INDUSTRY INSIGHTS
LTE Equipment Evaluation:
Questions for Operators
• What is the maximum packets
per second rate that can be
encrypted/decrypted without
packet loss?
• What is the average packet size
required by the network today?
• What PPS will be required to
handle future network traffic
needs?
Recommended Criteria
• Maximum encrypted packets
per second
• Throughput (Gbps) for
encrypted traffic at several
packet sizes
• Average packet size used for
capacity calculations
• Additional equipment needed
to sustain line rate
throughput at a future
average packet sizes.
Considerations and Selection Criteria
Higher Performance Requirements
Unfamiliar LTE equipment, increased architecture complexity with small cells, Wi-Fi
integration, network sharing arrangements, rising subscriber traffic and new OTT
applications – all have created an unpredictable traffic environment for network
operators. A number of operator network outages have recently been publicized,
symptoms of network vulnerabilities not previously foreseen by the operator
despite diligent planning and testing. These outages and the higher uncertainty
regarding the likelihood of further traffic incidents illustrate how vital it is to
incorporate additional performance requirements for all LTE network elements.
As the #1 deployed LTE security aggregation equipment provider, Stoke has
encountered and overcome specific challenges arising from the new architecture
and traffic patterns. The following questions, considerations and recommendations
for operators evaluating LTE network equipment have evolved from this
deployment experience.
What is the maximum encrypted PPS?
Network engineers most often refer to the performance of network devices by
using the speed of the interfaces expressed in gigabits per second (Gbps).
Although this is useful and important information, Gbps alone does not adequately
cover other, perhaps more, important network device performance metrics.
For LTE network aggregation equipment, where encryption/decryption is needed
and the device is under a high network load, maximum encrypted Packets per
Second (PPS) should also be included in performance evaluations.
The maximum encrypted PPS defines the equipment’s packet processing and
forwarding limits for encrypted (e.g., IPsec) packets. As packets get smaller, the
packet arrival rate increases and more packets must be simultaneously forwarded
by the equipment in a given period. Additionally, when IPsec is added, the
equipment must also manage the processor heavy encryption or decryption duties
 before forwarding them.

Equipment with a higher maximum encrypted PPS can encrypt/decrypt higher

arrival rates of incoming packets and forward them more quickly, without
introducing latency or dropping packets.

Why is maximum PPS an important metric?

Both Gbps and PPS are performance metrics that impact scalability and cost, and
should be known by the operator. By identifying the maximum PPS, operators can
better understand how the equipment will perform under the full range of peak
traffic conditions and packet sizes found in the network, and how quickly network
equipment will need to be augmented to sustain network throughput as average
traffic characteristics change.

If the incoming packet arrival rate of the packets exceeds the PPS processing limits
of the equipment, packets will be dropped or delayed, causing retransmission,
“When the incoming packet latency, or jitter. Overall throughput will decline and additional capacity required.

arrival rate (packets per second) Calculation of Theoretical PPS – Standard 10 GigE Interface
exceeds the processing limits of The theoretical maximum packets per second can be quickly calculated from Gbps,
the equipment, packets will be for a given packet size. In Figure 1, the theoretical packets per second are
dropped or delayed, causing calculated for a 64 byte packet, assuming eight 10GigE interfaces at full capacity
retransmission, latency, or jitter." delivering traffic at 80 Gbps, including encryption and other overhead. Figure 1 is
simply a mathematical calculation on theoretical maximum and does not include
other equipment design limitations that can impact the actual packets per second
that an operator would achieve.

Theoretical Packets per Second

Gigabits per Second 80
GigaBytes per Second (Gbps/8) 10
Packet Size (Bytes) 64
Preamble + InterFrame Gap (Bytes) 20
IPsec Overhead (Bytes) 58
Total Bytes per Packet 142
Total Packets per Second (millions) 70
Figure 1. Example PPS calculation, assuming 64B encrypted packet at 80 Gbps.1

Figure 2 uses the above formula to calculate PPS at multiple packet sizes, both
encrypted and clear. As shown in Figure 2, at 80 Gbps, the maximum theoretical
PPS at 64 byte encrypted packets is 70 million. At 1,518 byte encrypted packets,
only 6 million PPS rate is possible. The impact of IPsec overhead is also clearly
illustrated. If all 80 gigabits delivered packets were 64 byte packets, 119 million

1
Assumes ESP/AES128/SHA1

Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001 2
 could be delivered per second if clear (not encrypted), compared to 70 million
encrypted.

