AT&T Exec: 5G Private Networks are coming soon + 5G Security Conundrum?

Just two weeks after Verizon won a 5G Private Network contract in the UK, AT&T now says that Private 5G Networks are coming soon to your office or campus.  AT&T’s Rita Marty wrote in a blog post that many companies want “5G in a private space.”

“We’ve done exactly that at AT&T Stadium in Dallas. Fans will get experiences like live stats projected over the field on their smartphone camera.”

“Some organizations want a truly private, standalone 5G system. They envision full control of a “local area network” similar to corporate Wi-Fi, but with the performance, reliability and security of cellular.  Nellis Air Force Base in Nevada is testing one flavor: a 5G-powered command-and-control center on a trailer. It will form the hub of a moveable, private cellular network for local personnel in a conflict area.

Ms. Marty alluded to network slicing and edge computing in her blog post.  Those are two ultra hyped technologies that have yet to be deployed at scale by any 5G network operator.

“Other organizations are enhancing their 5G coverage with the ability to control specific local traffic themselves. They can peel off (via network slicing) certain data flows for “edge computing.” This means alarms in a factory, for instance, could be processed right on the premises – and thus much more quickly. MxD, a manufacturing innovation center in Chicago, is showing how fractions of seconds can help solve quality, safety and inventory issues.

Network slicing allows 5G network operators to create different sub-networks (which can be private) networks with different properties. Each sub-network slices the resources from the physical network to create its own independent, no-compromised network for its preferred applications.  It requires a 5G standalone core network, the implementation of which has not been standardized and AT&T has yet to deploy.

Most of AT&T’s activities in mobile edge computing and private 5G networks are in trials and testing.  AT&T is working to bring enhanced capabilities to their edge computing solutions by testing AT&T Network Edge (ANE) with cloud providers.  AT&T says ANE’s potential benefits include:

  • Lower latency: Deliver low-latency connectivity to high performance compute
  • Network routing optimization: Network integration with cloud providers
  • Extended cloud ecosystem: AT&T intends to develop an extended ANE ecosystem, allowing customers to use cloud services like they do today.

Image Credit:  AT&T

Private networks also need careful thought and consultation, Ms. Marty stated. “Considerations include design, spectrum, and who’s going to actually run it. Even a standalone network, and even 5G, must be set up properly to achieve the highest security against cyberattacks,” she added.

5G Security Conundrum:

As leader of AT&T’s 5G security team, Ms. Marty has her work cut out for her.  Especially considering choosing which of the 3GPP 5G SA security specs to support.  Many of them are not complete and targeted for 3GPP Release 17.  Also, European network operators have taken different approaches to 5G security and this will likely be a global phenomenon.

The real work on 5G security is being done by 3GPP with technical specification (TS) 33.501 Security architecture and procedures for 5G system being the foundation 5G security document.  That 3GPP spec was first published in Release 16, but the latest version dated 16 December 2020 is targeted at Release 17.  You can see all versions of that spec here.

3GPP’s 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.

Another important 3GPP Security spec is TS 33.51 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class, which is part of Release 16.  The latest version is dated Sept 25, 2020.

Here’s a chart on 3GPP and GSMA specs on 5G Security,  courtesy of Heavy Reading:

Question: When do you plan to implement the following 5G security specifications? (n=105-108) (Source: Heavy Reading)

Scott Poretsky, Ericsson’s Head of Security, wrote in an email:

“The reason for the inconsistent implementation of the 5G security requirements is the language in the 3GPP specs that make it mandatory for vendor support of the security features and optional for the operator to decide to use the feature.  The requirements are defined in this manner because some countries did not want these security features implemented by their national telecoms due to these security features also providing privacy.  The U.S. was not one of those countries.”

……………………………………………………………………………………………………………………….

 

References:

https://about.att.com/innovationblog/2021/private_5G_networks.html

https://www.business.att.com/learn/top-voices/att-continues-development-of-network-edge-compute.html

https://techblog.comsoc.org/2018/05/18/ieee-comsoc-papers-on-network-slicing-and-5g/

5G Security Issues Raise Mission Critical Questions & Issues

 

Evaluating Gaps and Solutions to build Open 5G Core/SA networks

by Saad Sheikh, Vice President and Chief Architect, SouthTel, South Africa

Since the “freezing” of the much awaited 3GPP Release-16 in July 2020, many network equipment vendors have sought to develop 5G core/5G stand alone (5G SA) network capabilities.  Those includee network slicing. massive IoT. uRLLC (ultra reliable, ultra low latency communications), edge network computing, NPN (non public network) and IAB (Integrated Access and Backhaul), etc.

