Stoke, Inc.

Solutions : RAN Security GW / eNodeB Aggregation

Early adopters of the 3GPP Long Term Evolution (LTE) radio networks have publicly stated their intentions to deploy highly distributed wide-area networks. In September 2009, Verizon Wireless CTO, Tony Melone stated that Verizon wants to use distributed antennas in areas like airports and arenas, and picocell units in high traffic spots in the network. He cited that deployment using multiple smaller cells -- rather than large but isolated cell sites -- will put more radios closer to users and help keep data speeds fast and consistent. In February, 2011, both Alcatel-Lucent and Ericsson trumpeted their new class of radion equipment designed soley for these applications.

The strategy may be simple on the surface, but it has huge implications for the traditional 'closed' mobile operator network and on core network elements designed for the hierarchical mobile networks of the past. Unlike the tightly controlled cell cites of today's macro cellular network, user traffic is all IP and the distributed picocells and microcells will not have access to the same secure locations or secure fiber and TDM circuits for back-hauling traffic to the core. And the Serving Gateway (S-GW) is responsible for connecting to and keeping active connections to thousands to tens-of-thousands of eNodeBs, something repurposed GGSNs / SGSNs will struggle with.

So how does the MNO ensure the integrity of core-to-RAN connections and the security of user traffic in this newenvironment? By embracing a proven, dedicated, high-density Security Gatetway to maintain the connections to eNodeBs and use secure IKE/IPSec tunneling technologies as specified by 3GPP to protect user traffic and service.

The SSX-3000 eNodeB aggregation security gateway is deployed in one of the most sophisticated LTE network in the world, and is interoperable with the widest range of eNodeBs available, including Fujitsu, Panasonic, Nokia Siemens, and NEC. Stoke delivers the feature set required to ensure highly available, highly resilient, and high throughput links between the LTE core network and eNodeBs. These requirements range from standard IKEv2/IPSec tunneling protocols, to flexible connect/reconnect configurations to ensure high availability and rapid recovery in case of a lost connection, etc. The table below provides a brief look at some of the key eNodeB aggregation feature requirements together with SSX-3000 competitive differentiation.