Virtual Appliance for Telecom

High performance security gateways

Virtualized Security for Telecom

The Clavister Security VNF (Virtualized Network Function) for telecom networks uniquely combines high-performance, scalability and carrier-grade features.

Leveraging the benefits of SDN (Software Defined Networks) and NFV (Network Functions Virtualizations), communication service providers are estimated to reduce operational costs (Opex) with 60% and Capital investment costs (CapEx) with 40%.

The benefits are attractive but moving from legacy networks to a more dynamic and complex Cloud environments can be challanging. The Clavister Security VNFs ensures that security is maintained also in the new generation of telecom networks without having to worry about hardware sprawl or performance bottlenecks.

High Performance for SDN/NFV Networks

Thanks to the modern multi-core architecture and tight integration with the latest technologies from Intel the Clavister Virtual Stream Series is able to achieve extreme performance in virtualized mobile networks using Software Defined Network (SDN) and Network Function Virtualization (NFV) technologies.

License models are available with specifications up to 40 Gbps of Plaintext firewalling and 20 Gbps of IPsec throughput which makes the VSS ideal for high performance networks such as the Evolved Packet Core (EPC) and for backhaul security purposes.

Deployment Scenarios

One of the great advantages with the Clavister Virtual Stream Series is the wide range of deployment scenarios it supports.

Thanks to the ability to run on standard hypervisors from vmware and KVM and the close-knit integration with technologies from Intel it is possible to use the Clavister VSS in high-performance environments such as the Evolved Packet core just as well as on a light-weight and multi-purpose appliance close to the actual users.

Centralized LTE SEG in Evolved Packet Core

  • VSS deployed in Evolved Packet Core (EPC)
  • Dedicated hardware resources
  • Scales seamlessly with hardware resources
  • Utilizes COTS hardware
  • Centralized architecture
  • Provides LTE SEG IPsec termination

FW and LTE SEG in Mobile Edge Cloud (MEC)

  • VSS deployed in multiple RAN sites
  • Shared hardware resources
  • Distributed and scalable architecture
  • Secures intra-vm communication
  • Provides LTE SEG IPsec termination
  • Provides Intelligent Mobile Data 
    Offloading (IMO) over WiFi networks

Design and Highlights

  • High Performance

    The Virtual Stream Series are high performing products capable of providing both plaintext firewalling and VPN capacity beyond what most traditional hardware and/or ASIC based products can.

    Thanks to built-in support for Intel SR-IOV and the unique multi-core architecture performance figures in the range of 40 Gbps can be achieved on COTS hypervisors such as vmware ESXi and KVM

  • LTE 3GPP - NDS Compliance

    The Clavister Virtual Stream Series is designed to secure critical telecom infrastructures and are compliant with the 3GPP - Network Domain Security requirements.

    The Clavister VSS fully complies to the LTE 3GPP specifications [RD:1][RD:2] providing security for LTE tranport over the S1-U interface, the S1-MME interface as well as the X2 interface

  • Unified Telecom Security Features

    The Virtual Stream Series are purpose built for demanding telecom solutions and includes features to manage use case scenarios such as:
    • LTE Backhaul Security
      S1-U, S1-MME, OOB-O&M for eNodeBs
    • Packet Core Networks
      Gi Firewalling, Gn Firewalling and Gp Fireawlling

  • Flexible License Models

    To ensure best possible balance between revenues and costs there are several license models within the Virtual Stream Series. This means that customers can start with a smaller license while the needs are lower and upgrade to a more powerfull license when the network capacity grows.

    Changing from one license model to another is a simple task and only requires changing a license file. No more fork-lift upgrades or up-front heavy investments!


Firewall Performance* (Gbps) 5 10 20 40
VPN Performance (Gbps) 2,5 5 10 20
Concurrent Connections 1M 2.5M 5M 10M
Concurrent VPN Tunnels (IPsec) 2,000 3,000 5,000 10,000
Ethernet Interfaces Up to 3 Up to 5 Up to 7 Up to 10
Virtual Interfaces (VLAN 802.1q) 256 512 1,024 2,048
Virtual Routers 50 100 200 500
Support for High Availability (HA) Yes Yes Yes Yes
Minimum available memory for the virtual machine 2 GB 2 GB 4 GB 8 GB
Minimum recommended number of allocated CPU cores 2 2 4 8
Minimum available storage 2 GB
Clavister cOS Clavister cOS Stream
  • * Firewall Performance is based on RFC 2544. Actual performance may vary depending on network conditions, number of activated services and host hardware capabilities.


Name Description Date

This product brochure describes the capabilities of Clavister Virtual Stream Series using cOS Stream 3.00.

  • 1

What Are You Waiting For?

Download product brochure or contact us