Attention, Service Providers!

As we already read in our previous article, Infoblox delivers essential technology enabling customers to manage, control and optimise DNS, DHCP, IPAM (collectively, DDI). Infoblox prides itself in its patented Grid technology that helps businesses automate complex network control functions to reduce costs while increasing security and uptime.  Ultimately, Infoblox aims to deliver actionable network intelligence to its customers, which range from government organisations to commercial service providers.

As the industry leader in the DDI space, the company provides control and security from the core—empowering organisations to increase efficiency and visibility, reduce risk and in turn, improve their own customer experience.

Today’s revenue landscape for any enterprise in the technology space is all about signing on and offering more services to its subscribers. Here, we highlight how Infoblox in particular, is able provide a granular level of visibility to its customers because it can associate identity to traffic. This enables policy enforcement and identification of security incidents per subscriber, which is especially pertinent in its solutions to service providers.

Infoblox has worked out a pre-packaged Subscriber Services, whereby service providers can easily implement one or more services to increase revenue, improve performance, reduce security risk and exceed customer expectations. It includes:

  • Infoblox Subscriber Parental Control – increase revenue with powerful content control by allowing/blocking content categories for different subscribers at the discretion of the admin/parent.
  • Infoblox Subscriber Insight – improve security by reducing the risk of malware propagation by identifying individual subscriber ID with malware infection or users visiting specific domains.
  • Infoblox Subscriber Engage – increase revenue or reduce costs by contacting individual subscribers with customer care messages, ad insertions, or targeted marketing campaigns.
  • Infoblox Subscriber Policy Enforcement – create value-add services by offering different security packages to subscribers at different levels and prices to protect users.

Historically, many services providers such as telcos have built value-added subscriber services using legacy approaches such as traditional deep packet inspection (DPI) tools and proxies. These tools effectively look at heavy network packets that come across with various vendors producing the hardware that sits in line on the network to do that.

While these approaches can support subscriber services, there are major challenges – including limited scalability, extensive performance impacts and blind spots of individual user details. Furthermore, with the advent of 5G, traffic volume will become so gargantuan that affordability will become an issue for the telcos. They have to now think of pre-filtering bad traffic instead.

More Cost-effectiveness by Leveraging Existing Infrastructure

In contrast to standalone solutions such as DPI tools or proxies for subscriber services, a DNS-based approach leverages existing core networking infrastructure to provide the extended visibility, content control and security to end users. This greatly reduces the massive up-front investments otherwise needed, to provide value-added offers in a more cost-effective, pay-as-you-grow approach.

Higher Scalability by Limiting Required Footprint

As the number of subscribers increases and resources move closer to the end user, service providers cannot just throw a linear number of legacy boxes at the problem. In general, a DNS-based approach is 10 to 100 times more scalable than DPI approaches because it is more flexible and has less demanding deployment options. Since it acts on the DNS signalling path and only redirects a small portion of traffic instead of all user traffic, scalability is greatly improved over traditional approaches that analyse all in-line traffic.

Less Performance Impact via Targeted Analysis

With traditional approaches, the overall quality of experience is negatively impacted because all traffic is analysed regardless of whether the user is a paid subscriber or not. Processing unnecessary traffic creates an impact that is felt by all users. With a DNS-based approach, service providers can leverage powerful DNS-caching capabilities and can provide a much better first connection experience because only the traffic from specific customers is analysed, reducing the overall impact. In addition, DNS-based services improve performance by filtering encrypted traffic without the need for decryption of user-plane traffic.

Improved Intelligence with Enhanced Visibility

With over 80 percent of web traffic being HTTPS, traditional approaches lack visibility due to encryption, and they cannot identify individual users. This is common when multiple users are connected via in-home WiFi. With the DNS-based approach, service providers have complete visibility since DNS is universal and eliminates the need for decryption. Service providers can identify users, regardless of whether they are behind WiFi routers or in-home hotspots.

