No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Solution Overview

Solution Overview

This section describes the applications of IPSec in the LTE and the IPSec configuration in the networking where hot standby devices are deployed in off-line mode.

Introduction to LTE

Long Term Evolution (LTE) is a project initiated by 3GPP in December 2004 for the long term evolution of the Universal Mobile Telecommunications System (UMTS). The objective of the project is to increase the data rate of mobile communications systems, reduce network nodes and the system complexity, and therefore cut down the caPex and opex of networks. Since the analog technology was adopted in the 1G system, communications networks have been through the revolution of 2G and 3G technologies and stepped into the 4G era. LTE has become a major 4G standard. Strictly, LTE does not meet the 4G definition of ITU. It is only a quasi-4G technology. This, however, does not hold carriers back from setting LTE as the mainstream 4G standard.

Network Architecture of LTE

The network architecture of LTE is flatter and more IP-based than that of 3G networks, as shown in Figure 9-1.

Figure 9-1  Network architecture of LTE

An LTE network consists of the following parts:
  • User Equipment (UE): The general term for mobile terminals, such as mobile phones, smart phones, and multimedia devices, used on the LTE network.
  • Evolved NodeB (eNodeB): wireless base station that provides wireless access services for users.
  • IP-Radio Access Network (RAN): IP-based wireless access network. It is the access network of the entire LET network.
  • Evolved Packet Core (EPC): the core network of LTE.
    • Mobility Management Entity (MME): responsible for the control function of the core network. Traffic from the eNodeB to the EPC includes signaling flows and service flows, and the MME processes signaling traffic.
    • Serving Gateway (S-GW): processes the service traffic from the eNodeB to the EPC.
    • Operation and Maintenance Center (OMC): includes the M2000, CME, and LMT. The administrator manages the NEs on the LTE network in a centralized manner through the OMC. For the ease of management, some certificate servers, such as the CA server and RA server, are also deployed in the OMC area.

Interfaces of the eNodeB

The eNodeB provides two interfaces, S1 and X2:

  • S1 interface

    The S1 interface is between the MM3/S-GW and the eNodeB. Based on the service plane, the S1 interface is further split to the S1 user plane interface and the S1 control plane interface.

    • S1 user plane interface (S1-U)

      The S1-U interface is between the eNodeB and the S-GW. It carries user data, also called service data, between the eNodeB and the S-GW. The S1-U works on the simple GTP over UDP/IP transport protocol. This protocol encapsulates user data. The is no mechanism for traffic control, error control, or other data transfer assurance on the S1-U interface.

    • S1 control plane interface (S1-C)

      The S1-C interface is between the eNodeB and the MME for controlling the signaling interaction between the eNodeB and the MME. For reliable transfer of signaling messages, the S1-C works on SCTP above the IP layer.

  • X2 interface

    The X2 interface is an interface for communication between eNodeBs. The X2 is a new interface defined by LTE. It is a mesh interface and enables inter-eNodeB packet forwarding when the terminal moves. This helps to reduce the packet loss rate.

    • X2 user plane interface (X2-U)

      The X2-U interface carries user data between eNodeBs. It is used for data forwarding only when a terminal moves from one eNodeB to another. The X2-U also works on GTP over UDP/IP.

    • X2 control plane interface (X2-C)

      The X2-C is a signaling interface between eNodeBs. It enables signaling interaction between the eNodeBs. The X2-U is related to user movement. It transfers the user context between eNodeBs. Like the S1-C, the X2-C also uses SCTP to ensure transmission.

Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16828

Downloads: 721

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next