggregation solution on end-user throughput and quality of experience (QoE)
To learn more about this topic, please use the links below:
Stay tuned for information about upcoming webinars. If you have any questions, please feel free to reach out to Wireless Architect Omkar Dharmadhikari.