Security eXchange

Security eXchange with Mobile Border Agent™s is a network gateway application that provides RAN agnostic, secure aggregation, protection and connectivity between RAN and core without adding any appreciable end-to-end latency. The application assures confidentiality and integrity of LTE data plane and control plane traffic, protecting subscriber communications while optimizing LTE core resources against overload events and attacks that can paralyze core network resources.

Security eXchange creates an invisible secure mobile edge, removing service impacting packet processing burden from the evolved packet core.

Stoke Security eXchange addresses all the threats identified by industry standards organizations for the S1 interface between EPC and EUTRAN,Stoke Security eXchange addresses all the threats identified by industry standards organizations for the S1 interface between EPC and EUTRAN, providing the recommended solutions of IPsec with strong authentication and authorization mechanisms. The Stoke Security eXchange provides extremely high density termination of encrypted eNodeB S1 links and a very rich, extensible set of features for IKE, PSK, PKI, and IPsec, compatible with all major eNodeB provider and operator implementations.

Stoke Mobile Border Agent™ is an intelligent software agent that works with Security eXchange to further support the protection and optimization goals of the operator.

Stoke Mobile Border Agent includes four primary characteristics.

  • Multi-Dimensional Awareness: Continually monitors S1 packets and correlates user plane, control plane, RAN and session volume, state, and other data to identify anomalies and support network goals.
  • Reference Network Model: Maintains a reference model of connected eNodeBs and core elements, normal network conditions, and threshold parameters that define reporting and action triggers.
  • Policy-based Enforcement Action: Enacts specific actions to protect service availability and network assets, interacting with other EPC elements such as PCRF to obtain guidance or output results, as desired.
  • Data Collection/Reporting: Collects data and reports back to network operators, providing a comprehensive perspective of the network.

Leveraging its strategic location in the LTE network, Security eXchange with Mobile Border Agent conducts stateful analysis of the specific protocols used in the RAN to EPC mobile access border. The solution provides a powerful perspective with control plane, user plane, session and RAN visibility that is not available on other network elements.

The Security eXchange includes innovative features offering proven, unique benefits to operators.

Feature Description and Benefits
Robust IPsec 3GPP specified security for small and macro cell deployments. Prevents threats to the subscribers, services, and the EPC from the S1 interface.
Extensive IKE Support Supports extensive implementations of IKEv1 and IKEv2, with a wide range of integrity and encryption algorithms. Ensures reliable security associations and broad interoperability with eNodeB vendors.
Extensible Authentication and Authorization Supports both Pre-Shared Key (PSK), and Public Key Infrastructure (PKI) paradigms for establishing a trust relationship. Eases integration with existing mechanisms.
2048 Bit Certificate Key Support Dramatically strengthens security of the key exchange and the security association.
Flexible Connection Initiation Multiple set-up options allow for nuances of different eNodeB vendors. Eases integration with eNodeB vendor implementations.
Tunnel End Point Encryption Selector Configurable option of sending traffic destined to the tunnel endpoint either encrypted or clear. Enables flexibility in traffic encryption as an optimization to the network behavior.
Inter-Chassis Redundancy Stateful system failover option guards against unlikely failures using a second chassis. A high availability configuration option.
Intra-Chassis Redundancy Stateful, field proven option that provides 5 Nines availability without requiring a second chassis. Reduces system costs and footprint.
In Service
Software Upgrade
Allows operator to upgrade system software without taking Security eXchange out of service. Provides operational ease and service continuity.
S1-Application Layer State Validation Monitors S1-AP interface for abnormal traffic, control transactions or mismatched events. Blacklists eNodeBs when multiple abnormal events are observed. Allows GTP traffic only for established bearers. Prevents service impact from expanding to other non-compromised eNodeB areas.
Control Message
Shaping and Policing
Monitors the rate at which control event messages are arriving to MME and SGW and shapes rate as needed and as defined by operator. Optional blacklisting of eNodeBs upon exceeding defined thresholds. Prevents RAN initiated signaling storms from impacting EPC
S1-AP message inspection Normalizes eNodeB implementation of signaling protocols from different vendors so operator can more easily administer control information to/from the EPC
SCTP/S1-AP Proxy Enables termination of eNodeBs into SSX to minimize non-UE associated MME-eNodeB interactions. Assists operators in managing signaling increase from small cell deployments.
Multi-Dimensional Awareness Stateful, line-rate, inspection of control plane packets to validate proper state. Applied to the suite of protocols related to RAN-EPC control plane (SCTP, S1, GTP). Includes RAN, subscriber, core, control/user plane awareness. Provides multiple levels of visibility to operator for intelligent policy enforcement.

