!

"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L

*(+#,-$,-.,)%
'),$%.$#,/ #/ 012
1"% 3#+%/#/4 ),5% ,6 $"% 7%.8)#$9 4($%3(9


:,/#.( ;(,5#/#
<%/=( >#5# ?,/785$#/4
!"#$%
&'#!()*+#,
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E1E
CF lnLroducLlon
;),$%.$#/4 $"% 012 )(+#,-$,-.,)% 5#/G
L1L ushers ln moblle neLworks LhaL have a more flexlble and less hlerarchlcal framework, hlgher performance and rlcher funcLlonallLy.
8uL lL also lncreases Lhe poroslLy of Lhe moblle neLwork and lLs vulnerablllLy Lo mallclous aLLacks and accldenLal Lrafflc dlsrupLlon.
SecurlLy has become a hoL Loplc among L1L operaLors. Whlle Lhe aLLenLlon focuses almosL excluslvely on moblle devlces, Lhey are far
from belng Lhe only LargeLs for aLLack and enLry polnLs Lo moblle neLworks. ALLacks can be launched from Lhe lnLerneL as well as from
roamlng and MvnC parLners.
unauLhorlzed access Lo Lhe neLwork may come from lnfrasLrucLure elemenLs such as Lhe en8. AdopLlon of small and femLo cells,
whlch are easler Lo access Lhan LradlLlonal macro cells are, furLher lncreases Lhe vulnerablllLy of Lhe neLwork. lf lefL unproLecLed, Lhe
8An-Lo-core llnk offers anoLher rouLe LhaL can cause dlsrupLlon ln moblle neLworks.
1o avold congesLlon or servlce lnLerrupLlon, and provlde a conslsLenL CoL Lo Lhelr subscrlbers, moblle operaLors have Lo proLecL Lhelr
enLlre neLworks devlces, base sLaLlons or femLo cells, backhaul llnks, and Lhe core neLwork agalnsL abnormal Lrafflc flows LhaL may
sLem from lnLenLlonal aLLacks (e.g., malware), unlnLended evenLs (e.g., conflguraLlon errors), or unusual buL leglLlmaLe Lrafflc splkes
(e.g., durlng a sporLs evenL), and may resulL ln splkes boLh ln Lhe
conLrol plane (slgnallng floods) and ln Lhe daLa plane (8An
congesLlon). ln Lhe conLexL of end-Lo-end neLwork proLecLlon,
securlng Lhe radlo-Lo-core llnk ls of cruclal lmporLance Lo
ensurlng Lhe overall securlLy ln moblle neLworks.
ln Lhls paper we focus on Lhe securlLy and proLecLlon of Lhe
radlo-Lo-core llnk, and dlscuss how Lhe sLraLeglcally locaLed
securlLy gaLeway (SeCW) enables operaLors Lo meeL Lhelr
performance, rellablllLy and servlce requlremenLs as Lhey go
Lhrough Lhree dlsLlncL, buL ofLen overlapplng, phases ln Lhelr L1L
deploymenLs:
0(8/."H lnlLlal phase wlLh llmlLed adopLlon and coverage.
I),3$"H full neLwork bulldouL, wlLh lncrease ln coverage,
Lrafflc load and subscrlber adopLlon.
J+K(/.%+ 7%)K#.%7H addlLlon of voL1L and 8CS, lnLroducLlon
of advanced pollcy funcLlonallLy, expanslon of Wl-ll offload,
and small-cell deploymenLs.

012 )(+#,-$,-.,)% '),$%.$#,/H
1"% %K,58$#,/ ,6 $"% 7%.8)#$9 4($%3(9

lsec and SeCWs are Lhe domlnanL soluLlon,
endorsed by 3C, Lo proLecL Lhe L1L radlo-Lo-core
llnk.
SeGWs role has sLarLed Lo expand beyond
securlLy. lL proLecLs Lhe neLwork agalnsL sudden
and unexpecLed surges ln slgnallng and user daLa
Lrafflc, wheLher Lhe resulL of mallclous aLLack,
conflguraLlon error, or splkes ln subscrlber acLlvlLy.
ScalablllLy, mulLl-vendor lnLeroperablllLy and low
laLency are requlred ln Lhe SeCW Lo supporL L1L
neLworks as Lhey evolve from Lhe lnlLlal launch Lo a
maLure phase marked by hlgher Lrafflc loads and
Lhe lnLroducLlon of advanced servlces.

!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E2E
AF SecurlLy, scale and aggregaLlon
1"% ),5% ,6 $"% 7%.8)#$9 4($%3(9 L<%I!M
8adlo-Lo-core llnk proLecLlon requlres a dedlcaLed efforL. 3C sLandards make a sLrong case for Lhe adopLlon of lsec encrypLlon and
muLual auLhenLlcaLlon of Lhe radlo-Lo-core llnk Lo secure Lhe llnk beLween Lhe en8 and Lhe MML, and recommend lsec ln unLrusLed
llnks.
