Do we still need Gi Firewall for 3G/UMTS/HSPA network ?

Rubens Kuhl rubensk at
Thu Apr 9 23:19:05 CDT 2009

On shared media like radio access, every unwanted packet means less
performance you will get out of the network. This can be done by NAT,
stateful filtering with public IPs or stateless filtering with public
IPs; the advantage of doing NAT is making it easier for the end-point
software to know that (two ways: noticing your local IP address is
from RFC1918 space, or connecting to a server that tells your IP in
order to compare it to the local address).

As such, GPRS, EDGE, EVDO, HSPA, LTE and Mobile WiMAX services have
good reasons to use NAT, and most do.


On Thu, Apr 9, 2009 at 12:48 PM, Lee, Steven (NSG Malaysia)
<kin-wei.lee at> wrote:
> Hi all, in most of the existing 2G/2.5G mobile PS-core (Packet Switch) networks have Gi segment (interface between GGSN & IP Router/firewall). Due to the IP address constraint, operator usually do NAT on the Gi firewall to NAT the private IP to public IP in the past. Looking at the traffic pattern and user access behaviour, does it make sense to have firewall between the GGSN & Public Internet if the public IP addresses are sufficient to cater for mobile subscribers? Especially with 3G/UMTS/HSPA or even LTE in the future.
> Please share your thought and thanks in advance :)
> Regards,
> Steven Lee

More information about the NANOG mailing list