IPsec protection brings backhaul security up to speed in IP-based LTE networks
Contrary to traditional TDM and ATM based 2G and 3G networks, LTE networks are based on IP connectivity. This technology offers more flexibility and cost-efficiency. But the architecture of LTE, combined with the open nature of IP, makes LTE networks far more vulnerable to attack than their TDM-based predecessors.
This is most critical in the backhaul segment, with its open Ethernet and IP interfaces and protocols. As mobile operators around the world evolve to LTE, they need advanced backhaul platforms that provide better protection.
Bringing security to the packet processing layer
Secure LTE networks require application-specific security protocols that can operate at the higher layers of the Open Systems Interconnection (OSI) protocol stack. The Internet Engineering Task Force (IETF) has defined a suite of security protocols to meet this need: Internet Protocol Security, or “IPsec.”
IPsec provides end-to-end security that operates at the packet processing layer. It enables operators to protect the network and higher-layer applications and is capable of securing communications on a host-to-host, network-to-network and network-to-host basis.
Cost and complexity: a perception problem
IPsec basically authenticates and encrypts each IP packet within a communications session. But many operators view IPsec configurations as too complex and costly to implement. As a consequence, many have chosen to implement proprietary VPN solutions instead.
However, two developments underscore the need for widespread IPsec implementation:
- The adoption of the IPv6 standard, which mandates the use of IPsec, and
- The roll-out of LTE networks, which present numerous security concerns.
IPsec networks have the competitive advantage
Mobile operators need advanced backhaul platforms that provide better protection. Such platforms must be cost-effective, both in terms of capital expenditures and operating expenditures. And they must be easy to configure and use.
For operators that already have deployed an advanced backhaul solution, implementing IPsec functionality only requires a new line card for the edge switch or access switch.
Operators that are still evaluating a backhaul solution now have the option of investing in a cost-effective platform that protects LTE backhaul traffic and simultaneously supports 2G and 3G operations.
In both cases, a backhaul solution enhanced with IPsec capabilities enables operators to secure their networks and the traffic riding on them. But also enables operators to secure their own long-term success in the competitive marketplace.
Learn more about specific strategies to implement IPsec cost-effectively in your network in our white paper, Securing LTE Backhaul with IPsec.