1
lnlLlally moblle operaLors have been cauLlous ln Lhe adopLlon of lsec because of Lhe addlLlonal cosL, overhead (esLlmaLed Lo be
14 by nCMn
2
) and complexlLy lL enLalls, buL Lhere ls an emerglng consensus among operaLors LhaL lsec ls needed Lo secure
unLrusLed slLes and ls hlghly deslrable even ln LrusLed slLes. 1o daLe, severe securlLy breaches and neLwork dlsrupLlon have been
infrequent, but they carry high costs because they may encourage churn, shrink revenues and damage the operators brand
repuLaLlon.
As deflned by 3C, Lhe SeCW LermlnaLes Lhe lsec Lunnel aL Lhe moblle core edge, and hence provldes for Lhe encrypLlon and
decrypLlon of lsec Lrafflc, and for muLual auLhenLlcaLlon wlLh en8s ln Lhe 8An. 1he SeCW ls lnserLed aL Lhe edge of Lhe core neLwork
Lo secure Lhe S1-MML and S1-u Lrafflc from en8s, aggregaLe lL, and Lhen forward lL Lo Lhe MML and SCW (llgure 1), proLecLlng Lhe
neLwork from man-ln-Lhe-mlddle aLLacks. 1he SeCW can also carry Lhe conLrol-plane x2 lnLerface among en8s Lo coordlnaLe
Lransmlsslon ln Lhe 8An.
1he lsec Lunnel LhaL ls lnlLlaLed aL Lhe en8 can be LermlnaLed dlrecLly aL Lhe MML and SCW. 1hls approach, however, can resulL ln
hlgher cosLs and less efflclenL neLwork uLlllzaLlon, because lsec LermlnaLlon ls a compuLaLlonally lnLenslve funcLlon for whlch Lhe
MML and Lhe SCW are noL deslgned and opLlmlzed. WlLhouL a SeCW, lsec LermlnaLlon may overload Lhese elemenLs and, Lo
prevenL Lhls, operaLors have Lo lnvesL ln addlLlonal processlng capaclLy.

>#48)% CF 1"% <%I! ',7#$#,/ 3#$"#/ (/ 012 /%$3,)GF <,8).%H <%/=( >#5#

1. 3C 18 33.401, !"## %&'()* +,-./()-(0,) 12340(/35 6%+178 %)-0,/(& +,-./()-(0,), 2012. 1he declslon of wheLher Lhe radlo-Lo-core llnk ls LrusLed ls lefL Lo Lhe moblle
operaLor, because lL ls Lled Lo Lhe operators lnLernal crlLerla, whlch Lyplcally lnclude facLors such as conLrol over Lhe physlcal slLe where Lhe en8 ls locaLed and over Lhe
backhaul llnk (l.e., use of the operators own backhaul lnfrasLrucLure versus Lhlrd-parLy leased llnks), securlLy level aL Lhe cell slLe, sharlng of neLwork componenLs wlLh
oLher moblle or flxed neLworks, and regulaLory requlremenLs.
2. nCMn, %*944 :)44 ;9-<.904 =)>0/,)*)5(', 2012.
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E3E

>#48)% AF <,8).%7 (/+ #N'(.$ ,6 8/%O'%.$%+ +($( (/+ 7#4/(5#/4 $)(66#. ,K%)5,(+ ,/ /%$3,)G '%)6,)N(/.%F <,8).%H <%/=( >#5#
The SeGW was initially developed to provide the scalability and performance needed to meet operators radio-Lo-core securlLy
requlremenLs, buL lLs sLraLeglc poslLlon on Lhe border beLween Lhe 8An and Lhe core neLwork makes lL Lhe ldeal candldaLe Lo
aggregaLe Lrafflc dlrecLed Lo Lhe core and hence Lo provlde funcLlonallLy LhaL goes beyond enabllng efflclenL lsec encrypLlon and
muLual auLhenLlcaLlon. 1he edge of Lhe core ls an ldeal place Lo monlLor lncomlng Lrafflc from Lhe 8An and Lo ldenLlfy and manage
susplclous or unexpecLedly hlgh Lrafflc flows, ln boLh Lhe conLrol plane (slgnallng) and Lhe user plane (daLa Lrafflc), LhaL may dlsrupL
neLwork access and servlce avallablllLy. ln dolng so, Lhe SeCW reduces Lhe capaclLy requlremenLs on Lhe MML and SCW LhaL would
oLherwlse have Lo process all Lhe Lrafflc from Lhe 8An. 1he SeCW glves operaLors a valuable vanLage polnL from whlch Lo galn
vlslblllLy lnLo Lhe comblned conLrol and user plane Lrafflc, before lL geLs segregaLed ln Lhe MML and SCW, respecLlvely. ln addlLlon,
Lhe SeCW faclllLaLes lsec lmplemenLaLlon ln mulLl-vendor deploymenLs, because lL can provlde full lnLeroperablllLy across elemenLs
from dlfferenL vendors.
