Overview of softswitch security policies

ZTE provides comprehensive and three-dimensional Disaster Tolerance Technology in multiple layers and modes for mobile Softswitch technology, and strives to build a secure, stable, and reliable mobile network for operators.
At present, more and more mainstream operators have begun to fully introduce mobile Softswitch technology. This technology architecture based on control and bearer separation can achieve the "large capacity, few bureaus" construction model, more and more carriers are paying attention to the security issues of mobile Softswitch technology. ZTE provides comprehensive and three-dimensional Disaster Tolerance Technology in multiple layers and modes for mobile Softswitch technology, and strives to build a secure, stable, and reliable mobile network for operators.

Softswitch Network Structure

R4 introduces the bearer control separation technology in the CS domain. MSC is divided into two network elements, MSCSer-ver and MGW. Among them, MSCServer is responsible for the control function of MSC and MGW is responsible for the bearer control function, server and MGW communicate with each other through the Mc interface (H.248 protocol and its extension.

Because the MSCServer only processes the related transactions on the control plane, the interfaces connected to the MSCServer are both signaling interfaces and the signaling traffic is relatively small. The capacity of the MSCServer is greatly improved compared with that of the traditional MSC, therefore, the reliability of the MSCServer is very important. In addition to improving the reliability of the MSCServer from the perspective of a single system, it is also required that a complete disaster tolerance solution be available during networking to ensure the security and reliability of the network.

ZTE proposes a comprehensive and three-dimensional Disaster Tolerance solution for the MSCServer and MGW network elements under mobile Softswitch control, multiple disaster recovery solutions are available, including MSCServer1 + 1 Master/Slave, 1 + 1 mutual backup, N + 1 mutual backup, A/Iu-FLEX, and MGW load balancing. The following describes these disaster recovery technologies in detail.

MSCSERVER Disaster Tolerance Solution

Server1 + 1 backup mode

The Server1 + 1 backup mode is a dual-attribution backup and disaster tolerance mode. MGW can belong to both servers at the same time. There are two implementation methods: 1 + 1 master/backup, 1 + 1 mutual assistance.

Master-slave mode features: For two MSCSer-vers, one master node and one slave node are not working normally. The investment cost is relatively high. The configurations of the master and backup MSCserver are identical, and network maintenance and management are relatively simple. When the master node fails, the slave node can take over its load, and the switching time is short, usually 1 ~ 2 minutes; During the switching period, the user cannot provide services, and all activated services are interrupted. After the switching is completed, the user's services are not interrupted.

Mutual standby mode (mutual standby mode) features: Normally, both mscservers work, each of which has the primary and standby parts. When one MSCserver fails, the other MSCServer can take over the services of the faulty MSC.

There are some differences between the Mutual Assistance mode and the master-slave mode. The analysis is as follows:

1) in the same configuration, under normal conditions, only one MSCSERVER is in the active state. In the active/standby mode, two mscservers are in the active state, that is to say, the processing capability of the active/standby mode is twice that of the active/standby mode, which can cope with the load impact in the case of holiday traffic emergency. This is the biggest advantage of mutual assistance.

2) In the active/standby mode, only one signaling point code is required for the two mscservers. Only the active signaling links are in the active state, and all the signaling links of the STANDBY state are in the blocking state. In the master-slave mode, the two MSCSER-VER need two signaling points. For MSCSERVER1, all the signaling links related to the main signaling point A are in the active state, the signaling link of the standby signaling point B is in the blocking status. For MSCSERVER2, all the signaling links related to the primary signaling point B are activated, while the signaling links related to the standby signaling point A are blocked.

3) in the active/standby mode, there is only a heartbeat line between the two MSCSER-VER. In the master-slave mode, apart from heartbeat lines, the two mscservers also have Nc and Nb ports.

ServerN + 1 backup mode

The ServerN + 1 backup mode is an extension of 1 + 1 backup. You can consider 1 + 1 backup as N + 1 backup mode with N = 1. The implementation method is the same as that of 1 + 1. For details, refer to the description of 1 + 1.

