Intelligent Data Plane Control & Policy Enforcement for MVNOs.การควบคุม Data Plane อย่างชาญฉลาด และบังคับใช้ Policy สำหรับ MVNO
Sub-millisecond rule evaluation, granular traffic classification and dynamic QoS — running elastically on virtualized nodes and integrated directly with the host MNO.
ประเมิน Rule ใต้มิลลิวินาที จำแนกประเภท Traffic อย่างละเอียด และ Dynamic QoS — ทำงานบน Virtualized Nodes แบบ Elastic เชื่อมต่อโดยตรงกับ Host MNO
Policy and Charging Enforcement Function (PCEF)ฟังก์ชันบังคับใช้ Policy และการชาร์จ (PCEF)
The PCEF is the central enforcement point for every subscriber session on the data plane. It intercepts and inspects data flows — applying operator-defined rules for charging, QoS shaping, traffic steering and fair-use controls — all in real time, at the network edge.
Cipher Telecom's PCEF deploys as a virtualized network function (VNF) on commodity x86
infrastructure. It evaluates bearer-level policy decisions in
sub-millisecond latency, using rule sets pushed from the PCRF via the
Gx interface. Every subscriber session is managed individually — no shared
policy bleed between customers.
Key enforcement capabilities
- Dynamic rule binding — PCC (Policy and Charging Control) rules are downloaded per bearer, per session, from the PCRF.
- Volume quota tracking — real-time per-subscriber data consumption metered against purchased bundles.
- Traffic steering — route selected application flows (e.g. video, VoIP) over preferred paths or dedicated slices.
- Zero-rating — exempt specified destination IP ranges from quota deduction (partner content, free-data campaigns).
- Fair-use policy execution — automatically throttle subscribers who exceed fair-use thresholds without requiring manual intervention.
Deep Packet Inspection (DPI)การตรวจสอบ Packet เชิงลึก (DPI)
DPI is integrated at the data-plane edge, co-located with the PCEF. It classifies every flow at Layer 7 — identifying applications, protocols and content categories in real time — without requiring the MVNO to maintain custom signatures manually.
Application-aware traffic management
- Application detection — classifies streaming, social, gaming, VoIP, P2P and thousands of specific applications from a continuously updated signature database.
- Zero-rating application routing — after classification, identified flows are marked and handed to the PCEF for zero-rating or preferential treatment.
- Parental-control and content filtering hooks — DPI verdicts feed downstream filtering policies without requiring separate inline appliances.
- Usage analytics export — per-subscriber, per-application byte counters exported to the MVNO's analytics stack via IPFIX / NetFlow v9.
PCRF / PCF Integrationการผสานระบบ PCRF / PCF
The Policy and Charging Rules Function (PCRF) — or its 5G equivalent, the PCF —
orchestrates the rule sets that the PCEF enforces. When a subscriber's usage crosses
a threshold, when a promotion activates, or when a bearer is established, the PCRF
reacts in milliseconds, pushing updated rules over Gx.
Dynamic QoS and bandwidth control
- QCI / 5QI class assignment — assign Quality of Service Class Identifiers per application category or per customer tier.
- Bandwidth throttling — enforce MBR (Maximum Bit Rate) and GBR (Guaranteed Bit Rate) per APN or per service profile.
- Specialized data bundles — product managers configure add-on data packs, roaming rules and time-of-day policies from the control plane without a code change.
- Interworking with OCS — PCRF communicates with the Online Charging System over
Gx/Gyfor unified charging and policy control.
Gi / SGi Interface & Carrier-Grade NATInterface Gi / SGi และ Carrier-Grade NAT
The Gi interface (4G) / SGi interface (LTE-A / 5G-NSA) is the boundary between the MVNO's packet core and the public internet. Our platform manages high-capacity IP pools and performs Carrier-Grade NAT (CGNAT) to translate private subscriber IP addresses into routable public internet addresses.
CGNAT supports both Port Address Translation (PAT) and full-cone NAT modes, with per-subscriber port block allocation for lawful-intercept compliance. NAT mapping logs are exportable for LEA handover.
Gi / SGi quick-ref
Interface Specifications
| Interface | Protocol / Standard | Counterpart | Purpose |
|---|---|---|---|
| Gx | Diameter · 3GPP TS 29.212 | PCRF ↔ PCEF | Policy rule provisioning |
| Gy | Diameter · 3GPP TS 32.299 | OCS ↔ PCEF | Online credit control |
| Gz | GTP-C · 3GPP TS 32.295 | OCS ↔ PCEF | Offline charging data records |
| Gi / SGi | GTPv1-U · RFC 5405 | PCEF ↔ Internet | Data-plane breakout to public IP |
| S1-U | GTPv1-U · 3GPP TS 36.412 | eNodeB ↔ PGW-U | User-plane tunnel from RAN |
Core Network Approach: Cipher vs. Alternatives
| Feature | Cipher Telecom | Legacy HW Vendor | Open-Source DIY |
|---|---|---|---|
| DPI integrated with PCEF | ✓ Built-in, same VNF | ◐ Separate appliance add-on | ◐ Manual integration required |
| Sub-ms rule evaluation | ✓ Guaranteed p99 | ✓ Yes | ✗ Depends on tuning |
| Zero-rating via DPI verdict | ✓ Native, no add-on | ◐ Requires PS work | ✗ Custom dev needed |
| CGNAT built-in | ✓ Included | ◐ Separate license | ◐ Separate daemon |
| Scales on commodity x86 | ✓ Yes | ✗ Proprietary blades | ✓ Yes |
Frequently Asked Questions
Q.01 What is a PCEF and why does an MVNO need one?
A Policy and Charging Enforcement Function (PCEF) is the data-plane element that enforces subscriber-level rules on every packet flow. An MVNO needs a PCEF to implement data bundles, throttle fairuse violators, zero-rate partner content, and report usage to the billing system in real time. Without a PCEF, the MVNO has no granular control over how subscribers consume data — it is a mandatory core element for any MVNO with differentiated service tiers.
Q.02 What is the difference between PCEF and PCRF?
The PCEF is the enforcement point — it sits inline on the data plane and physically applies rules (throttling, blocking, zero-rating) to packet flows. The PCRF is the decision point — it calculates which rules apply to which subscriber at which moment, and pushes those decisions to the PCEF over the Gx interface. The PCEF does what it is told; the PCRF decides what to say.
Q.03 How does Deep Packet Inspection work and what is it used for in an MVNO?
Deep Packet Inspection (DPI) examines packet payloads up to Layer 7 (application layer) to identify the application or content category of each flow — for example, Netflix, WhatsApp, or BitTorrent. An MVNO uses DPI to enable zero-rating (not counting specific app traffic against data quotas), enforce content filtering, prioritize video streaming QoS, and generate per-app usage analytics for business intelligence.
Q.04 What is CGNAT and why do MVNOs need it?
Carrier-Grade NAT (CGNAT) translates private IPv4 addresses assigned to subscribers into a smaller pool of public routable IP addresses at the Gi/SGi interface. MVNOs need CGNAT because the IPv4 address space is exhausted — buying a public /24 per subscriber is economically impossible. CGNAT allows thousands of subscribers to share a small public IP pool, while port-block allocation preserves per-subscriber traceability for lawful intercept compliance.
Speak with a Core Network Architect.พูดคุยกับ Core Network Architect
We will walk through your subscriber growth forecast, MNO interface requirements, and produce a sizing spec — all in a single working session.
เราจะพาคุณผ่าน Forecast การเติบโตของผู้ใช้บริการ ข้อกำหนด Interface MNO และสร้างเอกสาร Sizing — ในการประชุมเดียว