1he role of Lhe SeCW ln fllLerlng lncomlng Lrafflc ls noL llmlLed Lo Lhe ldenLlflcaLlon and managemenL of lnLenLlonal mallclous aLLacks,
lL lncludes many oLher Lypes of anomalous Lrafflc (llgure 2). Some occaslonal Lrafflc splkes are subscrlber-drlven, occurrlng, for
example, as a resulL of weaLher dlsrupLlon, hlghway accldenLs, or planned evenLs such as concerLs or games where many people
congregaLe. Whlle Lhls Lrafflc ls enLlrely leglLlmaLe, Lhe neLwork may noL have sufflclenL capaclLy Lo manage and LransporL lL, and
servlce avallablllLy may be parLlally or compleLely compromlsed as a resulL. Slgnallng Lrafflc overload can also be generaLed
unlnLenLlonally by erroneous conflguraLlon seLLlngs or oLher sofLware malfuncLlons ln Lhe uL appllcaLlons or CSs or ln oLher neLwork
elemenLs. 1hls Lype of Lrafflc ls noL mallclous, buL lL ls unexpecLed and can have Lhe same lmpacL as user-drlven Lrafflc splkes.
ln boLh cases user-plane Lrafflc overload and conLrol-plane Lrafflc overload a scalable SeCW can recognlze and manage unusually
hlgh Lrafflc levels and proLecL Lhe neLwork ln real Llme, before Lhe Lrafflc hlLs Lhe core neLwork ln Lhe MML or SCW, ln order Lo
conLaln or prevenL dlsrupLlon.
1he dlsrupLlon can be broughL on lnnocenLly by Lrafflc overload ln elLher slgnallng or daLa. Slgnallng overload may cause congesLlon ln
Lhe MML or oLher core elemenLs such as Lhe PSS, and lead Lo access or servlce denlal even lf Lhere ls sufflclenL capaclLy ln Lhe daLa
plane Lo saLlsfy access and servlce requesLs. ln Lhls slLuaLlon, slgnallng overload prevenLs efflclenL uLlllzaLlon of neLwork resources.
user-plane Lrafflc overload has a slmllar lmpacL on subscrlber experlence (l.e., dlsrupLlon of servlce), buL, unllke slgnallng overload, lL ls
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E4E
Lyplcally drlven by llmlLed avallablllLy of 8An resources l.e., Lhere are more users demandlng access Lhan Lhe neLwork has capaclLy
Lo supporL.
1he capablllLy of Lhe SeCW Lo deLecL and manage unexpecLed Lrafflc paLLerns mallclous or noL ls boLh necessary and
advanLageous. 8egardless of Lhe cause, unusually lnLense Lrafflc flows can severely compromlse neLwork and servlce avallablllLy. 1he
dlsrupLlon may be llmlLed Lo one or a few en8s or have a wlder lmpacL on Lhe neLwork. lL may affecL only a subseL of subscrlbers who
cannoL geL access or use some servlces, or lL may enLlrely shuL down parLs of Lhe neLwork.
DF 1he evoluLlon of securlLy and proLecLlon requlremenLs
1")%% '"(7%7 #/ 012 +%'5,9N%/$7
As moblle operaLors roll ouL Lhelr neLworks, Lhelr requlremenLs for performance, securlLy and Lrafflc load evolve (llgure 3). uurlng Lhe
lnlLlal launch sLage, Lhe focus ls on baslc funcLlonallLy and rellablllLy. As Lhe number of subscrlbers grows, scalablllLy becomes a Lop
prlorlLy. As neLwork uLlllzaLlon grows, lL keeps evolvlng Loo, wlLh moblle operaLors lnLroduclng advanced funcLlonallLy and supporL for
new servlces. Lach operaLor moves aL lLs own pace across Lhe sLages, and may see some overlap across sLages, buL Lhe Lrend Loward
more sLrlngenL requlremenLs has Lo be kepL ln mlnd from Lhe sLarL, when seLLlng Lhe course for neLwork deploymenL.


>#48)% DF *(+#,-$,-.,)% '),$%.$#,/ +8)#/4 $")%% '"(7%7 #/ 012 +%'5,9N%/$7F <,8).%H <%/=( >#5#
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E5E
DFCF 8alanclng securlLy and performance
;"(7% CH 1"% #/#$#(5 7$(4% ,6 012 +%'5,9N%/$
uurlng Lhe lnlLlal sLage of L1L deplyomenLs, operaLors lnlLlally requlre only baslc securlLy lsec wlLh encrypLlon and muLual
auLhenLlcaLlon buL Lhe declslons Lhey make have a long-lasLlng lmpacL along several dlmenslons:
!"%)% (/+ ",3 7",85+ $"% ,'%)($,) +%'5,9 P;7%.Q
1he flrsL declslon for moblle operaLors ls Lo choose wheLher Lo deploy lsec across all Lhelr slLes, or only ln unLrusLed slLes. An
lncreaslng number of operaLors are chooslng Lo deploy lsec across boLh LrusLed and unLrusLed slLes as Lhey recognlze LhaL even
LrusLed slLes can become LargeLs of securlLy LhreaLs. A declslon Lo lnLegraLe lsec ln LrusLed slLes aL a laLer sLage may lncrease
deploymenL cosLs and complexlLy.