It is just natural that all of the big telco’s in APAC and globally have started their journey towards 5G Standalone (5G SA) core network. However, most of the commercial deployments are based on vendor E2E stack which is a good way to start the journey and offer services quickly.

Yet there’s a big caveat:  With the type of services and versatility of solution specially on the industry verticals required and expected from both 3GPP Release16 and 5G SA core network it is just a matter of time when network equipment vendors cannot fulfill all the solutions and that is when a dire need to build a Telco grade Cloud platform will become a necessity.

During the last two years we have done a lot of work and progress in both better understanding of what will be the Cloud Native platforms for the real 5G era.  As of now,  the 5G Core container platforms from an open cloud perspective are not fully ready but we are also not too far from making it happen.

2021 is the year that we expect a production ready open 5G native cloud platform avoiding all sorts of vendor lock ins.

…………………………………………………………………………………………………………………………….

 

Let’s try to understand top issues enlisted based on 5G SA deployments in Core and Edge network:

  • Vendors are mostly leveraging existing NFVI to evolve to CaaS by using a middle layer shown Caas on Iaas.  The biggest challenge is this interface is not open which means there are many out of box enhancements done by each vendor.  This is one classic case of “When open became the new closed.”

Reference: https://cntt-n.github.io/CNTT/doc/ref_model/chapters/chapter04.html

The most enhancement done on the adaptors for container images are as follows:

  • Provides container orchestration, deployment, and scheduling capabilities.
  • Provides container Telco enhancement capabilities: Huge page memory, shared memory, DPDK, CPU core binding, and isolation
  • Supports container network capabilities, SR-IOV+DPDK, and multiple network planes.
  • Supports the IP SAN storage capability of the VM container.
  • Migration path from Caas on IaaS towards BMCaaS is not smooth and it will involve complete service deployment, it is true with most operators investing heavily in last few years to productionize the NFVi no body is really considering to empty pockets again to build purely CaaS new and stand-alone platform however smooth migration must be considered.
  • We are still in early phase of 5G SA core and eMBB is only use case so still we have not tested the scaling of 5G Core with NFVi based platforms.
  • ETSI Specs for CISM are not as mature as expected and again there are a lot of out of the box. customizations done by each vendor VNFM to cater this.

Now let’s consider where the open platforms are lacking and how that might be fixed.

Experience #1: 5G Outgoing traffic from PoD:

The traditional Kubernetes and CaaS Platforms today handles and scales well with ingress controller however 5G PoD’s and containers outgoing traffic is not well addressed as both N-S and E-W traffic follows same path and it becomes an issue of scaling finally.

We know some vendors like Ericsson who already bring products like ECFE and LB in their architecture to address these requirements.

Experience#2: Support for non-IP protocols:

PoD is natively coming with IP and all external communication to be done by Cluster IP’s it means architecture is not designed for non-IP protocols like VLAN, L2TP, VLAN trunking

Experience#3: High performance workloads:

Today all high data throughputs are supported CNI plugin’s which natively are like SR-IOV means totally passthrough, an Operator framework to enhance real time processing is required something we have done with DPDK in the open stack world

Experience#4: Integration of 5G SBI interfaces:

The newly defined SBI interfaces became more like API compared to horizontal call flows, however today all http2/API integration is based on “Primary interfaces” .

It becomes a clear issue as secondary interfaces for inter functional module is not supported.

Experience#5: Multihoming for SCTP and SI is not supported:

For hybrid node connectivity at least towards egress and external networks still require a SCTP link and/or SIP endpoints which is not well supported

Experience#6: Secondary interfaces for CNF’s:

Secondary interfaces raise concerns for both inter-operability, monitoring and O&M, secondary interfaces is very important concept in K8S and 5G CNF’s as it is needed during

  • For all Telecom protocols e.g BGP
  • Support for Operator frameworks (CRD’s)
  • Performance scenarios like CNI’s for SR-IOV

Today, only viable solution is by NSM i.e. a service mesh that solves both management and monitoring issues.

Experience#7: Platform Networking Issues in 5G:

Today in commercial networks for internal networking most products are using Multus+VLAN while for internal based on Multus+VxLAN it requires separate planning for both underlay and overlay and that becomes an issue for large scale 5G SA Core Network

Similarly, top requirements for service in 5G Networks are the following:

  • Network separation on each logical interface e.g VRF and each physical sub interface
  • Outgoing traffic from PoD
  • NAT and reverse proxy

Experience#8: Service Networking Issues in 5G:

For primary networks we are relying on Calico +IPIP while for secondary network we are relying ion Multus

Experience#9: ETSI specs specially for BM CaaS:

Still I believe the ETSI specs for CNF’s are lacking compared to others like 3GPP and that is enough to make a open solution move to a closed through adaptors and plugin’s something we already experienced during SDN introduction in the cloud networks today a rigorous updates are expected on

  • IFA038 which is container integration in MANO
  • IFA011 which is VNFD with container support
  • Sol-3 specs updated for the CIR (Container image registry) support

Experience#10: Duplication of features on NEF/NRM and Cloud platforms:

In the 5G new API ecosystem operators look at their network as a platform opening it to application developers. API exposure is fundamental to 5G as it is built into the architecture natively where applications can talk back to the network, command the network to provide better experience in applications however the NEF and similarly NRF service registry are also functions available on platforms. Today it looks a way is required to share responsibility for such integrations to avoid duplicates.

