Abstract: A secure storage for an X.509v3 digital certificate is provided (301, 302). Ports of a first and second apparatus (101, 102) are mutually authenticated (303) by using 802.1X based authentication and 802.1AR certificates. Traffic types are divided (304, 305) by an operator-configurable selector function into user plane, control plane, synchronization plane, and management plane traffic types. For Ethernet transport a virtual port is created for each traffic type, and a different MACsec secure connectivity association is created for each virtual port. For Ethernet transport an operator-programmable security policy is maintained for each traffic type. For IP transport an IPsec security association is created for each traffic type, and an operator-programmable security policy is maintained for each security association. For IP transport, TLS support may be enabled for compatibility with network management traffic. A port is repeatedly re-authenticated by an operator-definable timer value.

Abstract: An embodiment includes determining estimate(s) of bandwidth for class(es) of quality of service to be implemented in base station(s) for service(s) provided to user equipment by the base station(s), determining expiration time(s) for corresponding ones of the estimate(s) of bandwidth, and communicating indications of the same toward mobile backhaul node(s). At a backhaul node, the indications are received and, based on the received indications, downstream bandwidth is modified for user equipment of different quality of service classes, wherein the downstream bandwidth passes through the mobile backhaul node toward the base station(s). Apparatus, software, and computer program products are also disclosed.

Abstract: A secure storage for an X.509v3 digital certificate is provided (301, 302). Ports of a first and second apparatus (101, 102) are mutually authenticated (303) by using 802.1X based authentication and 802.1AR certificates. Traffic types are divided (304, 305) by an operator-configurable selector function into user plane, control plane, synchronization plane, and management plane traffic types. For Ethernet transport a virtual port is created for each traffic type, and a different MACsec secure connectivity association is created for each virtual port. For Ethernet transport an operator-programmable security policy is maintained for each traffic type. For IP transport an IPsec security association is created for each traffic type, and an operator-programmable security policy is maintained for each security association. For IP transport, TLS support may be enabled for compatibility with network management traffic. A port is repeatedly re-authenticated by an operator-definable timer value.

Abstract: An embodiment includes determining estimate(s) of bandwidth for class(es) of quality of service to be implemented in base station(s) for service(s) provided to user equipment by the base station(s), determining expiration time(s) for corresponding ones of the estimate(s) of bandwidth, and communicating indications of the same toward mobile backhaul node(s). At a backhaul node, the indications are received and, based on the received indications, downstream bandwidth is modified for user equipment of different quality of service classes, wherein the downstream bandwidth passes through the mobile backhaul node toward the base station(s). Apparatus, software, and computer program produces are also disclosed.