<",85+ <%I!7 R% +%'5,9%+ #/ ( +#7$)#R8$%+ ()."#$%.$8)% ,) ( .%/$)(5#=%+ ,/%Q
1he cholce beLween a dlsLrlbuLed (SeCW closer Lo Lhe en8) or cenLrallzed (SeCW closer Lo Lhe core) archlLecLure ls Lled Lo
mulLlple facLors, whlch lnclude Lhe overall neLwork archlLecLure sLraLegy, Lhe servlces lL supporLs, Lhe backhaul lnfrasLrucLure,
and Lhe dlsLrlbuLlon of subscrlbers wlLhln Lhe fooLprlnL. lor lnsLance, an operaLor LhaL chooses an approach wlLh MML and SCW
dlsLrlbuLed across Lhe fooLprlnL, Lo mlnlmlze laLency ln order Lo supporL servlces such as voL1L, wlll have Lo deploy SeCW closer
Lo Lhe en8. AlLernaLlvely, an operaLor may have a cenLrallzed LC buL choose Lo have a dlsLrlbuLed SeCW archlLecLure
LhroughouL Lhe fooLprlnL, or ln some areas. A dlsLrlbuLed SeCW archlLecLure provldes more flexlblllLy and lower laLency for Lhe
en8Loen8 x2 lnLerface. A cenLrallzed archlLecLure requlres fewer buL hlgher-capaclLy SeCWs, and more redundancy opLlons.
!"($ ()% $"% .('(.#$9 (/+ '%)6,)N(/.% (778N'$#,/7 $"($ /%%+ $, N(+% 3"%/ 7%5%.$#/4 $"% <%I!Q
A scalable soluLlon ls requlred Lo accommodaLe Lhe growlng Lrafflc load orlglnaLlng from wlder neLwork coverage, a growlng
number of subscrlbers wlLh L1L devlces, and hlgher per-subscrlber Lrafflc usage. Powever, operaLors have Lo dlmenslon Lhelr
lnlLlal deploymenL on Lhe basls of Lrafflc growLh LhaL ls lnherenLly dlfflculL Lo predlcL. 1he Lrend Loward susLalned and sLeep Lrafflc
growLh conLlnues unabaLed, buL Lhe fuLure pace and volume are noL known. CperaLors sLlll need, Lhough, Lo flnd a good lnlLlal
balance Lo avold overcommlLmenL or lnsufflclenL capaclLy.
ConcurrenLly, hlgh Lrafflc loads ralse performance requlremenLs even furLher. A low packeL-processlng raLe ln encrypLlng and
decrypLlng daLa can Lurn Lhe SeCW lnLo a boLLleneck, unable Lo process conLrol-plane and user-plane Lrafflc, or Lo do so aL Lhe
requlred laLency, and more vulnerable Lo denlal of servlce aLLacks. 1he dlsrupLlon from overloaded SeCWs evenLually spreads
from Lhe core Lo Lhe 8An, whlch ln Lurn becomes unable Lo address servlces requesLs and hence Lo use Lhe avallable capaclLy,
leadlng Lo lnefflclencles ln Lhe use of preclous and llmlLed radlo resources. A hlgh packeL-per-second processlng raLe ln Lhe SeCW
can reduce overall neLwork capex and opex because lL ls conduclve Lo a hlgher 8An uLlllzaLlon. 1he lnLroducLlon of a SeCW may
also reduce Lhe capaclLy requlremenLs on Lhe MML and SCW, leadlng Lo capex and opex savlngs ln Lhe core neLwork.
!"($ ()% $"% #/$%),'%)(R#5#$9 )%S8#)%N%/$7 $, %/78)% 7N,,$" #/$%4)($#,/ (.),77 K%/+,)7Q
1he SeCW has Lo be smooLhly lnLegraLed wlLhln Lhe exlsLlng lnfrasLrucLure on boLh Lhe 8An and Lhe core sldes, and lL musL be
lnLeroperable wlLh equlpmenL from Lhe vendors LhaL Lhe operaLor has selecLed. lnLeroperablllLy requlremenLs on Lhe en8 slde
are sLrlcLer, because Lhe en8 lnlLlaLes Lhe lsec channel LhaL Lhe SeCW LermlnaLes. AlLhough Lhe lnLerfaces are based on
sLandards, vendor-speclflc lmplemenLaLlons are ofLen noL fully lnLeroperable wlLh each oLher. As operaLors look Lo mulLl-vendor
8Ans and shared-lnfrasLrucLure parLnershlps, lnLeroperablllLy acqulres more promlnence as Lhe basls for a rellable user
experlence and lower cosLs. SeCW lnLeroperablllLy has Lo be esLabllshed wlLh all Lhe vendors lnvolved on boLh Lhe 8An and
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E6E
core sldes. AlLhough esLabllshlng lnLeroperablllLy may lnlLlally be Llme-consumlng for boLh vendors and operaLors, ln Lhe long
Lerm lL lowers Lhe rlsk of vendor lock-ln and glves operaLors more freedom ln chooslng Lhelr 8An vendors.
1he lnlLlal sLage ln deploylng a moblle neLwork ls hecLlc. CperaLors have Lo balance mulLlple performance requlremenLs and deadllnes
agalnsL fundlng avallablllLy. 8uL chooslng scalable and fuLure-proof soluLlons aL Lhls sLage, whlle avoldlng over-englneerlng, ls cruclal
Lo a smooLh long-Lerm expanslon of Lhe neLwork wlLhouL expenslve and dlsrupLlve upgrades.
