Oracle s Secure HetNet Backhaul Solution A Solution Based on Oracle s Network Session Delivery and Control Infrastructure
HetNets are a gradual evolution of cellular topology, not a distinct network unto itself. Driven by this evolution, ARCchart forecasts annual unit shipments of 1.4 million macro cells, 5 million small cells, and 11.5 million Wi-Fi access points by 2017, representing a global market value of $42 billion. ARCchart HetNet Market Summary and Forecasts: Macro Cells, Small Cells, and Wi-Fi Offload The growing adoption of smartphones, tablets, and increasingly bandwidth-hungry applications and services is driving unprecedented mobile broadband traffic growth. ARCchart, an independent research and consulting firm, forecasts that global mobile data traffic will increase at a 31 percent compound annual growth rate from 2012 to 2017, creating significant capacity planning and network engineering challenges for mobile service providers. Upgrading core network infrastructure and deploying Long Term Evolution (LTE) networks represent one step in addressing skyrocketing traffic demands. But given finite macroradio capacity, the expense of acquiring spectrum and building new macrosites, and indoor coverage constraints, LTE alone does not adequately or cost-effectively address all needs. For this reason, many service providers are implementing heterogeneous networks (HetNets) leveraging small cells (metrocells, picocells, and femtocells) and Wi-Fi hotspot access networks in conjunction with LTE to boost network capacity and coverage while reducing total cost of ownership. Oracle s secure HetNet backhaul solution enables service providers to overcome the security and user experience challenges associated with implementing HetNets and backhauling traffic across the internet or untrusted IP access networks. Challenges Representing a radical departure from traditional macro radio access network (RAN) architectures, HetNets lack the control and manageability of second- and thirdgeneration time-division multiplexing (TDM) networks. HetNets pose challenges in three fundamental areas: security, user experience management, and operational control. Security With HetNet architectures, traffic from small cells, Wi-Fi access points, and LTE base stations is backhauled over the internet or IP networks, introducing a variety of security concerns. Security breaches can lead to service disruptions, financial loss, subscriber churn, and a tarnished brand. Providers must put systems and controls in place to protect against malicious attacks, prevent service and identity theft, and ensure the integrity and confidentiality of voice and data communications. 2
APPLICATIONS Small cell access Wi-Fi offload LTE backhaul FEATURES Comprehensive security Broad authentication mechanisms High throughput and industry-leading tunnel capacity Virtualization Full integration with mobile core VoIP and SBC support BENEFITS Secure and reliable services Ability to monetize offload Quality user experience Reduced capital and operational expenditures User Experience Management To provide a consistent user experience, service providers must deliver ease of connection for all device types. They must also provide nondisruptive mobility as subscribers move in and out of macro RANs. Operational Control To deploy services and generate revenue in an effective manner, service providers need to track service usage, collect billing data, and comply with applicable lawful intercept regulations. HetNet Solution Overview Oracle s secure HetNet backhaul solution is designed to help service providers overcome the unique security and operational challenges associated with building HetNets and backhauling traffic across the public internet and untrusted IP networks. The solution provides session authentication, encryption, and control functions that enable operators to efficiently implement highly secure, reliable, and scalable HetNets. The solution features Oracle Communications Security Gateway, a multiservice security gateway (MSG), deployed at the access border between the internet or private IP network and the mobile core. To support Voice over IP (VoIP), Voice over Wi-Fi (VoWiFi), and Voice over Long Term Evolution (VoLTE) applications, Oracle Communications Security Gateway can be integrated with Oracle Communications Session Border Controller to provide security, interoperability, and other controls for Session Initiation Protocol (SIP) based traffic. Thanks to Oracle s multiservice architecture with service virtualization, Oracle Communications Security Gateway can be partitioned and resources can be dedicated to specific applications. This reduces the number of network elements required for HetNets and enables fine-grained traffic management and security controls per service. 3
Solution Features and Benefits Oracle s HetNet solution offers features and benefits in the following areas: Architectural Flexibility Oracle Communications Security Gateway provides security and control functions for small cell, Wi-Fi offload, and LTE backhaul applications. As a highly versatile MSG, it protects the delivery of voice and data services over untrusted access networks across a range of architectures, including the following: The secure HetNet backhaul solution helps service providers overcome the unique security and operational challenges associated with building HetNets. LTE backhaul Small cells including, Code-Division Multiple Access (CDMA) ANSI-41, and SIP / IP Multimedia Subsystem (IMS) Wi-Fi offload (client-based, clientless) VoWiFi (SIP, unlicensed mobile access [UMA]) Standards Based Oracle s secure HetNet solution supports all standards-based functional requirements as defined by the Third Generation Partnership Project (3GPP): Internetworking-Wireless Local Area Network (I-WLAN) tunnel terminating gateway (TTG) Home NodeB (HNB) security gateway Femtocell security gateway Evolved packet data gateway (epdg) UMA/generic access network (GAN) security gateway (SeGW) 4
Figure 1. HetNet functional requirements. Comprehensive Security To ensure secure backhaul for HetNets, (e)nodebs, Wi-Fi access points, and small cells must be authenticated and traffic must be encrypted. Oracle Communications Security Gateway employs two levels of hardware acceleration to enable extremely fast Internet Protocol Security (IPSec) tunnel setup and wire speed IPSec traffic encryption and decryption, without impacting traffic performance. Security features include Hardware-accelerated tunnel setup and encryption IPSec control plane denial of service (DoS) and distributed denial of service (DDoS) protection to ensure confidentiality Broad support of encryption ciphers Mobile Core Integration Oracle Communications Security Gateway fully integrates into the mobile core, leveraging existing policy, authentication, charging, and other operational elements to better monetize and manage the user experience. Supporting a wide range of authentication mechanisms, Oracle Communications Security Gateway enables seamless sign-on and enables all subscriber devices including mobile phones (subscriber identity module, or SIM, devices), tablets, and laptops (non-sim devices) to participate in the HetNet. Key features include: Authentication flexibility (Extensible Authentication Protocol (EAP) methods and certificate handling) Policy and Charging Rules Function (PCRF) support to manage internet breakout policy 5
Evolved Packet Core (EPC) / Gateway General Support Node (GGSN) interfaces for IP address management for handover mobility Media policing Diameter and Remote Authentication Dial-In User Service (RADIUS) accounting to enable billing and charging Lawful intercept interfaces Low Total Cost of Ownership Oracle Communications Security Gateway provides industry-leading capacity and density, scaling up to 200,000 IPSec tunnels per system for breakthrough economics. It supports up to 4.8 million IPSec tunnels per 7 foot telco rack in high availability intersystem mode or 9.6 million tunnels per rack in standalone mode. To address voice and bandwidth-intensive video and data, Oracle Communications Security Gateway supports up to 10 Gb/sec of throughput in a compact platform. Local internet breakout functionality also reduces the total cost of HetNets because the demands on the mobile core are decreased. Oracle Communications Session Border Controller can be integrated on the same platform to provide security and control for VoIP and IMS traffic. Conclusion Mobile network operators are looking to HetNets to address exploding mobile broadband traffic demands. By offloading traffic onto small cell access networks and Wi- Fi access networks, operators can expand coverage and service quality, and free up RAN capacity. Oracle s secure HetNet backhaul solution is designed to help service providers overcome the unique security and scalability challenges encountered when implementing HetNets and backhauling access network traffic across the internet. The high-performance, high-capacity solution enables network operators to deploy highly secure, reliable, and scalable HetNets efficiently and cost effectively. 6
Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0713