Chapter 9
Security
In the mobile network, security is covered in a number of 3GPP specifications. Most of the security features of the mobile system do not directly involve backhaul. Before designing protection for a mobile backhaul application, it is useful to study what is offered by the mobile system itself. A review of this is provided in Section 9.1.
Also for the backhaul 3GPP sets the framework. In many cases, IPsec is required for the protection of the backhaul. 3GPP view concentrates on protecting the IP layer with IPsec. This is reasonable, as the layers below IP are not specified. Without cryptography, a level of protection can be achieved by keeping traffic types separate. Traffic separation and L2 specific protection is the topic of Section 9.2.
IP layer protection with firewalls, access lists, and with the cryptographic protection achieved with IPsec, is discussed in Section 9.3. IPsec protocols and related tools that are relevant for the mobile backhaul are reviewed.
Finally, Section 9.4 considers issues related to IPsec VPN deployment: QoS, resilience, fragmentation, etc. In this chapter, a case with LTE S1 and X2 protection with an IPsec VPN is explored. Section 9.5 presents a summary.
