VoLTE and IMS Security for Service Providers



DDoS Protection Solutions

The Challenge

VoLTE is a crucial service when consolidating voice traffic from circuit switch networks to all-IP LTE networks because it reduces overall network operation costs. And VoLTE adoption is rapidly increasing. One North American T-1 operator has nearly 40 percent of its voice calls on VoLTE.

As VoLTE matures, attacks against the signaling resources used to provide services to customers—including real-time signaling protocols—will also increase. As a result, VoLTE security—focusing on protecting and controlling signaling protocols including Diameter and SIP, for example—is becoming more critical.

With more and more devices coming to the market with support only for IPv6, the ability to manage and control potential signaling spikes caused by IPv6 devices is equally important. When a SIP signaling storm happens because of unintended actions, other node outages in the network, or malicious attacks, it’s important to rate-limit SIP requests to the P-CSCF so it’s not overwhelmed.

Plus, with the increase in the types and numbers of new devices also come massive and ongoing changes in traffic and usage characteristics. To handle all these changes, operators require solutions capable of very high connection rates and increasing concurrency.

The Solution

F5 products and solutions help you deliver fast and secure VoLTE services. The F5 Traffix Signaling Delivery Controller (SDC) and BIG-IP platform with SIP application layer gateway (ALG) capabilities help ensure VoLTE service continuity and protect against unauthorized access, unexpected traffic peaks, signaling storms, session spoofing, and privacy attacks.

The F5 firewall solution with SIP ALG monitors SIP messages and only permits RTP streams when the SIP ALG validates the SIP control channel, providing security for user traffic in the network. By combining firewall, traffic management, DDOS protection, and carrier-grade network address translation (CGNAT) functions on the S/Gi LAN with SDC signaling control directly in front of the P-CSCF, F5 solutions can secure and distribute traffic, regardless of whether that traffic is from IPv4 or IPv6 devices. The F5 solutions combine security and availability to maintain network service during times of unexpected stress.

F5 solutions enable service delivery with the highest possible protection, connection rates, and concurrency levels in the industry—more than a terabit of throughput and up to 1.2 billion concurrent connections.

F5 Helps You:

  • Deliver fast and secure VoLTE service.
  • Provide maximum security protection.
  • Support high connection rates and a high level of concurrency.
  • Protect your brand and maximize subscriber quality of experience (QoE).

Connect with F5

F5 Labs

The latest in application threat intelligence.


The F5 community for discussion forums and expert articles.

F5 Newsroom

News, F5 blogs, and more.