Product Overview
The SecGW is a high-density IP Security (IPSec) gateway for mobile wireless carrier networks. It is typically used to secure backhaul traffic between the Radio Access Network (RAN) and the operator core network.
IPSec is an open standards set that provides confidentiality, integrity, and authentication for data between IP layer peers. The SecGW uses IPSec-protected tunnels to connect outside endpoints. SecGW implements the parts of IKE/IPSec required for its role in mobile networks.
The following types of LTE traffic may be carried over encrypted IPSec tunnels in the Un-trusted access domain:
-
S1-C and S1-U: Control and User Traffic between eNodeB and EPC
-
X2-C and X2-U: Control and User Traffic between eNodeBs during Handoff
-
SPs typically carry only Control Traffic, however there exists a case for carrying non-Internet User traffic over secured tunnels
SecGW Application
The StarOS-based Security Gateway (SecGW) application is a solution for Remote-Access (RAS) and Site-to-Site (S2S) mobile network environments. It is implemented via StarOS as a WSG (Wireless Security Gateway) service that leverages the IPSec features supported by StarOS.
For complete descriptions of supported IPSec features, see the IPSec Reference.
IPSec Capabilities
The following IPSec features are supported by StarOS for implementation in an SecGW application:
-
Anti Replay
-
Certificate Management Protocol (CMPv2)
-
Session Recovery
-
Support for IKE ID Type
-
PSK support with up to 255 octets
-
Online Certificate Status Protocol (OCSP)
-
Blacklist/Whitelist by IDi
-
Rekey Traffic Overlap
-
CRL fetching with LDAPv3
-
Sequence Number based Rekey
-
PSK Support for up to 1000 Remote Secrets
-
Certificate Chaining
-
RFC 5996 Compliance
-
Duplicate Session Detection
-
Extended Sequence Number
-
Support to provide DNS server address to the Peer
Process Recovery
The process recovery feature stores backup Security Association (SA) data in an AAA manager task. This manager runs on the SecGW where the recoverable tasks are located.