Network interface

  • Uplink: S1U/GTP-U, S1AP, NGAP
  • Downlink: S1U/GTP-U, S1AP, NGAP
  • Edge: User-Plane Plane of breakout w/o GTP header
  • Accounting: Duplicated RADIUS accounting input
  • LI: X1(IMSI list), X2(Netflow), X3(User Traffic)
  • Mgt
    • [protocol for mgt] HTTPS/sFTP/SNMP
    • [user behavior] NetFlow, Syslog(Alert, IoC event etc..)
  • User Plane Mirror: User Plane mirror, w/o GTP header
  • Uplink <-> Downlink Hardware Bypass
  • Bypass mode
    • On: power-off or APIs
    • Off: system reload or APIs

Service type

  • Intranet Breakout
    • Change the data path of a subscriber session to the enterprise intranet through edge when the session is of subscriber IPs to private IPs
  • Selective Internet Breakout
    • For some subscribers, they can access Internet through edge without through the backhaul.
  • Mobile Security Inspection
    • Remove the GTP-U header of User Plane traffic and route to the network security device (for example, IPS/IDS)

Operational assistance

  • Operator traffic monitoring and service billing(packet volume/IMSI) usage
    • User-Plane Enhanced NetFlow with IMSI
    • User-Plane DNS log /SSL log
  • With PacketX Mediation Device(Optional)
    • Import target IMSI/IP
    • Enhanced NetFlow(with IMSI) for target
    • Target traffic encapsulated & Local PCAP recording

In-GTP Network security and access control

  • Destination IP white list
    • 100K / 200K / 500K
  • Destination IP black list
    • 300K / 2M / 5M
  • Destination Domain black list
    • 300K / 2M / 5M

User authority mechanism

  • Import user ID list
    • IMSI or Subscriber IP
  • Enable MEC after users in the list connect to the Network
  • RWith accounting information
    • RADIUS duplicate or mirror
    • GTP-C mirror
GRISM G8-MEC
GRISM T4-MEC
GRISM T12-MEC
GRISM T20-MEC
Network Interface 1G RJ45*8 10/1G SFP+*4 10/1G SFP+*12 10/1G SFP+*20
Hardware Bypass RJ45 port pair *1
System Operation HTTPS, SNMP v2/v3, GRISM XML script
Data Format Ethernet/PCAP Ethernet Ethernet Ethernet
Advanced Processing 2Gbps 10Gbps 20Gbps 30Gbps
IoC
(IP/ Domain/ URL)
Capacity
Max 1M Max 3M Max 10M Max 10M
Power AC 110V-220V Dual DC-48V Dual AC 110V-220V Dual AC 110V-220V

Key Functions

Selective Local Break Out

Selectively redirect the user plane sessions of 4G/5G devices to the edge cloud of the network or even the nearby corporate intranet.

User Plane Metadata Extraction

Generate enhanced NetFlow, DNS log, SSL log and so on by analyzing user plane traffic.

Control Plane Correlation

Use GTP-C or accounting message to establish the association between user plane sessions and subscriber ID such as IMSIs.

IoC-based Defense

SBlock malicious sessions on the basis of massive IoCs (list of IP/domain/top-level domain) to enhance network security for subscribers.

Regional Internet Access Control

Apply public IP/Domain access restriction on those subscribers that register to some eNBs/gNBs.

Transparent Processing

No need to re-config the core network or eNB/gNB settings.

GRISM-MEC

Selective Breakout to Edge
Selective Breakout to Internet
Network Monitoring and Inspection
Learn More