DFAF 1aklng L1L malnsLream
;"(7% AH 1)(66#. 4),3$" (/+ /%$3,)G %O'(/7#,/
As subscrlbers move Lo L1L smarLphones and dlscover LhaL wlLh fasLer neLworks Lhey can do more, noL only ls Lhe number of
subscrlbers on L1L neLworks growlng, buL so ls Lhe Lrafflc per subscrlber. 1he growLh ln neLwork Lrafflc load ls dlfflculL Lo predlcL as
usage paLLerns, charglng models, and devlce mlxes conLlnue Lo evolve. CperaLors need flexlblllLy Lo adapL Lo rapldly changlng capaclLy
requlremenLs. 1he flrsL operaLors Lo launch L1L neLworks, havlng now enLered Lhe second phase, face Lhe challenges of managlng and
proLecLlng Lrafflc ln an envlronmenL of acceleraLed expanslon of coverage and capaclLy requlremenLs.
ln !anuary 2013, verlzon reporLed LhaL L1L now accounLs for 30 of Lrafflc ln lLs neLwork and 23 of subscrlbers suggesLlng LhaL L1L
subscrlbers are much heavler daLa users Lhan Lhelr 3C counLerparLs. AL Lhe same Llme, coverage has gone up Lo lnclude 89 of Lhe
neLwork fooLprlnL. ln !apan, n11 uOCOMOs LTE network covers 75% of Lhe populaLlon wlLh 23,000 base sLaLlons and serves 10 of
subscrlbers. More Lhan 20 of lLs subscrlbers use more Lhan 3C8 per monLh each, Lwlce as many subscrlbers as a year ago.
1he challenges ln managlng Lhe lncreased Lrafflc load are lnLenslfled by Lhe Lrend of Lhe pasL few years Loward more complex and
unpredlcLable Lrafflc flows, whlch are due Lo Lhe convergence of mulLlple facLors:
LcosysLem fragmenLaLlon lncreases Lhe llkellhood of abnormal and unexpecLed Lrafflc overload LhaL may be caused by
appllcaLlon or sofLware updaLes, or by malware lnLroduced by appllcaLlons (especlally lf noL downloaded from LrusLed sLores LhaL
check appllcaLlon lnLegrlLy).
Peavler use of real-Llme appllcaLlons such as vldeo and audlo sLreamlng, gamlng, and volce creaLes more sLrlngenL requlremenLs
for laLency and CoS-based access.
A hlgher number of appllcaLlons per devlce drlves up Lhe background slgnallng acLlvlLy due Lo frequenL updaLe requesLs from
appllcaLlons especlally Lhose for chaLLy apps such as soclal neLworklng and communlcaLlons, whlch requlre frequenL checks
for updaLes.
Moblle neLworks have become more aLLracLlve LargeLs for hackers and hackLlvlsLs. Mallclous aLLacks are on Lhe rlse, and Lhelr
growLh ls llkely Lo acceleraLe. Whlle mosL of Lhe aLLacks now use uLs as Lhe enLry polnL, oLher vulnerable elemenLs ln moblle
neLworks are llkely Lo be more wldely LargeLed ln Lhe fuLure.
1he lncrease ln Lrafflc affecLs boLh Lhe conLrol plane and Lhe user plane, wlLh Lhe expecLaLlon LhaL growLh ln Lhe conLrol plane wlll
exceed LhaL ln Lhe user plane by 30 Lo 30, accordlng Lo 4C Amerlcas
3
. ln Canada, 1elus reporLs an lncrease ln slgnallng Lrafflc of
2,700 durlng a perlod ln whlch daLa Lrafflc doubled
4
.

3. 4C Amerlcas, ?)@ A/,)4)'' ;,39BC95B +DD4/-9(/35' 95B E)2/-)'8 F5B),'(95B/5G (.) H*D9-( 35 ?)(@3,<'I 2012.
4. hLLp://www.carLL.ca/news/13804/Cable-1elecom/lLLL-1rafflc-Lsunaml-causlng-congesLlon-ln-wlreless-neLs-says-1elus-SpadoLLo.hLml
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E7E
Whlle L1L has a more efflclenL conLrol plane Lhan 3C, generaLlng a lower slgnallng load for Lhe same user-plane load, Lhe neLwork-
wlde volume of slgnallng Lrafflc wlll conLlnue Lo lncrease due Lo lncreased use per moblle devlce, as subscrlbers rely on Lhem for a
larger number of servlces and appllcaLlons whlch Lhey use more frequenLly. lrequenL connecLlon requesLs and Lransmlsslon ln smaller
packeL slzes resulL from chaLLy apps, voL1L, adverLlsemenLs, and, generally, a hlgher number of appllcaLlons lnsLalled ln moblle
devlces.
CrowLh ln user daLa and slgnallng Lrafflc, and wlder coverage, creaLe Lhe need Lo expand Lhe capaclLy of Lhe radlo-Lo-core llnk and of
lLs LermlnaLlng polnL ln Lhe SeCW. ln boLh cases, lL ls cruclal LhaL Lhe soluLlon adopLed durlng Lhe lnlLlal phase scale smooLhly Lo meeL
Lhe new requlremenLs, reLalnlng Lhe same performance level and havlng a comparable lmpacL on capex and opex.