The Security eXchange includes innovative high availability features offering proven, unique benefits to operators.

Features Description Benefits
Port Level Redundancy The XGLC20's 10G interfaces will operate in a redundant fashion.  Standby ports become active on the same card.  IP Address will stay with the active port when switchover occurs. A configurable option is supported to allow the system to switch back to the previous port configuration once the link state or failure clears. No User Session/Tunnel Impact. User Data Plane impact measured in milliseconds
N:1 Line Card Redundancy The SSX can be configured in a 1:1 or 2:1 Line card redundancy scheme.  If a line card (GLC or XGLC) fails, all sessions from the primary card will fail over to the backup card. The security associations between the gateway and the base station are maintained, so no re-initiation is required In a VoLTE environments, fast line card switchover can help the operator maintain voice quality SLAs
System Component Redundancy The SSX includes redundant power entry modules, cooling fans, and management cards. Each fan tray and power entry module are field replaceable units and can be hot swapped allowing the system to continue passing traffic without interruption.
Automated Process Restart – Software resiliency StokeOS monitors itself for software failures and/or resource leaks.  In the event that a process suffers a failure, the high availability architecture restarts the affected process(es) within milliseconds. No User Session/Tunnel or Data Plane Impact
Transparent Failover Upon a failure that results in a chassis switchover, the eNodeB is unaware of that failure or the moving of the virtual IP addresses to the standby chassis. This capability provides additional layers of reliability beyond the rack or site. The network infrastructure is not negatively affected or need manual intervention to complete the chassis switchover.
Failure Detection Failure of the active chassis will happen within milliseconds. A failure will be identified and recovery action started prior to the protocols traversing the IPSec tunnel to timeout.
Switchback Automatic mechanism for a preferred-active chassis switchback. This allows the operator to return the network to a pre-failure configuration automatically.
Connection Policy Connect policy controls the connection establishment to ensure that both chassis are up and reachable before attempting to connect Avoids undesired chassis becoming "active" and minimizes split brain during connection bring up
ICR Active Fail Policy ICR Active-Fail Policy helps monitor network elements outside of SSX chassis This is based on route trackers and interface monitors Provides greater intelligence into the decision to failover a chassis.
Standby-Peer-Fail Policy Monitors alternate paths to the Active so that it only takes over when the Active is DEAD Provides protection of a Split Brain configuration, where both chassis are active.

The Stoke Security eXchange maintains line rate performance - even performing encryption/decryption functions at packet transmission rates experienced when average packet sizes drop to as small as 96 bytes. This means that the capacity specified for each line card or system does not diminish as the operator network and services mature and average packet size changes. This dramatically simplifies operator sizing estimates and reduces the requirement to add equipment as traffic changes over time.

Other gateway vendors, who may claim line rate performance, will require operators to purchase more equipment when average packet sizes fall, traffic volumes increase, and network packet rates skyrocket.

The maximum configuration for the Security eXchange provides the following specifications:

Specifications System Maximum
Capacity
IPsec Tunnels (to eNodeB) 180,000
Throughput 80 Gbps
Port Configuration 16 x 10 GigE
Performance
Encryption / Decryption 80 Gbps
Encryption Packet Processing 104 million packets per second
System Latency < 30 microseconds
Reliability, Redundancy, IOT
Availability >99.999%
Intra-Chassis Redundancy Available
Inter-Chassis Redundancy Available
eNodeB Interoperability Successful IOT with most
major vendors and models
Power Efficiency 1200-2160 W
20-27 W per Gbps

 


Follow Stoke on their Blog Follow Stoke on Twitter Connect with Stoke on LinkedIn Visit our Channel on YouTube