Backhaul Security Gateway
This solution focuses on securing the access traffic with high performant encryption and decryption capabilities. The eNodeBs establish a VPN tunnel to the Backhaul Security Gateway over the X2 interface. The traffic from the base-stations to the core will be secured with IPsec regardless of transport method, and at the core network a highly scalable efficient backhaul gateway is needed to decrypt all the traffic before enabling communication with the core network nodes. Certificate authentication is built in to validate nodes and prevent unauthorized access. This prevents rogue eNodeBs to connect to the network. CMPv2 – Certificate Manager Protocol v2 compliancy ensures compatibility with eNodeB from all major vendors. The Backhaul Security Gateway may also be used to check inside the GTP signalling in order to validate its contents
It is tempting to use dedicated hardware to manage decryption and encryption of traffic. In modern virtualized networks however, this will hurt the advantages that NFV/SDN bring, including elasticity, dynamic scaling and sharing of hardware resources. Virtualised performance is therefor of major importance and will be aided by compatibility with new technologies such as Intel Quick Assist Technology.
High performance virtual IPSec encryption and decryption
Rouge eNodeB protection