1he growLh and expanslon sLage ln L1L enLalls a dlfflculL balanclng acL for moblle operaLors caughL beLween Lhe need Lo lmprove
performance and capaclLy, on Lhe one hand, and adherlng Lo hlgh securlLy and rellablllLy sLandards, on Lhe oLher all ln an
envlronmenL where subscrlbers are eager Lo lncrease Lhelr use of Lhelr moblle plans, buL reslsL paylng more for Lhem. As a resulL,
moblle operaLors need a flexlble and lncremenLal expanslon process LhaL enables Lhem Lo gradually expand Lhe SeCW capaclLy ln llne
wlLh Lhe Lrafflc growLh, and Lo avold expenslve soluLlon upgrades or Lhe lnLegraLlon of new ones.
DFDF new requlremenLs, new funcLlonallLy
;"(7% DH 012 %K,58$#,/
As daLa Lrafflc and subscrlbers move Lo L1L, operaLors need Lo do more Lhan lncrease Lhelr capaclLy. 1hey have Lo conLlnue Lo
lnnovaLe and expand Lhe funcLlonallLy and servlces offered. Change wlll affecL dlfferenL areas and lmpacL neLwork proLecLlon ln
mulLlple ways.
ln Lhe 8An, Lhe wlder use of small cells, femLo cells and Wl-ll Lo offload Lrafflc from overloaded macro cells lnLroduces a much more
complex neLwork Lopology, wlLh overlapplng layers, hlgher levels of lnLerference, and a hlgher denslLy of elemenLs. MoblllLy
managemenL, lnLerference mlLlgaLlon, and Lrafflc coordlnaLlon among 8An layers lncrease Lhe Lrafflc requlremenLs especlally on Lhe
slgnallng slde. 1he lnLroducLlon of Lrafflc managemenL Lechnlques such as CCM and elClC requlre a low laLency on Lhe x2 lnLerface
and Lhe backhaul. 1he wldenlng adopLlon of small cells and femLo cells lncreases Lhe vulnerablllLy of moblle neLworks Lo mallclous
aLLacks by addlng a large number of 8An elemenLs wlLh largely unproLecLed physlcal access, drlvlng Lhe need for Lhe robusL muLual
auLhenLlcaLlon LhaL lsec provldes.
lrom a devlce perspecLlve, M2M devlces, many of whlch may be unaLLended and noL LlghLly monlLored, presenL an enLlrely new seL
of securlLy challenges LhaL have noL yeL been fully explored or LesLed. MosL M2M devlces operaLe wlLhouL physlcal human
supervlslon and can be easlly locaLed, especlally lf Lhey are noL moblle. 1hls makes Lhem more vulnerable Lo physlcal mallclous access
and hence to attacks targeting the mobile network or the networks of the operators customers. Whlle ln mosL cases M2M devlces
wlll generaLe low Lrafflc volumes, Lhe need for frequenL reporLs or sLaLus checks ls llkely Lo dlsproporLlonaLely lncrease Lhe slgnallng
load over Lhe user-daLa load, lncreaslng Lhe capaclLy requlremenLs ln Lhe conLrol plane.
1he lnLroducLlon of voL1L, 8CS, gamlng and vldeo servlces creaLes LlghLer laLency requlremenLs across Lhe neLwork, and lL ls cruclal
LhaL Lhe radlo-Lo-core llnk noL become a laLency boLLleneck. 1he processlng raLe and capaclLy aL Lhe SeCW have Lo be sufflclenLly hlgh
Lo keep laLency low. ln addlLlon, Lrafflc prlorlLlzaLlon, Lrafflc shaplng and load balanclng ln Lhe SeCW may also enable operaLors Lo
preserve Lhe CoL for appllcaLlons wlLh low laLency requlremenLs.
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E8E
lurLhermore, real-Llme appllcaLlons such as voL1L or vldeo sLreamlng lmpose a parLlcular challenge because Lhey use small packeLs
and hence more processlng has Lo be done aL Lhe SeCW Lo LransporL Lhe same volume of user-plane Lrafflc. LffecLlvely, Lhese
appllcaLlons lncrease Lhe capaclLy load on Lhe SeCW, and fasL packeL processlng for encrypLlon and decrypLlon ls essenLlal Lo mlnlmlze
Lhe adverse lmpacL of small-packeL Lrafflc on overall neLwork uLlllzaLlon and performance.
llnally, Lhe wlder adopLlon of shared 8An and backhaul lnfrasLrucLure among operaLors, and of Lhlrd-parLy backhaul soluLlons LhaL
accompany Lhe lncreased peneLraLlon of small cells and femLo cells, ralses Lhe percenLage of unLrusLed slLes ln whlch Lhe lsec
proLecLlon ls a de facLo requlremenL. 1haL wlll puL addlLlonal pressure on moblle operaLors Lo selecL lsec and SeCW soluLlons LhaL
scale smooLhly.
8Ans wlLh a hlgher denslLy and varleLy of elemenLs creaLe a much more demandlng lnLeroperablllLy envlronmenL, ln whlch Lhe SeCW
has Lo lnLeroperaLe wlLh an expandlng array of equlpmenL soluLlons and vendors. ln Lhe case of lnfrasLrucLure sharlng, 8An
equlpmenL ls selecLed and operaLed by dlfferenL enLlLles over whlch Lhe moblle operaLor has no conLrol. 1he capablllLy of Lhe SeCW
Lo adapL Lo Lhese lnherenLly complex 8An Lopologles ls vlLal for operaLors LhaL rely on lnfrasLrucLure sharlng arrangemenLs Lo conLaln
cosLs and opLlmlze neLwork uLlllzaLlon.
