Oracle’s Secure HetNet Backhaul Solution
2
The growing adoption of smartphones, tablets, and
increasingly bandwidth-hungry applications and
services is driving unprecedented mobile broadband
traffic growth.
ARCchart, an independent research and consulting firm, forecasts that global mobile data traffic will increase at a 31 percent compound annual growth rate from 2012 to 2017, creating significant capacity planning and network engineering challenges for mobile service providers. Upgrading core network infrastructure and deploying Long Term Evolution (LTE) networks represent one step in addressing skyrocketing traffic demands. But given finite macroradio capacity, the expense of acquiring spectrum and building new macrosites, and indoor coverage constraints, LTE alone does not adequately or cost-effectively address all needs.
For this reason, many service providers are implementing heterogeneous networks (HetNets)—leveraging small cells (metrocells, picocells, and femtocells) and Wi-Fi hotspot access networks in conjunction with LTE to boost network capacity and coverage while reducing total cost of ownership. Oracle’s secure HetNet backhaul solution enables service providers to overcome the security and user experience challenges associated with implementing HetNets and backhauling traffic across the internet or untrusted IP access networks.
Challenges
Representing a radical departure from traditional macro radio access network (RAN) architectures, HetNets lack the control and manageability of second- and
third-generation time-division multiplexing (TDM) networks. HetNets pose challenges in three fundamental areas: security, user experience management, and operational control.
Security
With HetNet architectures, traffic from small cells, Wi-Fi access points, and LTE base stations is backhauled over the internet or IP networks, introducing a variety of security concerns. Security breaches can lead to service disruptions, financial loss, subscriber churn, and a tarnished brand. Providers must put systems and controls in place to protect against malicious attacks, prevent service and identity theft, and ensure the integrity and confidentiality of voice and data communications.
“HetNets are a gradual evolution
of cellular topology, not a distinct
network unto itself. Driven by this
evolution, ARCchart forecasts
annual unit shipments of 1.4
million macro cells, 5 million small
cells, and 11.5 million Wi-Fi
access points by 2017,
representing a global market
value of $42 billion.”
ARCchart
3 User Experience Management
To provide a consistent user experience, service providers must deliver ease of connection for all device types. They must also provide nondisruptive mobility as subscribers move in and out of macro RANs.
Operational Control
To deploy services and generate revenue in an effective manner, service providers need to track service usage, collect billing data, and comply with applicable lawful intercept regulations.
HetNet Solution Overview
Oracle’s secure HetNet backhaul solution is designed to help service providers overcome the unique security and operational challenges associated with building HetNets and backhauling traffic across the public internet and untrusted IP networks. The solution provides session authentication, encryption, and control functions that enable operators to efficiently implement highly secure, reliable, and scalable HetNets. The solution features Oracle Communications Security Gateway, a multiservice security gateway (MSG), deployed at the access border between the internet or private IP network and the mobile core. To support Voice over IP (VoIP), Voice over Wi-Fi (VoWiFi), and Voice over Long Term Evolution (VoLTE) applications, Oracle Communications Security Gateway can be integrated with Oracle Communications Session Border Controller to provide security, interoperability, and other controls for Session Initiation Protocol (SIP)–based traffic.
Thanks to Oracle’s multiservice architecture with service virtualization, Oracle Communications Security Gateway can be partitioned and resources can be dedicated to specific applications. This reduces the number of network elements required for HetNets and enables fine-grained traffic management and security controls per service.
APPLICATIONS
Small cell access
Wi-Fi offload
LTE backhaul FEATURES
Comprehensive security
Broad authentication mechanisms
High throughput and industry-leading tunnel capacity
Virtualization
Full integration with mobile core
VoIP and SBC support BENEFITS
Secure and reliable services
Ability to monetize offload
Quality user experience
4
Solution Features and Benefits
Oracle’s HetNet solution offers features and benefits in the following areas:
Architectural Flexibility
Oracle Communications Security Gateway provides security and control functions for small cell, Wi-Fi offload, and LTE backhaul applications. As a highly versatile MSG, it protects the delivery of voice and data services over untrusted access networks across a range of architectures, including the following:
LTE backhaul
Small cells including , Code-Division Multiple Access (CDMA) ANSI-41, and SIP / IP Multimedia Subsystem (IMS)
Wi-Fi offload (client-based, clientless)
VoWiFi (SIP, unlicensed mobile access [UMA])
Standards Based
Oracle’s secure HetNet solution supports all standards-based functional requirements as defined by the Third Generation Partnership Project (3GPP):
Internetworking-Wireless Local Area Network (I-WLAN) tunnel terminating gateway (TTG)
Home NodeB (HNB) security gateway
Femtocell security gateway
Evolved packet data gateway (ePDG)
UMA/generic access network (GAN) security gateway (SeGW)
5
Figure 1. HetNet functional requirements.
Comprehensive Security
To ensure secure backhaul for HetNets, (e)NodeBs, Wi-Fi access points, and small cells must be authenticated and traffic must be encrypted. Oracle Communications Security Gateway employs two levels of hardware acceleration to enable extremely fast Internet Protocol Security (IPSec) tunnel setup and wire speed IPSec traffic encryption and decryption, without impacting traffic performance. Security features include
Hardware-accelerated tunnel setup and encryption
IPSec control plane denial of service (DoS) and distributed denial of service (DDoS) protection to ensure confidentiality
Broad support of encryption ciphers
Mobile Core Integration
Oracle Communications Security Gateway fully integrates into the mobile core, leveraging existing policy, authentication, charging, and other operational elements to better monetize and manage the user experience. Supporting a wide range of authentication mechanisms, Oracle Communications Security Gateway enables seamless sign-on and enables all subscriber devices—including mobile phones (subscriber identity module, or SIM, devices), tablets, and laptops (non-SIM devices)— to participate in the HetNet. Key features include:
Authentication flexibility (Extensible Authentication Protocol (EAP) methods and certificate handling)
6
Evolved Packet Core (EPC) / Gateway General Support Node (GGSN) interfaces for IP address management for handover mobility
Media policing
Diameter and Remote Authentication Dial-In User Service (RADIUS) accounting to enable billing and charging
Lawful intercept interfaces
Low Total Cost of Ownership
Oracle Communications Security Gateway provides industry-leading capacity and density, scaling up to 200,000 IPSec tunnels per system for breakthrough economics. It supports up to 4.8 million IPSec tunnels per 7 foot telco rack in high availability intersystem mode or 9.6 million tunnels per rack in standalone mode.
To address voice and bandwidth-intensive video and data, Oracle Communications Security Gateway supports up to 10 Gb/sec of throughput in a compact platform. Local internet breakout functionality also reduces the total cost of HetNets because the demands on the mobile core are decreased. Oracle Communications Session Border Controller can be integrated on the same platform to provide security and control for VoIP and IMS traffic.
Conclusion
Mobile network operators are looking to HetNets to address exploding mobile
Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.