F5 Gets Into Policy Enforcement

F5 Networks Inc. is getting more serious about policy control, seeing it as a way to get more involved with helping mobile operators create new services such as premium access. The BIG-IP Policy Enforcement Manager (PEM), due to be announced Tuesday, is applicable to any network, but F5 is emphasizing its utility in mobile networks, partly because the company thinks it can tap mobile operators' rising interest in value-added services and in network functions virtualization (NFV). The fact that Mobile World Congress is coming up might be a factor, too, but there's no doubt policy-based services are important to mobile operators. Some customers have been adding policy functions to BIG-IP hardware or software by using iRules, F5's scripting language. But these weren't particularly sophisticated policy applications: They comprise things such as lists of URLs that needed special treatment, says Sean Duggan, an F5 director of product management. So, now, F5 wants to offer more complex policy enforcement as a product, making it an option in the intelligent services framework. That's the general term for F5's combination of services -- including firewalls, domain name services (DNS) and network-address translation (NAT) -- that can be packed onto one platform. It's now also starting to include elements of Service Provider Information Technology (SPIT). PEM is a Policy and Charging Enforcement Function (PCEF), putting F5 in competition with Allot Communications Ltd., Sandvine Inc. and Cisco Systems Inc. PEM monitors traffic and applies policy accordingly -- making sure a gold-package user gets the promised level of access, for instance. Asked via email whether deep packet inspection (DPI) is involved (a PCEF can involve DPI but doesn't have to), F5 answered indirectly, saying PEM can "identify applications and protocols that are being used in the network," as Product Marketing Manager Misbah Mahmoodi describes it. A PCEF has to work with a Policy and Charging Rules Function (PCRF), and Mahmoodi points out F5 has completed interoperability testing with other vendors' PCRFs. Asked whether F5 might offer its own PCRF eventually, Mahmoodi replies that F5 "will continue to leverage its strong partnerships with PCRF vendors in service provider deployments." So, what would make F5's PCEF any more worthy than those already on the market? F5 says it can offer PEM to its installed base as a software add-on, rather than adding another box to the network. F5 also points out it can augment PEM with the other capabilities the company already provides. One would be the ability to steer traffic, letting operators offer services without having to send all traffic to the requisite network elements. Take the example of video optimization. Early architectures have all the traffic going through, say, a video optimizer, even though maybe 6 to 10 percent of the traffic can actually be helped by the video optimizer. F5's framework could siphon that "6-to-10 percent of the traffic that the video optimization system can add value to," Duggan says. PEM can also tie to network functions virtualization (NFV), because BIG-IP can ask the network to add more processors or memory to a particular task. In other words, it tells an orchestration system to spin up more virtual machines. In its London technology center, F5 is demonstrating that capability in conjunction with Skyfire Inc., and the company expects to bring that demo to Mobile World Congress. In the demo, PEM notices when video traffic increases, and it tells the orchestration system to generate virtual instances of the Skyfire engine, then withdraw them down when usage decreases. For more

— Craig Matsumoto, Managing Editor, Light Reading