1o ensure rellable performance, operaLors need Lo see more deeply lnLo how Lhe neLwork manages Lrafflc so Lhey can correcL
problems ln real Llme as Lhey arlse. 1racklng key performance meLrlcs aL Lhe S1 and x2 lnLerfaces e.g., handoffs and aLLach
compleLlon Llme, and dropped packeLs ensures rellable performance for real-Llme appllcaLlons such as voL1L, and efflclenL moblllLy
managemenL ln Lhe 8An.
A fuLure-proof radlo-Lo-core SeCW has Lo scale Lo lnclude supporL for a wlder range and hlgher denslLy of 8An elemenLs and moblle
devlces, as well as cope wlLh a hlgher percenLage of unLrusLed slLes, emerglng securlLy LhreaLs, and an lncreaslngly demandlng and
dlverse Lrafflc mlx. As operaLors move Lo Lhe Lhlrd phase, Lhe SeCW conLlnues Lo perform lLs baslc Lask ln proLecLlng Lhe radlo-Lo-core
llnk, buL lL also has Lo provlde Lhe processlng power, laLency, and Lrafflc opLlmlzaLlon needed Lo supporL new servlces, as well as Lhe
scalablllLy and lnLeroperablllLy requlred Lo operaLe ln more complex envlronmenLs.
TF Concluslons
;),$%.$#/4 012 /%$3,)G7 +8)#/4 4),3$" (/+ %K,58$#,/
SecurlLy and, more generally, neLwork proLecLlon from unexpecLed hlgh-Lrafflc evenLs has galned a hlgher prlorlLy sLaLus ln L1L as
moblle neLworks become easler and more aLLracLlve LargeLs for mallclous aLLacks, and more vulnerable Lo slgnallng and daLa Lrafflc
overload LhaL can dlsrupL or compleLely block neLwork access. WlLhln Lhe conLexL of L1L securlLy, Lhe radlo-Lo-core llnk has Lo be
proLecLed Lo ensure end-Lo-end neLwork securlLy. lsec has emerged as Lhe de facLo sLandard Lo secure Lhe radlo-Lo-core llnk. 1he
SeCW ls a cruclal enabler Lo provlde Lhe scalablllLy, processlng and aggregaLlon capablllLles, Lhe performance, and Lhe funcLlonallLy Lo
supporL lsec.
lsec wlLh Lhe supporL of a SeCW aL Lhe moblle core edge ls Lhe soluLlon LhaL 3C sLrongly recommends and LhaL operaLors
worldwlde have sLarLed Lo deploy ln mosL of Lhelr new L1L neLworks. 8uL Lhey face mulLlple cholces on how Lo deploy lsec and
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
@ ABCD Senza Fili Consulting www.senzafiliconsulting.com E9E
SeCWs ln Lerms of Lopology, performance, cosL and funcLlonallLy as Lhey move Lhrough Lhe Lhree phases launch, growLh, advanced
servlces from Lhelr lnlLlal L1L launches Lo more maLure and heavlly used neLworks.
AL launch, whaL maLLers mosL Lo operaLors ls Lhe baslc funcLlonallLy of Lhe SeCW ln LermlnaLlng Lhe lsec Lunnel and provldlng muLual
auLhenLlcaLlon wlLh Lhe en8. As Lrafflc grows and new servlces are lnLroduced, Lhe funcLlonallLy of Lhe SeCW ls slaLed Lo evolve and
expand. 1he poslLlon of Lhe SeCW beLween Lhe 8An and Lhe LC ls ldeal Lo supporL funcLlons LhaL go beyond proLecLlon from
mallclous aLLacks, Lo lnclude managemenL of conLrol-plane and user-plane Lrafflc overload, coordlnaLlon of 8An moblllLy, and Lrafflc
flow opLlmlzaLlon.
A scalable soluLlon LhaL allows moblle operaLors Lo smooLhly evolve Lo meeL Lhelr anLlclpaLed and unanLlclpaLed radlo-Lo-core
requlremenLs ls cruclal Lo malnLalnlng performance and cosL and keeplng Lhe rlsks (and cosLs) of dlsrupLlon Lo a mlnlmum, wlLhouL
compromlslng Lhe safeLy and lnLegrlLy of Lhelr neLworks.
