Mobile Network Security (SDN/NFV)

Robust and High-Performance Security VNFs

Security VNFs for the Telecom Cloud

The Clavister Security VNF (Virtualized Network Function) for telecom networks uniquely combines high-performance, scalability and carrier-grade features.

Leveraging the benefits of SDN (Software Defined Networks) and NFV (Network Functions Virtualizations), communication service providers are estimated to reduce operational costs (Opex) with 60% and Capital investment costs (CapEx) with 40%.

The benefits are attractive but moving from legacy networks to a more dynamic and complex Cloud environments can be challanging. The Clavister Security VNFs ensures that security is maintained also in the new generation of telecom networks without having to worry about hardware sprawl or performance bottlenecks.


Natively designed for Virtualization - SDN/NFV

To meet the unique requirements and demands from the Telecom Cloud, using Virtualization technologies such as SDN/NFV, the Clavister Security VNFs offers these key capabilities:

  • Fully Virtualized
    Clavisters Security VNF is completely software based and natively built for virtualization and is compatible with most hypervisors on the market, including KVM and VMware.

  • Orchestration and Management

    The Clavister Security VNF executes seamlessly in Telecom Cloud environments and frameworks such as Openstack.

  • Extensive Eco-system
    To ensure smooth integration of the Clavister Security VNFs in a telecom cloud, Clavister cooperates and integrates with leading vendors in the market, including: Nokia, Intel, Red Hat, Windriver, vmware, Openstack and others.

Market Leading Performance

Thanks to the modern multi-core architecture and tight integration with the latest technologies from Intel the Clavister Security VNF is able to achieve extreme performance in virtualized mobile networks using Software Defined Network (SDN) and Network Function Virtualization (NFV) technologies.

License models are available with specifications up to 120 Gbps of Plaintext firewalling and 40 Gbps of IPsec throughput which makes it ideal for high performance networks such as the Evolved Packet Core (EPC) and for backhaul security purposes.

Scalable Business Model

To achieve optimal flexibility in a dynamic and cloud based infrastructures, Clavister offers a unique business model that enables scale-up and scale-out in a cost effective manner.

No matter if your network security architecture requires one or one hundred Security VNFs, you only pay for the maximum capacity needed throughout the entire network.

Clavister Hawkeye – in combination with the Clavister Security VNFs – keeps track of maximum available capacity and simplifies license management.

Compared to physical network security appliances, this means both lowered entry-level investments and total cost of ownership.

Telecom Use-Cases

Designed for Telecom

The Clavister Security VNFs has been purpose built and optimized for telecom networks. In close collaboration with several leading industry partners, robustness, features and integration capabilities has been fine tuned for an optimal solution.

The Clavister Security VNFs provides a unified approach for securing a wide range of telecom use cases, including:

  • 4G/5G Backhaul Security
  • Gi/SGi Firewalling
  • Domain Security
  • WiFi Optimization

Through compliance and support for several industry standards such as 3GPP and ETSI-NFV the Clavister Security VNFs integrates seamlessly.

Backhaul Security

4G/LTE technology has matured and evolved from early-stage testing to mass-market resulting in massive growth and transformation all over the world. Most LTE-networks are deployed without security due to time-to-market prioritisation and, with the proliferation rate of Small Cells for congested areas, the need for secure backhaul increases dramatically.

Clavister secures the LTE networks with a flexible and cost effective solution for securing and encrypting the vulnerable interfaces used for backhaul traffic from the radio base stations (eNodeBs) to the network core.

Reliability and privacy can be ensured by encrypting all traffic that traverse over untrusted networks, including the S1-U and S1-MME interfaces.

Key highlights:

  • Purpose Built for Virtualization and SDN/NFV
    • Fully Virtualized
    • Integrates SDN Controllers and NFV Orchestrators
    • Part of a strong Eco-System ensures smooth integration
    • Ready for Service Function Chaining (SFC)
    • Ready for Service Automation (Scale-Up / Scale-Out)
    • Compliant with ESTI-NFV standards

  • Highest Security Performance on the Market
  • Designed for Telecom
  • Scalable and flexible business model

Core Security - Gi/SGi Firewall

Already now, more than 20 billion devices are connected to the Internet and analysts predict that within a few years, the number will rise to something in the range of 40–50 billion. Not only are the number of devices increasing but so to the amount of data-traffic demanded.