Unified Services for Fixed and Mobile Access

With legacy approaches, service providers typically focus on mobile users only and ignore fixed-access subscribers for value-added services because the bandwidth requires an exorbitant number of proxies. Since the DNS-based approach has better scalability and segmentation of subscribers and non-subscribers, providers can now offer convergent subscriber services for fixed and mobile access. This greatly improves revenue potential and provides differentiation against competitors.

As with our prior article, what better way is there to understand how Infoblox worked – in this case, for a large service provider – than to finish this article with a case study.

The Customer

Ooredoo is a Qatar-HQ international communications company delivering mobile, fixed, broadband Internet, and corporate managed services tailored to the needs of consumers and businesses across Middle East, North Africa and Southeast Asia. Formerly known as Qtel Group, the company has a customer base exceeding 100 million globally and revenue of around USD 9 billion (2015), making it one of the fastest-growing telcos in the world.

 The Challenge

As a premier provider in Qatar, Ooredoo was rapidly expanding its customer base. While this was great from a business perspective, the company’s IT division began to take note of the strain being place on its fixed core network, which was essential to its fiber to the x (FTTx) offerings. In particular, the limitations of the telco provider’s DHCP solution were becoming more prominent with each addition to the customer base.

“We started with a solution from a smaller company that wasn’t quite carrier grade. But when our user base in Qatar surpassed the 250,000 mark back in the day, it simply wasn’t good enough and started to cause stability issues,” says Salem Moh Al-Marri, senior director, Core Networks, Ooredoo.

Besides this, the vendor was simply unable to provide the level of support expected of a world-class telecom provider. Faced with the risk of customers being unable to connect due to system instability, Salem’s team began to evaluate new DHCP solutions.

Stability, security, scalability and proactive local support were identified as the key criteria for the new solution. The company also recognised this as an opportunity to address consolidation. At the time, it was providing each of its enterprise customers with dedicated on-premises DHCP, which added to both the cost and complexity of the network. The new solution must therefore be able to centralise this in a reliable and efficient manner.

Ooredoo made a thorough study of analyst reports and consulted with the IT teams of other telco operators, which led it to select the Infoblox DDI solution. “Not only was the Infoblox solution carrier grade and fit for purpose; it promised a high degree of scalability, which meant it would aid our rapid growth,” says Salem.

 The Infoblox Solution

Under the guidance of Infoblox and Al-Falak, the vendor’s integration partner, Ooredoo began the rollout of Infoblox DHCP servers at two of its sites. In two weeks, these servers were deployed at the sites in load-balancing mode. As each of the Infoblox DHCP servers is capable of generating 1020 IP addresses per second, this gave the team a significant upgrade in performance over their previous non-carrier-grade solution. Furthermore, the use of two DHCP servers added a level of robustness and guaranteed high availability.

After thorough testing verified that the implementation could successfully meet all project requirements, Infoblox delivered intensive training to Ooredoo’s next-generation network team. This included in-depth hands-on sessions on the solution’s powerful management and reporting tools.

 The Results

The carrier-grade solution easily meets Ooredoo’s performance and scalability requirements, thus resolving previous stability challenges. “Customers no longer face connectivity issues related to DHCP instability, and this has increased customer satisfaction while driving down the number of helpdesk calls,” Salem says. Having only two DHCP servers as opposed to a distributed set-up has effectively eliminated the maintenance challenges that Ooredoo’s operations team used to face.

Thanks to the comprehensive management and reporting tools now available, the team has ready access to a wealth of knowledge that aids compliance, troubleshooting and future planning. “We can easily generate detail-rich reports with vast amounts of statistics. This helps us pre-empt trends and make modifications to our network as necessary. Given our forecasted growth, this is of vital importance,” he says.

Convinced by the solution’s performance and reliability, the telecom provider can consolidate its DCHP infrastructure to eliminate the need for individual DHCP servers deployed on the premises of its enterprise customers. This convergence will further reduce Ooredoo’s network-management overhead.

As the operator expands the scale and functionality of its FTTx network, Ooredoo will also leverage the Infoblox solution to serve its customer-premises and IPTV customers. “Through all this, we know that we can expect the full support and expertise of the Infoblox team, which gives us confidence to stay on track with our ambitious expansion plans,” Salem concludes.