Secure links between the access and core network
For a Communication Service Provider, it is critical to secure the traffic from the remote base-stations sites coming into the core network. Traffic is transported over a range of different technologies on connectivity infrastructure that may be supplied by 3rd parties.
Traffic needs to therefor be encrypted. Also as physical security may be compromised where the base-station is installed, the access gateway receiving traffic needs to validate the authenticity of the traffic.
SOLUTION
Backhaul Security Gateway
This solution focuses on securing the access traffic with high performant encryption and decryption capabilities. The eNodeBs establish a VPN tunnel to the Backhaul Security Gateway over the X2 interface. The traffic from the base-stations to the core will be secured with IPsec regardless of transport method, and at the core network a highly scalable efficient backhaul gateway is needed to decrypt all the traffic before enabling communication with the core network nodes. Certificate authentication is built in to validate nodes and prevent unauthorized access. This prevents rogue eNodeBs to connect to the network. CMPv2 – Certificate Manager Protocol v2 compliancy ensures compatibility with eNodeB from all major vendors. The Backhaul Security Gateway may also be used to check inside the GTP signalling in order to validate its contents
It is tempting to use dedicated hardware to manage decryption and encryption of traffic. In modern virtualized networks however, this will hurt the advantages that NFV/SDN bring, including elasticity, dynamic scaling and sharing of hardware resources. Virtualised performance is therefor of major importance and will be aided by compatibility with new technologies such as Intel Quick Assist Technology.
Clavister Service-Based Firewall Report
Heavy Reading Analyst Jim Hodges explains why traditional firewalls are not sufficient for architectures prepairing for 5G and Next Generaiton Core networks.
Topics covered in this white paper include
- How the 5G Service Based Architecture (SBA) core network and associated capabilities such as 5G slicing will drive new security enforcement firewall functionality
- The security firewall requirements associated with managing the 5G cloud-distributed new radio (NR) access network
- The implication of these technologies on existing cloud-based Firewall as a Service (FWaaS) deployments
- Clavister’s product strategy for dealing with these new service-driven firewall requirements
BENEFITS
1
High performance virtual IPSec encryption and decryption
2
Rouge eNodeB protection
3
Elastic scaling with NFV/SDN networks
Use Cases included in this solution
Reliable Secure VPN
Connecting branch offices and remote locations securely and cost effectively
READ MOREControl Signalling Validation
Gateway function for specific signalling validation including GTP and SCTP
Products
Virtual Models
High performance virtualized security gateways designed for new carrier networks based on NFV/SDN.