Long Term Evolution (LTE) is a communication network technology currently under development by the 3rd Generation Partnership Project (3GPP). LTE requires a new radio access technique termed Evolved Universal Terrestrial Radio Access Network (E-UTRAN), which is designed to improve network capacity, reduce latency in the network, and consequently improve the end-user's experience. System Architecture Evolution (SAE) is the core network architecture for LTE communication networks.
Referring to FIG. 1, the LTE/SAE architecture includes a Mobility Management Entity (MME) 1, which is responsible for control signalling. An SAE Gateway (SAE-GW) 2 is responsible for the user data. The SAE-GW 2 consists of two different parts, namely a Serving Gateway that routes user data packets, and a PDN Gateway that provides connectivity between a user device and an external data network. These nodes are described in detail in 3GPP Technical Specification (TS) 23.401. All these nodes are interconnected by an IP network. Further nodes are the eNodeBs 3, 4, which act as base stations in the network. There are three major protocols and interfaces between these node types. These are S1-MME (between the eNodeBs 3, 4 and the MME 1), 51-U (between the eNodeBs 3, 4 and the SAE-GW 2, or more correctly between the eNodeBs 3, 4 and the Serving Gateway), and X2 (between eNodeBs 3, 4). The corresponding protocols used in these interfaces are S1AP (51 Application Protocol) and X2AP (X2 Application Protocol). All these protocols and interfaces are IP-based. In addition, the network may contain other nodes that are part of the above interface, for example a Home eNodeB Gateway (HeNB GW) between a HeNB and rest of the nodes in the network.
Referring to FIG. 2, a network operator commonly connects the eNodeBs on a LTE Radio Access Network (RAN) towards it's internal network (Intranet 6), where the SAE Core Network (SAE CN) is located, by hiring transport capacity with a certain Service Level Agreement (SLA) (e.g. specific bandwidth and QoS support) from an ISP (Internet Service Provider). This hired transport capacity is treated as un-secure since the traffic will be mixed with traffic from other users and may traverse through parts of Internet 5 or other unsecured areas. Core network nodes may be located in a secured intranet 6 (a so-called trusted domain). In order to provide a secured communication between an eNodeB 3 and the Intranet 6, a security gateway (SEGW) 7 is introduced as an interface between unsecured Internet 5 and the secure intranet 6. IPsec tunnels are used in order to connect the eNodeB 3 towards the Intranet 6 via the SEGW 7.
FIG. 2 illustrates further examples when eNodeBs 3, 4, 9, 10, connecting via the Internet 5, are connected to the SAE CN nodes using IPsec tunnels towards the SEGWs 7, 8. The S1-MME and the S1-U connections are established over the IPsec tunnels. It is also shown that an X2 interface between two eNodeBs can traverse either through one or two SEGW(s) depending on if the eNodeBs are connected to the same or to different SEGW(s). For example, an X2 interface between eNodeB 3 and eNodeB 9 traverses a single SEGW 7, whereas an X2 between eNodeB 4 and eNodeB 9 traverses two SEGWs, i.e. SEGW 8 and SEGW 7.
There are several factors which can affect the pricing of the hired transport capacity. These factors include bandwidth, QoS and the number of public IP addresses provided. In order to minimize the need for public IP addresses, an eNodeB 3 can be located behind a firewall that uses Network Address Translation (NAT). Due to using NAT, the IPsec setup must be done with the following features in order to bypass the NAT and make it possible for the eNodeB 3 to communicate with the SEGW 7 and the nodes in the intranet:                Tunnel mode        Encapsulating Security Payload (ESP)        UDP encapsulation of IPsec ESP Packets (RFC 3948)        Intranet IP address allocation during the IPsec tunnel establishment, for example via IKEv2 signalling or Dynamic Host Configuration Protocol (DHCP)        
There are several different possibilities for eNodeB topology locations that are important in relation to the establishment of the X2 interface. These are illustrated in FIG. 3, and can be described as follows:                An eNodeB 11 is located in the same secure domain (i.e. intranet 6) as the core network nodes and some other eNodeBs.        An eNodeB 12 is located in the Internet 5 with no NAT. As the eNodeB 12 is located outside the secure domain 6 in the Internet 5, in order to access the secure domain, eNodeB 12 needs to establish an IPsec tunnel towards the SEGW 14.        An eNodeB 13 is located in the Internet 5 and behind a NAT 15. eNodeB 13 is located outside the secure domain 6 in the Internet 5. eNodeB 13 may be located behind a NAT 15 in order to reduce the number of used public IP addresses (or for other reasons). In this case, an IPsec tunnel is also needed between eNodeB 13 and the SEGW 14.        
The different topology locations also mean that different types of IP addresses will be used. These are described below:
FIG. 4 illustrates the example where eNodeB 11 is located in the Intranet 6. In this case, eNodeB has one Intranet IP address, which may be statically allocated or retrieved by an internal DHCP server (shown as “e.g. 10.y.y.y” in FIG. 4). This Intranet IP address is used for communication to core network nodes and towards other eNodeBs.
When an eNodeB 12 is located in the Internet 5 with no NAT, as illustrated in FIG. 5 herein, it has two different IP addresses; one Internet IP address and one Intranet IP address. The network setup is done in the following way:    1. eNodeB 12 retrieves its Internet IP address via, for example, an external DHCP server located in the Internet (shown as “e.g. 65.y.y.y” in FIG. 5).    2. eNodeB 12 finds the SEGW 14 Internet IP address via a DNS server located in the Internet (shown as “e.g. 147.x.x.x” in FIG. 5).    3. eNodeB 12 establishes an IPsec tunnel towards the SEGW 14.    4. eNodeB 12 retrieves its Intranet IP address during the IPsec tunnel establishment, for example via IKEv2 signalling or DHCP (shown as “e.g. 10.y.y.y” in FIG. 5).
The Intranet IP address is used for communication with core network nodes and towards other eNodeBs.
When an eNodeB 13 is located behind a NAT at the Internet, as illustrated in FIG. 6 herein, three IP addresses are involved in the setup process; namely a NAT IP address, an Internet IP address and an Intranet IP address. The network setup is done in the following way:    1. The NAT 15 retrieves its Internet IP address, for example via a DHCP server located at the Internet (shown as “e.g. 65.y.y.y” in FIG. 6).    2. eNodeB 13 retrieves its NAT IP address, for example via a DHCP server located at the NAT firewall (shown as “e.g. 192.168.y.y” in FIG. 6).    3. eNodeB 13 finds the SEGW 14 Internet IP address via a DNS server located in the Internet 5 (shown as “e.g. 147.x.x.x” in FIG. 6).    4. eNodeB 13 establishes an IPsec tunnel towards the SEGW 14 using UDP encapsulation as the NAT 15 is detected during IPsec tunnel establishment.    5. eNodeB 13 retrieves its Intranet IP address during the IPsec tunnel establishment, for example via IKEv2 signalling or DHCP (shown as “e.g. 10.y.y.y” in FIG. 6).
The Intranet IP address is used for communication with core network nodes and towards other eNodeBs.
Different techniques can be used to establish an X2 interface between eNodeBs on IP transport network level. The location of the eNodeBs affects which method of establishing an X2 interface with another eNodeB is the most suitable.