"The unprecedented growth of data-traffic in mobile networks means that the Gi/SGi firewalls protecting your core-network must be able to scale in a completely new proportion, without adding more costs as competitive pricing is a must."

Clavister's Security VNF operates as Gi/SGi Firewalls and protects both the Core network and subscribers against attacks and intrusions.

Key Highlights

  • Natively designed for Virtualization and SDN/NFV
    • Integrates with SDN controllers
    • Integrates with NFV orchestrators
    • Supports OpenStack and HOT Templates for rapid provisioning

  • Highest Security Performance on the market
  • High capacity for Concurrent Connections
  • Carrier-Grade NAT (CG-NAT)
  • DDoS Protection with IDP and Traffic Anomaly Filtering (Rate Limits)
  • Powerful Quality of Service and Bandwidth Management
  • Designed for Telecom and 3GPP Compliance


Firewall Performance* (Gbps) 5 10 20 40
VPN Performance (Gbps) 2,5 5 10 20
Concurrent Connections 1M 2.5M 5M 10M
Concurrent VPN Tunnels (IPsec) 2,000 3,000 5,000 10,000
Ethernet Interfaces Up to 3 Up to 5 Up to 7 Up to 10
Virtual Interfaces (VLAN 802.1q) 256 512 1,024 2,048
Virtual Routers 50 100 200 500
Support for High Availability (HA) Yes Yes Yes Yes
Minimum available memory for the virtual machine 2 GB 2 GB 4 GB 8 GB
Minimum recommended number of allocated CPU cores 2 2 4 8
Minimum available storage 2 GB
Clavister cOS Clavister cOS Stream
  • * Firewall Performance is based on RFC 2544. Actual performance may vary depending on network conditions, number of activated services and host hardware capabilities.


Name Description Date

This product brochure describes the capabilities of Clavister Virtual Stream Series using cOS Stream 3.20.

  • 1

Virtualized Security - The End of Big-Irons

Featuring Research by Gartner

In this newsletter from Clavister featuring and including research by Gartner you can read about how Virtualized Security together with Software-Defined Networks transforms the telecom business.

Featured Content

In this newsletter by Clavister, featuring research from Gartner, you can read about what drives adoption of Software-Defined Networks (SDN) and Network Function Virtualization (NFV) within the telecom industry. Additionally the newsletter covers topics such as a recommendation of requirements that buyers of VNFs should consider and detailed information about how Clavisters VNFs address key challenges and opportunities in this transformational period.

Market Drivers

The newsletter highlights the major drivers for adoption of SDN and NFV, including research indicating extensive adoption of the technology. Research cited in the newsletter talks about 70% of all Communications Service Providers (CSPs) having conducted  Proof of Concept on SDN/NFV already by 2018, and that 50% among these will move toward implementation around the same period.

Additional insights into the benefits of SDN/NFV is also covered, including anticipated Opex reduction of 60% and Capex reduction of 40%, by using virtualized network solutions. 


To ensure successfull migration to SDN/NFV the Communication Service Providers must evaluate and consider a number of key aspects when choosing Security VNFs, including:

  • Can carrier grade-quality, -performance and -feature set be guaranteed in a security VNF?
  • Is there a strong eco-system and open API's in place to ensure seamless integration to underlying SDN platforms and orchestration tools?
  • Is there a business model applied that provides flexible roll out and monitoring of numerous VNF's as one holistic function?

Solutions - Clavister and SDN/NFV

In this newsletter you will learn more about Clavisters position and view of the market, the security challenges when adopting SDN/NFV and how a successful outcome can be achieved.


Copyright and Disclamer


What Are You Waiting For?

Download product brochure or contact us