UF Clossary
2C Second generaLlon
3C 1hlrd generaLlon
3C 1hlrd CeneraLlon arLnershlp ro[ecL
CCM CoordlnaLed mulLlpolnL
elClC Lnhanced lnLer-cell lnLerference
coordlnaLlon
en8 enode8
LC Lvolved packeL core
Cx lnLerface beLween Lhe C8l and Lhe CW
Cy lnLerface beLween Lhe CW and Lhe CCS
PSS Pome subscrlber server
l lnLerneL proLocol
lsec l securlLy
L1L Long Lerm evoluLlon
L1L-uu lnLerface beLween Lhe uL and Lhe en8
M2M Machlne Lo machlne
MML MoblllLy managemenL enLlLy
MnC Moblle neLwork operaLor
MvnC Moblle vlrLual neLwork operaLor
nCMn nexL CeneraLlon Moblle neLworks [Alllance]
CCS Cnllne charglng sysLem
CS CperaLlng sysLem
C8l ollcy and charglng rules funcLlon
CW ackeL gaLeway
CoL CuallLy of experlence
CoS CuallLy of servlce
8An 8adlo access neLwork
8CS 8lch communlcaLlon servlces
S1 L1L lnLerface beLween an en8, and an MML
(S1-MML, conLrol plane) or an SCW (S1-u,
user plane)
S11 lnLerface beLween Lhe MML and Lhe SCW
S3/8 lnLerface beLween Lhe SCW and Lhe CW
S6a lnLerface beLween Lhe MML and Lhe PSS
SeCW SecurlLy gaLeway
SCl L1L lnLerface beLween Lhe CW and Lhe
lnLerneL
SCW Servlng gaLeway
Sp lnLerface beLween Lhe PSS and C8l
uL user equlpmenL
voL1L volce over L1L
x2 L1L lnLerface beLween Lwo en8s, lncludlng
x2-C (conLrol plane) and x2-u (user plane)
!"#$% '('%) 8adlo-Lo-core proLecLlon ln L1L
2013 Senza Fili Consulting, LLC. All rights reserved. This white paper was prepared on behalf of Stoke Inc. The views and statements
expressed in this document are those of Senza Fili Consulting LLC, and they should not be inferred to reflect the position of Stoke Inc. The
document can be distributed only in its integral form and acknowledging the source. No selection of this material may be copied, photocopied,
or duplicated in any form or by any means, or redistributed without express written permission from Senza Fili Consulting. While the document
is based upon information that we consider accurate and reliable, Senza Fili Consulting makes no warranty, express or implied, as to the
accuracy of the information in this document. Senza Fili Consulting assumes no liability for any damage or loss arising from reliance on this
information. Trademarks mentioned in this document are property of their respective owners. Cover page photo by Gui Jun Peng/Shutterstock.
AbouL SLoke
SLoke provldes markeL-proven moblle gaLeway soluLlons Lo Lhe broadband neLwork lndusLry. SLoke
producLs have been chosen by 1ler 1 moblle neLwork operaLors for Lechnlcal excellence and hlgh quallLy
manufacLurlng and parLners wlLh leadlng lndusLry equlpmenL provlders and sysLems lnLegraLors Lo
provlde key elemenLs of Lhelr soluLlons. SLoke ls Lhe lndusLry leader ln deployed L1L securlLy gaLeways
and offers exLenslve commerclal experlence developlng, deploylng and malnLalnlng L1L securlLy gaLeway
equlpmenL ln a Lop Ller L1L neLwork. SLoke producLs and soluLlons, based on Lhe lnnovaLlve SSx plaLform,
provlde a sLrong buslness value Lo neLwork operaLors. lor more lnformaLlon, vlslL www.sLoke.com.
AbouL Senza llll
Senza llll provldes advlsory supporL on wlreless daLa Lechnologles and servlces. AL Senza llll we have ln-
depLh experLlse ln flnanclal modellng, markeL forecasLs and research, whlLe paper preparaLlon, buslness
plan supporL, 8l preparaLlon and managemenL, due dlllgence, and Lralnlng. Cur cllenL base ls
lnLernaLlonal and spans Lhe enLlre value chaln: cllenLs lnclude wlrellne, flxed wlreless and moblle
operaLors, enLerprlses and oLher verLlcal players, vendors, sysLem lnLegraLors, lnvesLors, regulaLors, and
lndusLry assoclaLlons.
We provlde a brldge beLween Lechnologles and servlces, helplng our cllenLs assess esLabllshed and
emerglng Lechnologles, leverage Lhese Lechnologles Lo supporL new or exlsLlng servlces, and bulld solld,
proflLable buslness models. lndependenL advlce, a sLrong quanLlLaLlve orlenLaLlon, and an lnLernaLlonal
perspecLlve are Lhe hallmarks of our work. lor addlLlonal lnformaLlon, vlslL www.senzaflllconsulLlng.com
or conLacL us aL lnfo[senzaflllconsulLlng.com or +1 423 637 4991.
AbouL Lhe auLhor
Monlca aollnl ls Lhe founder and presldenL of Senza llll. Monlca wrlLes exLenslvely on Lhe Lrends,
Lechnologlcal lnnovaLlon, and flnanclal drlvers ln Lhe wlreless lndusLry ln reporLs, whlLe papers, blogs, and
arLlcles. AL Senza llll, she asslsLs vendors ln galnlng a beLLer undersLandlng of Lhe servlce provlder and
end user markeLs. She works alongslde servlce provlders ln developlng wlreless daLa sLraLegles, and ln
assesslng Lhe demand for wlreless servlces. lndependenL advlce, a sLrong quanLlLaLlve approach, and an
lnLernaLlonal perspecLlve are Lhe hallmarks of her work.
Monlca has a hu ln CognlLlve Sclence from Lhe unlverslLy of Callfornla, San ulego, an M8A from Lhe
unlverslLy of Cxford, and a 8A/MA ln hllosophy from Lhe unlverslLy of 8ologna (lLaly). She can be
conLacLed aL monlca.paollnl[senzaflllconsulLlng.com.
!"#$%
&'#!()*+#,