Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
swmike at swm.pp.se
Thu Apr 9 11:17:09 CDT 2009
On Thu, 9 Apr 2009, Lee, Steven (NSG Malaysia) wrote:
> Hi all, in most of the existing 2G/2.5G mobile PS-core (Packet Switch)
> networks have Gi segment (interface between GGSN & IP Router/firewall).
> Due to the IP address constraint, operator usually do NAT on the Gi
> firewall to NAT the private IP to public IP in the past. Looking at the
> traffic pattern and user access behaviour, does it make sense to have
> firewall between the GGSN & Public Internet if the public IP addresses
> are sufficient to cater for mobile subscribers? Especially with
> 3G/UMTS/HSPA or even LTE in the future.
The only reason I see to have a FW on Gi would be to have a stateful
device to stop scanning from the Internet towards the mobile devices (I
don't know how much SYNs you see on a /16 nowadays, it used to be quite a
lot). I know mobile operators who have been operating with public IPs to
all customers without FW for a lot of years. Todays GGSN and other devices
should handle it, even though they didn't do it well 5+ years back.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG