Oct 19, 2011

Converged Network Traffic: Why You Should Test Wireline Networks with Mobile Traffic

by Chris Adams

Last week it was announced that mobile phones and tablets in the United States now outnumber the people living here. This astonishing statistic is also a bit sobering for enterprise IT organizations, which are now dealing with millions of devices outside of their control and huge growth in converged wireline and wireless network traffic. This growth was detailed in Sandvine’s Spring 2011 Global Internet Phenomena Report, as well as in a series of blog posts from AT&T highlighting the need to secure mobile enterprise traffic as a risk management effort.

Given the market trends we're seeing, it makes sense to assume that even more usage will shift to WiFi networks as mobile operators implement more tiered data plans and bandwidth caps. And as tablet computers and smartphones are adopted even more, they'll add more traffic to these networks. Network operators need to test their network and security infrastructures specifically to understand how mobile traffic interacts with existing non-mobile traffic and how their infrastructures will be affected by that.

Mobile Traffic Is Ubiquitous—and Evolving Rapidly

Large enterprises are used to seeing some wireless traffic on their infrastructure, but in the past this would typically come from laptops and BlackBerry devices. Many of the networking and security issues raised by these devices are well understood by now. But now network operators are being forced to deal with traffic from more devices (iPhones, Androids, etc.) that looks much different than its wireline counterpart. This traffic has different session characteristics, and it adds to the complexity of an already difficult job for enterprise network security staff.

Unfortunately for enterprise IT staff, many of these new devices do not yet have adequate security management capabilities, and they create additional complexity with the huge variety of applications available from their respective app stores. Enterprise networks must deal with not only the management and provisioning of these devices and the growing mobile malware threat, but also the traffic from specific mobile applications traveling over their wired infrastructures.

Three Reasons Why Mobile Traffic Must Be Treated Differently

IT departments can no longer ignore the flow of mobile traffic across their fixed networks. Here are three reasons why.

1. Mobile Users Behave Differently. Let's consider the 800-pound gorilla: Facebook. According to the company's most recent statistics, more than one-third of its 750 million active users access the service with mobile devices. Not only that, but these users are twice as active as non-mobile users. This represents a massive amount of traffic—and it's traffic that follows different patterns. Rather than primarily consuming downstream traffic as in fixed networks, mobile applications also send large amounts of user-generated content upstream. Fixed network operators need to be prepared to handle more traffic like this since they have traditionally relied on asymmetric traffic ratios that are heavily downstream.

2. Mobile Traffic Looks Different at the Application Layer. Simply put, Web application traffic looks different in its mobile and non-mobile forms. For starters, mobile sites and applications frequently make use of APIs and SSL, both of which make their traffic look significantly different from traffic from a traditional browser. To stay with the example of Facebook, we see almost exclusive use of HTTPS with the official iPhone client. While Facebook did switch to HTTPS for all browser logins and gave users the option to use HTTPS for all Facebook activity, it appears that mobile will lead the way for Facebook with regard to full HTTPS.

On top of that, the traffic from Facebook's official mobile applications differs from one platform to another. The iPhone application uses the deprecated REST API, while the Android client uses the newer Graph API. Because of this, any network operator—or vendor of deep packet inspection (DPI) equipment—who thinks it knows what Facebook traffic looks like needs to make sure it has covered all of the permutations, both wired and wireless.

Also keep in mind that some mobile services don't even have fixed equivalents. Take the popular Instagram application, for example. It has more than 10 million users and is growing by 500,000 users each month. The concept is very simple: users take photos on their iOS devices, process them in the app, and then share them on social networks. Such a session looks like two HTTP POST requests to the respective servers: one to upload the photo, and the other to share it. This is a great example of how mobile traffic is different from fixed traffic, and it ties directly to the larger volume of upstream traffic described above.

3. Mobile Traffic Has Different Session Characteristics. Even if we set aside Layer 4-7 traffic, Layer 2-3 sessions are also different for mobile devices. Just take a look at Google's findings [PDF]. Using data from Google's Mountain View WiFi mesh network, researchers were able to accurately categorize different types of devices on the network based on session duration and bandwidth consumption. Among them were smartphones, the majority of whose sessions were 10 minutes or less but had throughput of up to 100 MB. This was in contrast to laptop users, whose average session lasted over an hour—but the majority of these did not consume significantly more data. Again, this study focused on link layer access, not network or transport layer sessions. This shows how mobile device traffic has unique characteristics that span all layers.

Test Your Infrastructure with Both Wireless and Fixed Application Traffic

Since the panoply of mobile devices and traffic is rapidly growing and changing, greater attention needs to be paid to resiliency—and especially security—at the infrastructure level. The broad range of application traffic these devices create and their own respective vulnerabilities can yield unpredictable results if they are ignored or treated just like the traffic coming from non-mobile sources. Testing in advance with real-world conditions is the only way to ensure that your network is ready for this surge of wireless traffic—and that your organization is not exposed to greater risk. This is true for both enterprises and service providers.

Lately, we've been expanding our coverage of application protocols (150+ and counting) with mobile versions of popular applications such as Facebook, Twitter, iTunes, and YouTube. Every BreakingPoint CTM allows you to easily mix traffic flows for both mobile and fixed applications. You can then combine them with live mobile malware in a single simulation to create the testing conditions you need.

How is your network or device going to perform with this mix of wireless and wireline traffic? How will your enterprise deal with the growing threat of mobile malware affecting all devices? Don't just assume that your infrastructure can handle all the traffic it will face—test it!

Related Content:

Tags: