IPsec Implementation in WCDMA RAN

This section describes the main process steps for the feature flow.

IPsec is implemented as a host-to-gateway IPsec solution where the RBS contains an

integrated IPsec function. The RBS can be configured to use either two separate security
gateways or a shared security gateway for traffic (Iub interface) and O&M traffic. If the
failover solution is used, a secondary backup tunnel to a different security gateway can
be configured for each primary IPsec tunnel. The tunnel internal addresses are used to
terminate all IPsec protected traffic such as Iub control plane and user plane, O&M, and
SoIP (if IPsec-protected).

The following figure illustrates the use of IPsec in a WCDMA network in a deployment
with separate security gateways for O&M and Iub. The RBSs are logically part of a virtual
private network belonging to the mobile operator. The nodes are however connected to
an external IP transport network that could be owned and managed by another operator.

Figure 3 Deployment View of IPsec in a WCDMA RAN

IPsec supports two types of configurations, Configuration B and Configuration C. In

Configuration B, one RBS node has one outer IP address shared by Iub and O&M tunnels.
In Configuration C, one RBS node has two outer IP addresses respectively for Iub and
O&M tunnels.