Containerized 5G Infrastructure Visibility
A discussion of how CVF provides visibility and observability of network functions in cloud native and containerized 5G network environments.
Join the DZone community and get the full member experience.Join For Free
Cloud native and containerized architectures are becoming the de facto design standard for 5G networks and applications. In the telecommunications industry, the players are focused on building out 5G Stand Alone (SA) deployments to deliver the promise of faster connection speeds to enable IoT, medical, and autonomous use cases – not to mention improved communications, support for streaming real-time content, and the promise of myriad new applications and services. In working with Tier 1 operators, MVNOs, and analytics providers, we are encountering a staggering issue: they can no longer adequately monitor, correlate, and measure critical network and application communication events at the container level and across the infrastructure.
As we have illustrated through our demonstrations and proof of concept deployments of our Containerized Visibility Fabric (CVF) with telco and related technology suppliers, the most common phrases we’re hearing during the engagements are:
"Wow! This is showing us what we've been trying to manage around and lets us capture and correlate events we can't currently see [between and within containers]."
- VP Engineering, Responsible for service assurance solutions at a leading 5G MNO
Or another common one is:
"Until now, we haven't found a solution that can provide visibility into encrypted data exchanges occurring across SBA NFs [network functions]."
- VP Product, Visibility and Analytics company
When the task of observability or even basic visibility into containers or cloud-native communications within these environments is approached, we come across organizations that are trying to retro-fit legacy visibility solutions to accomplish only what a true cloud-native observability solution is able to do or they’re relying on service mesh metrics or the deployment of management tools to provide some form of instrumentation into these environments. Clearly these workarounds aren’t sufficient, scalable, or sustainable for the service levels that 5G environments must meet and begs the following questions:
- How can you best manage network and application bottlenecks when you can't:
- see critical elements/functions.
- see the events they generate
- correlate the corresponding events with the resulting network and application communications.
- How can you dynamically identify, measure, and manage these quickly provisioned and decommissioned (ephemeral) resources?
So, here's how we propose to provide visibility and observability into these containerized environments with the CVF. Using eBPF technology and advanced in-node processing, the CVF provides detailed, continuous, real-time introspection and processing of events when and where they occur. The CVF is event-driven, modular, and composable; meaning CVF functions can be activated when and where they are needed. The resulting telemetry is produced in a serialized metadata format and continuously published/streamed in real-time via a message bus, using an open publish-subscribe architecture. This approach supports continuous visibility into ephemeral resources, dynamic topology inventory, flow statistics, protocol decoding, as well as the capture and filtering of network communications that is foundational for any security, infrastructure monitoring, or management applications. Additionally, due to the cloud-native nature of CVF, it is 100% software driven and it provides significant cost and scalability benefits as compared to legacy visibility solutions.
Dynamic Topology and Inventory
Since the cloud enables seamless scalability and elasticity, these cloud-native and containerized resources are also subject to explosive provisioning and decommissioning of services to carry out the telecommunications data flow – generally that quick provisioning and decommissioning has been difficult to inventory and view until now.
When deployed in a 5G environment, the MantisNet CVF agents provide a dynamic topology visibility (see image above) of the containers that make-up the services. Not only providing visibility, but keeping track of the dynamic and ephemeral inventory and the topology of those services as they are used (resources created/tasked) to support myriad network functions and services.
The importance of these capabilities are just beginning to gain serious attention.
In the above picture: the gray entities represent different portions of the 5G network from the RAN, MEC through to the Core/SBA- with the lines representing the network interfaces interconnecting them. The various dots represent the containerized and/or virtualized containers, virtual ethernets, subnets, and root namespace interfaces.
Attribution for Security, Application, and Network Performance
Since the CVF agents dynamically discover and monitor all the resources and machines that they are associated with and that are in use, this exposes the network events that are occurring AND provides attribution of these events to a known source of origin. The data streamed from the CVF agents is streamed to the management analytics workflow to provide real-time data that can be used to identify bottlenecks, pinpoint security concerns, and correlate performance issues across the cloud infrastructure.
Another example, as shown in the screenshot below, is taken from a Free5GC demo environment. In the graphic, we see the UE generated activity traversing the network from RAN to MEC/Core, demonstrating the capability of the CVF to monitor all activities down to the network function. Since low latency is a heralded characteristic of 5G, as having visibility into performance issues on the control plane is critical to maintaining the performance of the entire environment. In this example, which illustrates the AMF talking to the SMF, you can see messages in both directions ('RX' and 'TX' components) for visibility into the performance as the activity is occurring.
An additional benefit of the CVF is the in-node processing of network traffic or events where they occur. The CVF agent(s) can be deployed anywhere and directed to perform traffic/event filtering, packet capture, CNflowSM function, and TLS 1.3 session metadata extraction. This in-node processing capability means you can perform those activities – in-line – without having to offload network/application data to a different cloud to perform analysis, potentially incurring egress, storage and additional compute costs.
When it comes to the Core Service Based Interfaces (SBI) our ability to overlay and capture encrypted traffic and provide the plaintext (payload) is proving to be a valuable solution to the problem of SBI management.
Since the CVF resides on the network and can observe kernel-level events, and produce them in a form that can be correlated and easily ingested into follow-on systems that puts the engineers and architects in the driver’s seat to better observe anomaly detection, lateral movements and performance issues are available that would otherwise have to “bubble up” to a higher layer of analytics. These capabilities at the kernel-level enable faster detection and identification of issues that can save significant amounts of time and critical resources.
We are finding that clients really appreciate the CVF for its simple, non-intrusive network deployment that provides highly valuable network and application telemetry when and where it's needed to manage and maintain 5G network services.
Published at DZone with permission of Marshall England. See the original article here.
Opinions expressed by DZone contributors are their own.