Products : Security Gateway

Facing skyrocketing packet data traffic growth rates and rapidly increasing costs to delivery services operators are implementing a range of services access networks and technologies with one thing in common: entry to the operator's core network is over the open Internet or via other "untrusted" networks. Edging closer towards an "All IP" network, operators are enabling more and more infrastructure with IP to take advantage of lower cost transport options. This is true for systems from Wi-Fi and femtocells to IP enabled NodeBs, and of course LTE eNodeBs.

The common requirement for employing open IP networks for backhaul is securing communications between the IP enabled remote network elements and the mobile core network. Considering the a secure front door or Security Gateway as a strategic component in the core can reduce network complexity and cost over considering a security gateway for femtocells, for Wi-Fi aggregation, and for NodeB session termination discretely.

But while security gateways have been in use in Enterprise networks and for operator-provided enterprise VPN services for years, the scale at which the security gateway must operate when applied to the mobile networks is dramatically different. Enterprise platforms can not scale easily to manage hundreds of thousands of IPSec tunnels, for example. Nor do they offer a subscriber context that allows for per subscriber policy enforcement. A new class of security gateways is required to meet the demands of subscriber densities in the hundreds of thousands of user-to-network connections.

SSX-3000 Security Gateway
The Stoke Session Exchange delivers a scalable security gateway function for the lowest cost per bit, and the lowest cost per subscriber on the market today. Additionally, the SSX supports configurations starting as low as 8,000 concurrent IPSec tunnels up to 240,000 concurrent IPSec tunnels in a compact 5 rack units. The SSX the also offers more throughput per RU than any other security gateway available, ranging from 4 Gbps to 16 Gbps in a single system, and up to 96 Gbps in a standard 7' rack.

And the SSX's throughput is not reduced when features like encryption & decryption, traffic classification, QoS marking, traffic policing, and charging / accounting are turned on, nor when - as is expected with increasingly multimedia traffic - smaller packet sizes dominate the traffic stream.

For details on security standards and features supported by the SSX, refer to the SSX-3000 web page or the SSX-3000 datasheet available in the document library.



Read the Stoke Sessions Blog Follow Stoke on Twitter Connect with Stoke on LinkedIn Visit our Channel on YouTube