Nokia Deepfield: Service providers need to engineer more network headroom

Nokia Deepfield's latest report finds that while network traffic is somewhat stable as of September, there will be more spikes over the holiday season. (Pixabay)

Service providers need to continue engineering more headroom on their networks to prep for future uncertainties, according to Nokia Deepfield.

Service providers across Europe and North America were able to weather the increased bandwidth demands on their networks during the height of the Covid-19 pandemic, but an expected spike in holiday-related traffic and a surge in the coronavirus will keep them on their toes.

Over the course of several weeks during Covid-19 pandemic, some carriers saw bandwidth increases of up to 45%, according to Nokia Deepfield CTO Craig Labovitz. Overall, most service providers saw traffic increases of 30% to 50%, which Labovitz noted was typically the headroom that service providers built into their networks each year.

By September, traffic had stabilized at 20% to 30% above pre-pandemic levels, with further seasonal growth to come over the next few months. In the U.S., the overall network traffic normalized at a little over 30% above pre-pandemic levels by September

From February to September, there was a 30% increase in video subscribers, a 23% increase in VPN end-points in the U.S., and a 40% to 50% increase in DDoS traffic.

"Hopefully, the pandemic will one day go away and we'll have a vaccine," Labovitz said. "But one of the changes we're seeing is structural. There may actually be changes in usage behaviors as well as the ways we've been engineering the internet—for example upstream, downstream bandwidth—that may be systemic, and last long after the pandemic is gone."

RELATED: Nokia Deepfield: Network traffic stabilizes to 25% more than pre-coronavirus pandemic levels

Gaming, video streaming and videoconferencing have all driven spikes in upstream usage during the pandemic. Labovitz said traditionally network engineers built their networks to provision 80% of the capacity on the downstream and the remaining 20% on the upstream, but that ratio will be revised going forward. Upstream traffic grew by over 30% mainly due to increased messaging and videoconferencing

"What's also been true throughout the pandemic is it's not just traffic volume," Labovitz said. "We've particularly seen pressure on service providers, such as more service calls, and so on, as they've tried to deal with more latency and jitter sensitive applications like gaming and video conferencing, whereas video  is far less sensitive.

"So it's been interesting watching the mix of applications as they reflect traffic peaks, but also as they reflect the demands on the network latency and loss particularly in the upstream."

During the pandemic, there was a marked increase in distributed denial-of-service (DDoS) traffic. The latest Nokia Deepfield Network Intelligence Report found that aggregated data from five large service providers showed DDoS traffic exceeded pre-pandemic levels by 40% by April. That increase was due in part to a boom in online gaming and more abuse of DDoS amplifiers across Europe and North America. 

"In some cases, it has been proportional to the overall growth in traffic. For example, there's more traffic so there's more DDoS attacks," Labovitz said. "In some cases, it's proportional to the increase in gaming traffic. Specifically, because gamers attack each other trying to win their game matches, it has always been a significant source of DDoS.  We have seen some of the DDoS attacks tied to just the growth gaming traffic.

"But systemically and structurally, we have also seen IoT attacks increase. This trend started before the pandemic but may now be accelerating as people invest more in their homes. And certainly the number of compromised IoT devices are growing at a very marked clip, leading to both a much larger platform for DDoS as well as other security threats."

According to Nokia Deepfield, malware infections on IoT devices increased 100% in a year. IoT video cameras were one of the primary attack vectors.

Data from latest Network Intelligence Report was gathered from network service providers across Europe and North America from February to September 2020.