There are many aspects of 5G environments that are challenging for establishing visibility. The first example may be the most obvious- 5G is promising an extreme growth in the amount of data being generated. All forecasts for 5G environments indicate that there will be an explosive growth in data, full stop. Cutting edge smart use cases, the proliferation of IoT environments, and a growing reliance on mobile technology for communications and media consumption will all generate a massive amount of data that 5G networks will serve up and host. Given this incoming data storm, does it make sense moving forward with current visibility approaches? Current solutions largely center around the concept of “grab all packets”, or at the very least are "packet centric". Will this approach continue to be sufficient given the enormous amount of data within 5G?

It is hard to argue that it will. Even if we gloss over the challenges of using packet centric solutions to "get at" data being exchanged within 5G microservices, packet based approaches will further compound the problem of increased data in 5G. In many instances entire networks would have to be mirrored in order to continue down the path of packet centric visibility, essentially doubling the amount of data in the network.  

The times they are a changin'...

The visibility/observability/"call it what you will" market seems to have reached an inflection point that is being driven by the tremendous shift in the telco industry to move from hardwired solutions to true containerized/virtualized environments. Now may be the time for industry to reassess how visibility is achieved, especially when considering exactly how 5G environments are architected. 5G SA networks are true microservices-based environments where entities communicate via RESTful API messaging. Messages are absolutely central to how 5G environments work. The pressing challenge for 5G visibility is no longer how to best leverage packets- it is now a problem of how to best leverage messages. Another way of looking at it is that visibility is no longer a packet brokering problem, it is a message brokering problem. Packets are by no means going away- they will very much be needed for troubleshooting and forensic purposes- but, are packet based solutions sufficient in providing a holistic view into microservices and API exchanges? Or will solutions that can fully instrument microservices, and leverage the messages moving within and between said services be better positioned to lead the charge forward for visibility in the era of 5G? 

Play nicely...sandbox2

To expand a bit more on this topic, it is important to note that the shift to containerized, microservices-based networks is quite the shift for the vendor community that serves the telecommunications industry. Telcos have long lived in a hardwired world where perhaps a single vendor provided the entire end-to-end stack. This is no longer the case. Due to the push to containers that 5G is embracing, the number of vendors present within any end-to-end network is increasing significantly. Cloud-native principles have allowed 5G to establish a new landscape for vendors selling solutions into the space. All solutions need to be containerized and also need to play nicely with others in the 3GPP sandbox. Formerly accustomed to being the monolithic single throat to choke hardware provider, these vendors are now tasked with evolving into software companies that no longer "own the stack", but are just one among many.

Telcos are increasingly embracing a best of breed mentality with their network function (NF) vendor selection...there are often many vendors present in the Core, MEC, and O-RAN that are providing the best solution for any particular NF. The ripple effect into the visibility market is that MNOs are now challenged to ensure visibility is consistent across all players in the environment. All of these NF vendors provide some level of visibility into their own product offerings, however, telcos may be hesitant to take on the challenge of stitching together 10+ different monitoring solutions (one from each vendor). Third party solutions that can instrument multi-vendor containerized environments, without requiring NF vendor participation, may have a chance to shine given the current landscape. 

What about encryption?...

encryption

So what other challenges are present when considering visibility options for 5G? One of the most glaring is the heavy use of encryption (TLS 1.3 specifically) not only for user plane data within these environments, but also control plane. Questions are being asked of 5G visibility companies around how they can address the “encryption challenge” of 5G SA systems.
Do they rely on complex key management and decryption engines? If so, what types of resources do I need to allocate to those components on top of the resources I am already tasked with running the actual production environment on? What will my resource tax be? My performance impact?

Again we find ourselves back at the conversation of pivoting away from resource intensive packet-centric approaches and turning towards message-centric solutions. Any packet based solution for visibility will include some sort of decryption engine in the offering, will need resources to perform full packet captures, and will likely also require a key management system. The ramifications on production resources will be high, and the amount of data being copied and generated will be profound. Don't forget about scalability concerns as clusters grow and scale back as well!

There are message based solutions, such as the MantisNet Containerized Visibility Fabric (CVF), that are able to handle the "encryption problem" in a unique way. By focusing on messaging and setting event hooks, our eBPF-driven CVF agents can access plaintext payloads PRIOR to any packetization, and thus encryption. The plaintext is directly published into analytic solutions without the need for any decryption engines, key management systems, or the resource intensive process of capturing packets. It also scales fluidly by leveraging k8s principles (deploys as a daemonset), and can grab plaintext payloads from any NF vendor in the environment without requiring participation or approval from the vendors. This approach may be better positioned than trying to shoe-horn a packet based approach into an environment being operated under cloud-native principles.

When considering this dynamic of "packets vs messages" I find myself again thinking of the word "sufficient". Yes packets still (and always will) have importance, and yes you can likely still find a way forward by relying on packets, BUT will this be "sufficient" for your cloud-native needs? 

My $.02...

The list of challenges for 5G visibility is much longer, but the above highlighted issues represent some of the most pressing obstacles facing the telco industry when considering where 5G roll outs are today. We are very much in the "get your hands dirty" portion of the 5G deployment curve where providers are rolling out solutions in more earnest and starting to address the hard problems...including visibility. My humble opinion is that MNOs/MVNOs/system integrators should take a step back and look at the problem from a more simple vantage point. Does it make sense to continue to rely on packets to monitor a cloud-native environment? Or will we be better positioned moving forward if the visibility solution for our cloud-native environment is actually cloud-native itself? 
Mike Fecher

Written by Mike Fecher

Mike's a leader in developing client solutions for data center infrastructure, cybersecurity, and network visibility. He has worked with commercial telecom providers, the US Intelligence Community, and various other government agencies to help implement data-centric solutions.

 
 
 
 
 
 
 
 
 
 
 
 
11160 C1 South Lakes Drive, Suite 190 Reston, VA 20191 (571)306-1234 info@mantisnet.com
© MantisNet 2024