Our edge


Architectural flexibility

The Net-Net SG supports two architectures for securing voice and data services using IPsec tunnels  over untrusted access networks:

  • Legacy signaling for femtocells (Iuh & CDMA ANSI-41) & dual mode handsets (UMA)
  • SIP/IMS signaling for femtocells & dual mode handsets


Standards-based

The Net-Net SG is based on industry standards and fulfills the following functional elements defined by 3GPP and 3GPP2:

  • I-WLAN Tunnel Terminating Gateway (TTG) – 3GPP release 7
  • Home NodeB (HNB) Security Gateway – 3GPP release 8
  • Femtocell Security Gateway – 3GPP2
  • Evolved Packet Data Gateway (ePDG) – 3GPP release 8
  • UMA/GAN Security Gateway (SeGW) – 3GPP release 6






Industry-leading IPsec tunnel system capacity and density

Two hardware platforms scale up to 200,000 tunnels per system. In high availability system configurations, the Net-Net SG supports up to 100,000 tunnels per rack unit and 4.8 million tunnels per 7-foot telco rack, minimizing capital and operating expenses.

High-performance IPsec processing architecture

Two levels of hardware acceleration enable extremely fast IPsec tunnel set-up and wire speed IPsec traffic encryption/decryption without impacting traffic forwarding performance.  The Net-Net SG also supports the required diversity of authentication and encryption methods.

Integrated hardware- and software-based DoS/DDoS protection

Dynamic self-protection defends the Net-Net SG against layer 3 and 4 and IPsec-related attacks and overloads assuring network uptime and service availability. The DoS/DDoS protection is based on the same proven architecture of Acme Packet’s Net-Net session border controllers.

Service reach maximization

The Net-Net SG provides multiple IP address management options along with NAT traversal features to deliver voice and data services to the broadest range of mobile subscribers.

Overload protection

The Net-Net SG uses upstream and downstream policers to protect the availability of dual mode handsets, femtocell access points and the core network, ensuring service quality and SLA compliance. The over load protection features can also prioritize voice and signaling traffic over Internet and data traffic.

Integrated, industry-leading SBC functionality

Acme Packet’s industry-leading SBC functionality can be integrated with the Net-Net SG for SIP-based architectures, speeding time to service via proven interoperability while minimizing capital and operating expenses. Acme Packet Net-Net Session Director supplies unparalleled control for real-time interactive  SIP-based voice, video and multimedia sessions in five areas—security, service reach maximization, SLA assurance, revenue and cost optimization, and regulatory compliance.

Virtualized MSG and SBC functions

The Net-Net SG supports multiple, separate logical applications and architectures within a single physical system minimizing capital and operating expense. Virtualization enables service providers to use a single system to support multiple services—I-WLAN and UMA, residential and enterprise, retail and wholesale, or multiple mobile virtual network operator (MVNO) customers. Integrated session border controller functions are another virtualized instance on the same physical hardware, allowing the MSG and SBC to scale performance or capacity independently.

Carrier-class high availability (HA)

Using the same proven HA scheme for SBC configurations, the Net-Net SG provides check-pointing of Internet Key Exchange (IKE) security association (SA) state, as well as the maintenance of tunnel and configuration state to ensure transparent, “hitless” failover for uninterrupted service.

Management

The Net-Net SG can be managed by Net-Net Central, CLI, telnet, FTP, XML, RADIUS, SNMP and syslog. It supports numerous alarms for monitoring and troubleshooting.