Products : Security Gateway

Facing skyrocketing packet data traffic growth rates, along with challenges in broadband RAN coverage and capacity, operators are implementing a range of services access networks and technologies with one thing in common: entry to the operator's core network is over the open Internet or via other "untrusted" networks. This is true for Wireless LAN Interworking, Unlicensed spectrum Mobile Access or UMA, and femtocells. A common requirement for employing any or all of these services access strategies is a secure front door to the mobile operator core network - the security gateway. But while security gateways have been in use in Enterprise networks and for operator-provided enterprise VPN services for years, the scale at which the security gateway must operate when applied to the mobile networks is dramatically different. Enterprise platforms can not scale easily to manage hundreds of thousands of IPSec tunnels, for example. Nor do they offer a subscriber context that allows for per subscriber policy enforcement. A new class of security gateways is required to meet the demands of subscriber densities in the hundreds of thousands of user-to-network connections.

Security Gateways Functions in Mobile Infrastructures
Security gateways supporting IKE and IPSEC for security authorization and communications are stipluated in several 3GPP and 3GPP2 standards. The security gateway functionality is required within the Packet Data Interworking Function and Packet Data Gateway standards, and is also stipulated in UMA / GAN (see the diagram at right) and Femtocell aggregation. Some operators are also utilizing a security gateways to manage secure tunnels between emerging IP-enabled BTSs and the core network. By enabling secure communications between BTS and the core, operators can leverage much cheaper networks to backhaul cell tower traffic.

Stoke Session Exchange Security Gateway
The Stoke Session Exchange delivers a scalable security gateway function for the lowest cost per bit, and the lowest cost per subscriber on the market today. Additionally, the SSX supports configurations starting as low as 8,000 concurrent IPSec tunnels up to 240,000 concurrent IPSec tunnels in a compact 5 rack units. The SSX the also offers more throughput per RU than any other security gateway available, ranging from 4 Gbps to 16 Gbps in a single system, and up to 96 Gbps in a standard 7' rack.

And the SSX's throughput is not reduced when features like encryption & decryption, traffic classification, QoS marking, traffic policing, and charging / accounting are turned on, nor when - as is expected with increasingly multimedia traffic - smaller packet sizes dominate the traffic stream.

For details on security standards and features supported by the SSX, refer to the SSX-3000 web page or the SSX-3000 datasheet available in the document library.



Read the Stoke Sessions Blog Follow Stoke on Twitter Connect with Stoke on LinkedIn Visit our Channel on YouTube