Border Gateway Roaming Security
Traffic from other operators needs to be scanned before allowed into the CSPs network. Roaming traffic signaling inspection is required on the SCTP protocol for Diameter traffic as well as GTP signaling validation. Together with Perimeter Protection, Advanced Threat Protection with IDS and Network/Server Attack Protection for DDoS threats.
For signaling validation a deep dive into the GTP-C v0/v1/v2, and GTP-U protocols will provide insights into protocol anomalies. The solution works as a stateful proxy and can apply ACL and Packet Shaping and Forwarding Rules on the traffic. There are multiple GTP Multiple Filter Options (Message, APN, IE removal) as well as Sanity Checking – all Header field check and Protocol Fuzzing Detection and Prevention.
For SCTP there is static validation of SCTP packets and stateless forwarding. The solution will provide logs and flow-lifetime and provides validation also when matching “Implicit” SCTP services. There is Traffic Shaping Support for SCTP flows to mitigate an overload and transparent failover between redundant network paths.
In addition BGP routing capabilities are required to support high availability setups with connectivity via multiple carriers. All security protections to make sure roaming traffic is safe and a good experience is provided to the end users.