For the past couple years, we have been inundated with statistics about the explosive growth of mobile data. Along with this, we are seeing a decrease in voice revenues. This realization is creating an increasing gap between average revenues per user (ARPU) and network infrastructure costs that are needed to build and support the next generation networks such as LTE. In response to the trend to display these statistics, the service providers need to find new ways to monetize their networks through innovative revenue models.


These models usually focus on two scenarios. One is the implementation of value-added services (VAS) such as premium services that the subscriber is willing to pay extra for. Some examples might be parental controls or enhanced security services. The other is the ability to deliver improved quality of experience (QoE) for certain services such as video optimization or QoS for priority traffic like VoIP. The scenarios translate to happier customers and less churn.

Steering Without Reconnecting

The ability to implement these services depends on the ability to differentiate the content for any given subscriber and steer that content in a transparent fashion to a service that can benefit the subscriber the most. As an example, a subscriber can sign up for an enhanced security service that delivers virus and spam detection for content sent and received. To achieve this service, the service provider will use a context inspection engine to identify the type of traffic being uploaded or downloaded by the subscriber. If the content type falls in a category that requires virus or spam protection such as SMTP, POP3, HTTP, or IMAP mail, the session is steered to an anti-virus and anti-spam proxy that inspects the traffic in detail and cleanses the content if necessary by marking and quarantining the suspicious content for final subscriber validation.

Intelligent Traffic Steering

For this to occur seamlessly, it is important to be able to steer the content without requiring user intervention or significantly altering the user experience. To properly steer this content transparently, it is necessary to act as a L4 proxy.

The inspection and steering engine needs to hold the layer 4 connection until the content that needs to be inspected arrives, which is after the TCP handshake. One the content steering decision has been made, a new TCP connection can be established with the destination service. If this is not done, the session needs to be reset with a request to steer the new connection to the service disrupting the connection and forcing the application to close the old request before establishing the new one. This is usually done through a 3xx HTTP redirect, but if the application is not using HTTP as a transport method, there may be issues to force application to reestablish the session with the VAS solution.

Alternate inspection solutions such as deep packet inspection (DPI) are transparent and only act as layer 2 pass-through devices and have this limitation because they typically do not proxy the L4 connection. They do not have the ability to redirect a connection without impacting the application and increasing the latency of the delivery of the content since they are required to force the connection to be closed and reestablished.

Quality is Content Dependent

To be able to adjust the QoS of the content, it is necessary to understand the context of the content being accessed and how the subscriber’s mobile profile reflects how that traffic should be prioritized. This requires the ability to gain insight into the subscriber profile via the subscriber database such as the PCRF in a mobile environment.

Prioritization can be done by selectively throttling traffic based on content or adjusting QoS marking technologies like DSCP or TOS values. This becomes critical as providers deliver services such as VoLTE where voice traffic might need to be guaranteed for emergency services. Only when the context of the session is determined in conjunction with the subscriber’s profile can these decisions be made.

Proxy = Flexibility

A full proxy is better designed for these network architectures as service providers continue to look for models to leverage the content that subscribers are accessing and finding ways to enhance the experience through VAS optimization solutions and premium services that they can offer. The ability to steer traffic based on content inspection transparently without any disruption to the application is essential for a positive customer experience and enhanced revenue possibilities to ensure that the service provider network is able to support current and future requirements.