According to Cahners In-Stat Group CDMA-based systems offering highspeed packet data services are expected to serve up to 21 percent of the worldwide subscribers by 2006. CDMA2000, just like its predecessor cdmaOne, is based on technology pioneered by Qualcomm in the United States, which then became the country with the highest concentration of CDMA subscribers and coincidentally one of the highest rates of Internet penetration. It can be reasonably expected that U.S. mobile professionals, so accustomed to ubiquitous wireline access to their corporate networks, will be more receptive to service offerings and marketing companies that advertise mobile data for business users. In fact, the response to advertisements for voice services run by Sprint PCS in the second half of 2001 that targeted business customers was extremely favorable. More recently, both Verizon Wireless and Sprint PCS have launched their 3G networks based on CDMA2000 to expand their offer with high-speed network access.
Not only in North America but also in other world regions, wireline business data users have come to expect sophisticated remote access methods accompanied by a full range of security and provisioning options. It is likely, even anticipated, that subscribers in countries such as the United States with highly developed IP infrastructures will expect a similar or better set of services to be available as a part of the next-generation wireless data offerings. We believe that for these reasons, the ability to provide secure access to private networks among other advanced data services will be of primary importance to wireless operators.
In this chapter we analyze the main types of VPN services that can be offered in the CDMA2000 system framework. We begin the chapter with an analysis of security procedures and communications between the Packet Data Serving Node (PDSN) and private networks when Mobile IP or Simple IP access methods are used. Further in the chapter we discuss various HA deployment strategies, moving on to CDMA2000 IP address assignment and AAA issues. At the end of the chapter, we present a case study outlining a real-life deployment of data services within combined CDMA2000 and legacy cdmaOne networks and exploring these systems' respective strengths and weaknesses and suitability to the task. Most of this chapter concentrates on CDMA2000 compulsory VPN methods. Voluntary VPNs, thoroughly covered in Chapter 5, are based on end-to-end secure tunneling and are generally independent of the underlying lower-level technologies. These VPNs do not vary much among different communications systems, and CDMA2000 is no exception whenever public routable IP addresses can be provisioned in the user device or when private addresses combined with appropriate address translation and IPSec NAT traversal mechanisms are available. For more on this subject, see the "CDMA2000 IP Address Management" section later in this chapter.