"… the smaller the packets, the

higher the PPS rate, and
therefore, the more packets need
to be forwarded by the
equipment."

Figure 2. Theoretical packets per second by packet size, in 80 Gbps2

As can be seen, the smaller the packets, the higher the PPS rate, and therefore, the
more packets need to be forwarded by the equipment.

Example #1: Encrypted PPS Calculation - 17 Gbps Security blade

Most published data sheets for network nodes state a maximum throughput at a
specific packet size, but do not provide the maximum encrypted packets per
second (PPS) rate or Gbps for multiple packet size. However, by applying the
mathematical calculation described previously, the maximum PPS rate at different
packet sizes can be estimated, given the published Gbps and packet size for the
equipment.

For example, a security blade data sheet for a large infrastructure provider lists a
maximum throughput of 80 Gbps (8x10 GigE ports) and the maximum encrypted
(IPsec) throughput of 17 Gbps, assuming a 512 byte average packet size. Using
the published 17 Gbps as a starting point, Figure 3 shows the calculation for the
maximum encrypted PPS.

Security Blade Example #1

Max. IPsec Average Calculated Maximum
Max. Throughput
Throughput Packet Size Encrypted PPS

2
Theoretical IPSec PPS calculated on 80GigE pipe consisting of 100% of given packet size, with 78B added for encryption (58), IFG (12), and preamble (8). For example:
80,000,000,000 / ((64 + 20+58) * 8) = 70.4 million PPS for 64 byte (payload) packet. For clear channel, IFG and preamble overhead only are added – 20 bytes.

Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001 3
 80 Gbps 17 Gbps 512 Bytes 3.6 million*
*Calculation: 17,000,000,000 / ((512+20+58) * 8) = 3,601,694
Figure 3. Maximum Encrypted PPS estimated from maximum throughput.

At 17 Gbps maximum IPsec throughput and 512 byte packets, the maximum
throughput possible is 3.6 million PPS, including encryption and other overhead.

What is the average packet size required in the network today?

Operators must evaluate network equipment capacity limits using the average
packet size needed by the network, not published by the vendor. If the average
packet size of the network traffic is smaller than the average packet size published
in equipment datasheets, then operators need to adjust equipment needed for the
"If the average packet size of the
expected capacity requirements accordingly.
network traffic is smaller than the
Every operator network is different and average packet sizes can vary even within a
average packet size published in
single network. The example following uses the same security blade parameters
equipment datasheets, then
and shows the impact on throughput if the average packet size is 384B, 256B, or
operators need to adjust
64B, rather than the 512 average assumed on the datasheet.
equipment needed for the
Example #2: 17 Gbps Security blade – Throughput by Packet Size
expected capacity requirements
accordingly." Using the security blade example in Figure 2 with a maximum throughput of 17
Gbps and a maximum PPS of 3.6M, Figure 4 converts the 3.6M PPS to Gbps, at
three additional average packet sizes.

Security Blade Example #2

Maximum Encrypted Estimated

Average Packet Size
PPS Throughput3
512 Bytes 17 Gbps
384 Bytes 13.3 Gbps
3.6 Million
256 Bytes 9.6 Gbps
64 Bytes 4.1 Gbps
Figure 4. Conversion of maximum PPS to Gbps, by packet size.

If the average packet size needed by the network is actually 384 bytes instead of
512 bytes, then the security blade only provides 13.3 Gbps of capacity, not the 17
Gbps maximum.

Example #3: 17 Gbps Security Blade - Capacity Implications of 384B Average

Figure 5 shows that the throughput and available capacity of the security blade
(assuming 3.6M PPS, 17 Gbps@512 B packet), will decline 35% when the actual
network average packet size is 384, not 512 bytes.

Security Blade Example #3

3
Example Gbps calculation: 3.6 M packets * (384 Bytes + 78B)* 8/1,000,000,000 = 13.3 Gbps

Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001 4
 PPS Average Packet Size Throughput Capacity Impact
512 Bytes 17 Gbps -
3.6 M
384 Bytes 13.3 Gbps 35%

Figure 5. Example - Decline in capacity with actual average packet size of 384B

In order to sustain the original 17 Gbps throughput, an additional blade (or

chassis) would need to be added.

