Case Studies Archive Search Case Studies

Tier-1 Mobile Operator Secures Its 4G-LTE Environment Using F5 Carrier-Class Firewall

As this Tier-1 4G-LTE provider’s network grew, so did its challenge to ensure reliable and scalable security. Exponential growth of advanced devices and 4G-LTE services also strained its security architecture’s ability to handle a rapidly changing threat landscape. Consequently, the company employed F5 network solutions to secure its network with a flexible, highly programmable, and high-performing carrier-class network firewall. 

Business Challenges

 

This Tier-1 service provider is one of the largest global communications companies in the world. It operates both a 3G wireless broadband network and a 4G-LTE network simultaneously, bringing voice and data services to millions of retail and enterprise customers. The company continues to experience a major shift toward customer adoption of smartphones, tablet computers, and machine-to-machine (M2M) devices that has coincided with explosive growth in data services over its network. The carrier’s many data centers host applications such as instant messaging, voice over LTE (VoLTE), video optimization, Transmission Control Protocol (TCP) optimization, multicast, and DNS services. All these are critical in maintaining the quality of the user experience and ultimately the company’s ability to deliver new revenue-generating data services that increase profitability. 

Continued growth in adoption of 4G-LTE devices (and corresponding data usage) had been overtaxing many of the company’s network components, resulting in scalability issues. This not only impacted quality of service for users, but also caused unsustainable increases in capital and operational expenses where the company struggled to keep pace.

This carrier-class service provider relied on legacy network firewalls to secure its data centers and network infrastructure. Over time, the firewalls became a major bottleneck that could not be scaled to meet swiftly increasing broadband data traffic. Specifically, these legacy firewalls were incapable of cost-effectively handling rapid growth in connections to the LTE network and the rate of connections per second.

Security was also a major issue. The company was unable to deal efficiently with the greater number of attacks against its now “all-IP” 4G-LTE (an entirely dedicated IP network). As a result of dealing with these security threats, as well as having to resolve increased latency issues and operational costs, the Tier-1 mobile operator was forced to take action. It needed best-in-class network firewall protection.

“The most important thing is that our F5 carrier-class firewall solution is flexible and extendable across multiple environments and our breadth of platforms and appliances.” Senior ITC Manager, Tier-1 Mobile Operator

Solution

 

To support its network growth, extend security protection to its overall network, and mitigate the increasing threats associated with all-IP technology, the Tier-1 mobile operator turned to F5. The company needed a network firewall solution that provides high capacity and scalability, low space and power requirements, and the ability to handle high traffic throughput. The solution would have to support IPv6 capabilities that align with legacy IPv4 and offer the lowest total cost of ownership (TCO) structure.

To meet these goals, the carrier selected the F5 VIPRION 4800 chassis and F5 BIG-IP 5200 appliances built on F5’s TMOS full proxy architecture. The 4800 devices were deployed in their Gi-LAN environments, and the 5200 devices were deployed in other traditional data center environments. (Gi-LAN is the interconnection reference point between a mobile network and the Internet.) “The most important thing is that our F5 carrier-class firewall solution is flexible and extendable across multiple environments and our breadth of platforms and appliances,” says a senior ITC manager at the Tier-1 mobile operator. “In addition, the programmability of the platforms allows us to deploy the firewall solution in a variety of environments.”

Continues the manager, “The F5 solution enabled 10:1 footprint consolidation, 80 percent power reduction, and seven times the scalability growth of the incumbent solution.” This will be delivered through VIPRION 4800 chassis, VIPRION 4340 blades, and BIG-IP Advanced Firewall Manager (AFM), along with F5 BIG-IQ Device and BIG-IQ Security

“The F5 solution enabled 10:1 footprint consolidation, 80 percent power reduction, and seven times the scalability growth.” Senior ITC Manager, Tier-1 Mobile Operator

Benefits

 

The Tier-1 mobile operator was able to increase firewall performance significantly in all its data centers and scale easily to meet demand cost-effectively. A unified F5 platform made these benefits possible.

Increased data capacity

In a typical data center within the Tier-1 operator’s network, the company is able to increase firewall performance significantly to meet the rapidly changing traffic usage characteristics associated with 4G-LTE services. With its F5 carrier-class firewall solution, the company is now achieving 20 percent greater throughput while supporting an increase in the number of concurrent connections by a factor of 12 and the number of connections per second by a factor of 22. 

Lower power and hardware requirements

Their previous firewall solution required significantly more rack units and electrical power. The company’s new firewall configuration with the F5 solution now operates with only 10 percent of the previous space requirement and with 80 percent less power.

Stronger security with flexible multilayer operation

This new, more cost-effective solution offers the ability to mitigate multilayer distributed denial-of-service (DDoS) threats by leveraging the F5 carrier-class platforms and related F5 Software-Defined Application Services (SDAS). These include a carrier-class network firewall that the carrier has deployed in the Gi-LAN in multiple data centers that host a variety of applications and services. This encompasses DNS services, web application firewall services, and high-performance SSL capabilities.