Telecom giant scales out security for 5G-rollout with A10 Networks Thunder CFW

Telecom giant scales out security for 5G-rollout with A10 Networks Thunder CFW

When a Middle East telecom giant needed at-scale protection to safeguard its 4G and 5G mobile networks, it turned to A10 Networks. The telecom leader wanted a high-performance, scalable andagile solution for its Gi-LAN firewall that would deliver high throughput to support tens of millions of subscribers.

Introduction
This premier service provider in the Middle East offers a broad variety of ICT solutions and digital services to consumers and businesses. Thirty million people rely on its mobile, fixed and Wi-Fi services to stay connected to the world, and the company also offers a broad range of IT, cloud and cybersecurity solutions to businesses.


Challenge
With digital connections an essential part of people’s personal and work lives, 4G traffic on the provider’s mobile network was rising sharply. An innovator, the telecom company launched 5G in 2019 and plans to build the largest 5G network in the Middle East.
The telecom giant needed at-scale protection to safeguard its 4G and 5G mobile networks.
The company had long relied on another vendor to provide firewall and carrier-grade network address translation (CGNAT) services for the GiLAN segment of its mobile network. But as traffic volumes steadily climbed, the performance of the firewalls began to lag.
Limited throughput and degrading connections per-second performance could expose the network to attacks or an unsatisfying subscriber experience. But staying the course meant purchasing entirely new firewalls from the vendor. That required a large upfront capital investment, and bigger hardware also would consume more valuable space, power and cooling, adding to OPEX.
The telecom leader wanted a high-performance, scalable and agile solution for its Gi-LAN firewall that would deliver high throughput to support tens of millions of subscribers.


Selection criteria
Like many service providers, this company deployed different Gi-LAN service functions on independent devices. But ultimately, this architecture makes the Gi-LAN more complex and inflexible.
Instead of a traditional monolithic architecture, the provider investigated the value of a scaleout architecture with NFV. NFV provides many advantages in the virtualisation of network functions and the ability to develop infrastructures that are more flexible and scalable with a lower TCO.
Consolidating its Gi-LAN service functions, including firewall and CGNAT and leveraging both physical and virtual infrastructure, would drastically improve agility, reduce latency and deliver greater performance
The service provider engaged in a rigorous proof of-concept test to determine whether a scaleout architecture and A10 Networks Thunder CFW (Convergent Firewall) met its stringent performance requirements. Ultimately, the company chose Thunder CFW for its throughput, scalability and flexibility of the virtualised and physical platforms.
The provider uses other A10 Networks solutions, including offering A10 Networks vThunder Virtual Appliance to customers as part of its cloud service.


Solution
Thunder CFW consolidates Gi/SGI firewall, CGNAT, application visibility and intelligent traffic steering, which enables the service provider to provide carrier-class security while also improving operational efficiency.
The virtualised Thunder CFW solution delivers 100 Gbps of performance, far higher than similar solutions. The ultra-high performance and hyperscale Gi/SGi firewall has a rich set of features to protect subscribers and shield mobile networks. High-performance CGNAT enables the provider to protect its investment in its IPv4based infrastructure while transitioning to IPv6.
Layer 7 application visibility enables granular policy enforcement and control, enabling the service provider to support different customer service levels. Intelligent traffic steering also supports differentiated services. Support for GPRS Tunneling Protocol (GTP) protects the mobile core against GTP-based attacks initiated from the radio access network or IP exchange networks.
The engineering and operations team uses the A10 Networks Harmony Controller to centrally manage its Thunder CFW physical appliances and virtual instances. With Harmony Controller, the team can automate the deployment and operations of application services and simplify troubleshooting and management. Integrated analytics help the team visualise the GiLAN security posture for enhanced operational efficiency.
A10 Networks professional services worked side-by-side with the service provider’s architecture and engineering team. The A10 team has a deep understanding of the customer’s needs and environment based on previous engagements. The professional services team is highly skilled not only in A10 Networks solutions but others too, making the migration to A10 Networks smooth.


Results
Deploying Thunder CFW in a scale-out approach enabled the service provider to optimise the performance, security and cost of its 4G mobile network and to meet its aggressive plans for 5G. It can add capacity as needed simply by spinning up additional virtual instances. It didn’t need to make a large upfront CAPEX investment now to accommodate its throughput needs five years in the future. Those savings can be reinvested in innovation.
With Thunder CFW, the provider has a consolidated and secure Gi-LAN solution that provides comprehensive mobile core infrastructure and an effective shield against attacks. With a scale-out approach, Thunder CFW enables the provider to deliver superior performance to support ultrahigh bandwidth 5G applications and services. And superior levels of visibility can help the team optimise the network.


Success and next steps
As the provider aggressively rolls out 5G in the Middle East while maintaining its excellent 4G subscriber experience, it can count on Thunder CFW for a high-performance, scalable way to protect its mobile infrastructure, delivering an exceptional mobile experience for consumers and businesses alike.

Browse our latest issue

Intelligent CISO

View Magazine Archive