If the actual network average packet size is different than the average used to
calculate published Gbps, or if it changes over time, additional equipment can, of
course, be added to augment throughput capacity. However, adding equipment
increases costs for equipment as well as for power, space, and maintenance.
Clearly, PPS and throughput by packet size are important metrics for accurate
network dimensioning.

What PPS rate will future network traffic require?

Increase in demand, changes in mix of device types and applications used, as well
as integration of voice will increase peak loads and decrease average packet size.
This in turn, increases the packet arrival rate or packets per second that network

"As more real-time services are equipment needs to process.

used in LTE networks, average With VoLTE and other real time services, any performance delays in the network
packet size carried by the are very noticeable by the subscriber. Therefore, the latency requirements for real-
network will be smaller. Network time services are higher than for browsing or file downloads. As more real-time
aggregation nodes will need services are used in LTE networks, average packet size carried by the network will

ultra-fast encryption/decryption be smaller. Network aggregation nodes will need ultra-fast encryption/decryption
to minimize latency and prevent a poor user experience. Figure 6 shows typical
to minimize latency and prevent a
packet sizes for mobile applications.
poor user experience."
Mobile Broadband Applications4 Typical Packet Sizes

VoIP / VoLTE 64B

Video Streaming (mobile) 256B
Web Browsing (HTTP) 384B
File Download/share 512-1,518B
Figure 6. Typical packet sizes for common applications.

Mobile network traffic, of course, includes a mix of all of these applications, and
the average network traffic composition is unlikely to ever be only one application
type. However, mobile broadband traffic can surge or spike on any number of
events or applications, making peak traffic at any specific location at any given
time quite different than the typical network average. Equipment that provides
higher PPS can provide additional insurance against such extreme network

4 Source: Journal of Network and Computer Applications, “Application classification using packet size distribution and port association”.

Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001 5
 conditions.

Will VoLTE decrease average packet size?

VoLTE is a small part of mobile broadband traffic today, but the shift to
incorporate voice is happening quickly. Over the last year, VoLTE has seen usage
growth rates of 101%, and most operators expect to offer VoLTE in the next 1-2
years.5 VoLTE does not need to be a large percentage of the total traffic to have
an impact on average packet size. When voice traffic is increased by just an
additional 7% of total traffic, average packet size drops 25%, from 512 to 384
bytes (Figure 7).

"When voice traffic is increased

by an additional 7% of total
traffic, average packet size drops
25%…"

Figure 7. 7% more voice decreases average packet size by 25%

Operators planning for near term scalability will have to consider the additional
capacity requirements that VoLTE will have on LTE aggregation nodes and other
equipment.

Recommended Evaluation Criteria

As operators prepare RFPs or conduct other LTE equipment evaluations, they

should include packets per second as part of their evaluative criteria and carefully
consider how well the equipment will perform and scale under future network
traffic conditions, such as changes in average packet size.

Figure 8 illustrates the performance impact of maximum packets per second rate
as packets get smaller, using the security blade example. If the average packet
size decreases from 512 to 384, throughput declines 35%. The performance limits

5 Source: Allot Mobile Trends Report

Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001 6
 of the equipment can be defined at 64 bytes, where throughput declines as 75%.

"As operators prepare RFPs or

conduct other LTE equipment
evaluations, they should include
packets per second as part of
their evaluative criteria…"

Figure 8. Maximum PPS reveals the performance limits of the equipment.

To fully evaluate the scalability and performance of LTE security gateway

equipment, the following specifications should be requested from vendors:

• Maximum (encrypted/IPsec) packets per second

• Throughput (Gbps) for encrypted traffic at several packet sizes, including

the highest (1518B), lowest (64B) and midrange (512B)6

• Average packet size used by vendor for quoted throughput and PPS
capacity numbers

• Additional equipment needed to sustain line rate throughput at a smaller

packet size.

6
In RFC 2544, the IETF recommends that seven standard frame sizes (64, 128, 256, 512, 1024, 1280 and 1518 byte) be tested multiple times, for a specified length of time.
This is because all these frame sizes are used in the network and so the results for each must be known. http://www.ietf.org/rfc/rfc2544.txt

Stoke, Stoke Session Exchange and the Stoke logo are trademarks of Stoke, Inc. Copyright © 2012 Stoke, Inc. All rights reserved. Lit# 150-0013-001 7