Diameter Security & Roaming
Diameter Security & Roaming Use Cases
The connectivity between networks in 4G is much more complex than in legacy networks. This is not a voice-roaming-only environment like in the past, but a data-centric environment. Data roaming needs to confront a hybrid legacy/4G environment with complex policy, charging and service schemes with 10x more signaling compared to legacy voice roaming related signaling.
What if…
You want to connect your network to roaming partners or other interconnect parties like MVNOs. How do you make sure your network integrity and security is guaranteed, and at the same time ensure that roaming customers and MVNO traffic receive quality-of-service while passing through your network?
The Problem:
With more and more operators receiving MVNO demands to interconnect networks via Diameter, the need to offer roaming in LTE is essential. In specific cases there is a need to have Diameter based interconnect to MVNOs. This new usage exposes the fully controlled network to the outside world.
Measures have to be taken to securely allow partners to use your network in a controlled way without revealing confidential information and jeopardizing your own customers.
See our Diameter Routing Agent (DRA) brochure or get our new whitepaper (top right).
Roaming & Security with Traffix SDC Diameter Router
The first interfaces where Diameter based interfaces will be exposed are the S6a and S6d between MME, SGSN and HSS on the other side. Later other interfaces like S9 between the home PCRF and the visited PCRF are expected to be used as well. Potentially more interfaces might be included over time.
For the MVNO area the first interfaces where Diameter based interconnects typically are requested is between the hosting operators GGSNs and the MVNO/MVNE billing systems (either online, OCS, or offline, OFCS charging systems)
Traffix SDC Diameter Router is 100% complaint with 3GPP Diameter Routing Agent (DRA) requirements, GSMA IR.88 requirements and much more.
Traffix’s DRA solves relevant Diameter routing & security issues in three ways:
- It supports the advanced routing functionalities for the S6a, S6d and S9 interfaces as per GSMA IR.88
- It supports IPsec and TLS security and interworking to/from links using no IPsec or TLS
- It supports full topology hiding, not only of the most visible network node address but also inside any AVP that contains sensitive information. This is supported for at least S6a, S6d and S9
- It supports advanced ACL, Access Control Lists, to manage signaling and how much is allowed between various nodes for the various applications.
- It supports mechanisms to prevent flooding, such as a mechanism to prevent a Denial of Service attack
See our Diameter Routing Agent (DRA) brochure or get our new whitepaper (right).
Simplifying the Control Plane with Traffix SDC Diameter Router
- Designed from the ground up for Diameter routing
- Compliant with IETF Diameter RFP’s, 3GPP DRA and GSMA DEA & IR.88 specifications
- Native Diameter entity to support contextual routing based on any combination of Diameter messages, AVPs or content
- Routing resilience to cope with Diameter server and client failover
- Dynamic service monitoring technology to bypass bottlenecks and enhance performance
- Traffix WideLens™ unique technology for visibility and monitoring
- Supports over 50 Diameter interfaces (3GPP Releases: 7,8,9,10,11, TISPAN, Packetcable) including non-standard attribute value pairs from leading industry vendors
