9.5 Summary
A packet mobile backhaul is based on an open and well-known protocol, IP. Even though the backhaul is a separate, private network (not directly connected to the public internet), it is still vulnerable to many threats that do not exist in a TDM or ATM network. Introducing IP based logical interfaces and IP/MPLS/Ethernet technologies for the backhaul necessitates that these threats are identified and properly addressed.
In many cases, 3GPP requires an implementation of cryptographic protection using IPsec. For LTE, 3GPP specifications for the network domain are clearly written and explicit. For 2G and 3G, guidance from the more recent LTE specification work can be used.
The backhaul security is not only about IP layer and IP layer protection with IPsec. Other layers and other types of threats need to be considered as well. Many of the topics of this kind are addressed by sound design guidelines and operating practices.
IPsec VPNs are deployed for a cryptographic protection for the traffic carried in the mobile backhaul. IPsec supports encryption, authentication and confidentiality. Typically IPsec is implemented between a BTS (as BTS integrated IPsec function, or as a separate cell site gateway), and a central site IPsec GW. With the IPsec VPN, high availability of the IPsec GW is necessary, since a number of BTSs depend on it. Different models for the resilience exist that depend on the IPSec GW implementation.
ESP in tunnel mode is the selected IPsec protocol to provide ...
Get Mobile Backhaul now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