Because the backup Server needs to back up N servers, one Server must correspond to multiple MSC numbers, and the local data of all servers must be configured. Therefore, you need to add the following features to back up the Server:

You can configure multiple MSC numbers for this module and specify 0 or 1 master MSC number. That is, when the MSCServer is standby, no master uses the MSC number. When one of the N mscservers fails, you must configure the MSC Number of the fault MSCServer to be taken over as the master MSC Number of the slave Server. In this way, for other servers, there is a Server consistent with the configured data.

A/IuFlex Technology

The A/Iu-FLEX technology refers to a bsc/RNC that can be connected to multiple mscservers at the same time. The load is shared among the mscservers, and multiple mscservers form A "Server pool ", each MSCServer is assigned an NRI (network resource ID, corresponding to the last digits of IMSI and TMSI). The RNC in these locations is connected to each MSCServer at the same time. When receiving a transaction request sent by MS, the NRI can be parsed Based on the NRI carried in the signaling or the user ID (such as IMSI and TMSI) in the signaling, send business requests to the corresponding MSCServer for processing. When a MSCServer fails, BSC/RNC can forward the transaction to the faulty MSCServer to other mscservers for processing.

MGW Disaster Recovery Solution

MGW Load Balancing

MGW Load Balancing Technology: An RNC/BSC can be connected to multiple mgws at the same time, and mgws can be used for load balancing. The load of each MGW can be flexibly adjusted during resource allocation through MNs; in this way, when an MGW fails, the RNC load will be borne by the remaining MGW, without affecting RNC's business processing. Application Scenario Analysis: Server1 + 1 backup mode: Suitable for the case where the primary network capacity is small, but in the 1 + 1 mutual backup mode, both servers are active, and the device utilization is relatively high, it can cope with sudden holiday traffic spikes. Therefore, mutual backup is recommended in both modes.

ServerN + 1 backup mode: This mode is suitable for the case of large network capacity in the region. One MSCServer can be used to back up N mscservers, And the backup cost is relatively low.

A/Iu-FLEX method: This method requires support from BSC. If it is implemented on the current network, it is difficult. In the R5 stage in the future, after the Iu port implements IP bearer, this backup method is a good choice.

Advantages of ZTE core network devices

ZTE's WCDMA core network products MGW, MSCServer, SGSN, GGSN, MGCF, CSCF, HLR/HSS, and RNC are designed and developed based on a unified all-IP hardware platform, the entire hardware platform is designed for 3G networks and next-generation networks. It fully embodies the idea of control and bearer separation and full IP address switching. The preceding centralized disaster recovery methods are fully supported. This hardware platform is also applied to ZTE's cdma 2000 and SoftSwitch products, with high flexibility and stability. Fully verify the maturity of the platform. The network elements of each product share a single board, which fully ensures the consistency, reliability, and maintainability of the hardware system, and avoids the disadvantages of providing different platforms for different network elements.

Based on R4, ZTE's core network products fully support the smooth evolution of R99, R4, and R5, and provide mobile/fixed NGN fusion solutions, in line with the network development direction. ZXWN's large capacity and high integration level are the best guarantees for low cost and high performance.

ZTE is able to provide a complete solution to the Internet security, provide operators with a secure and reliable operating network, and has been commercially available at home and abroad. In the China Mobile Market, ZTE's disaster recovery security mechanism has been widely used in Hunan Mobile, Guizhou mobile, and Chongqing Mobile.

In the China Unicom market, ZTE's disaster recovery security mechanism has been widely used in Guangdong, Shandong, Tianjin, Shaanxi, Gansu, Jiangxi, Yunnan, Chongqing, Guizhou, and other provinces and cities. At the same time, ZTE has been using its powerful R & D capabilities and a large number of market applications to promote the further development and improvement of the softswitch Security Disaster Tolerance solution.