Reference Architectures for the Standard Platform:

Sol#1: Solving Data Integration issues

Real AI is the next most important thing for telco’s as they evolve in their automation journey from conditional #automation to partial autonomy . However to make any fully functional use case will require first to solve #Data integration architecture as any real product to be successful with #AI in Telco will require to use Graph Databases and Process mining and both of it will based on assumption that all and valid data is there .

Sol#2: AI profiles for processing in Cloud Infra Hardware profiles

With 5G networks relying more on robust mechanisms to ingest and use data of AI , it is very important to agree on hardware profiles that are powerful enough to deliver AI use cases to deliver complete AI pipe lines all the way from flash base to tensor flow along with analytics .

Sol#3: OSS evolution that support data integration pipeline

To evolve to future ENI architecture for use of AI in Telco and ZSM architecture for the closed loop to be based on standard data integration pipeline like proposed in ENI-0017 (Data Integration mechanisms).

Sol#4: Network characteristics

A mature way to handle outgoing traffic and LB need to be included in Telco PaaS.

Sol#5: Telco PaaS

Based on experience with NFV it is clear that IaaS is not the Telco service delivery model and hence use cases like NFVPaaS has been in consideration for the early time of NFV . With CNF introduction that will require a more robust release times it is imperative and not optional to build a stable Telco PaaS that meet Telco requirements. As of today, the direction is to divide platform between general PaaS that will be part of standard cloud platform over release iterations while for specific requirements will be part of Telco PaaS.

The beauty of this architecture is no ensure the multi-vendor component selection between them. The key characteristics to be addressed are discussed below.

Paas#1: Telco PaaS Tools

The agreement on PaaS tools over the complete LCM , there is currently a survey running in the community to agree on this and this is an ongoing study.

Reference: https://wiki.anuket.io/display/HOME/Joint+Anuket+and+XGVELA+PaaS+Survey

Paas#2: Telco PaaS Lawful interception

During recent integrations for NFV and CNF we still rely on Application layer LI characteristics as defined by ETSI and with open cloud layer ensuring the necessary LI requirements are available it is important that PaaS include this part through API’s.

Paas#3: Telco PaaS Charging Characteristics

The resource consumption and reporting of real time resources is very important as with 5G and Edge we will evolve towards the Hybrid cloud.

Paas#4: Telco PaaS Topology management and service discovery

A single API end point to expose both the topology and services towards Application is the key requirement of Telco PaaS

Paas#5: Telco PaaS Security Hardening

With 5G and critical services security hardening has become more and more important, use of tools like Falco and Service mesh is important in this platform

Paas#6: Telco PaaS Tracing and Logging

Although monitoring is quite mature in Kubernetes and its Distros the tracing and logging is still need to be addressed. Today with tools like Jaeger and Kafka /EFK needs to be include in the Telco PaaS

Paas#7: Telco PaaS E2E DevOps

For IT workloads already the DevOps capability is provided by PaaS in a mature manner through both cloud and application tools but with enhancements required by Telco workloads it is important the end-to-end capability of DevOps is ensured. Today tools like Argo need to be considered and it need to be integrated with both the general PaaS and Telco PaaS

Paas#9: Packaging

Standard packages like VNFD which cover both Application and PaaS layer.

Paas#8: Standardization of API’s

API standardization in ETSI fashion is the key requirement of NFV and Telco journey and it needs to be ensured in PaaS layer as well. For Telco PaaS it should cover VES , TMForum,3GPP , ETSI MANO etc . Community has made following workings to standardize this

  • TMF 641/640
  • 3GPP TS28.532 /531/ 541
  • IFA029 containers in NFV
  • ETSI FEAT17 which is Telco DevOps
  • ETSI TST10 /13 for API testing and verification

Based on these features there is an ongoing effort with in the LFN XGVELA community and I hope more and more users, partners and vendors can join to define the Future Open 5G Platform

Reference: https://github.com/XGVela/XGVela/wiki/XGVela-Meeting-Logistics

………………………………………………………………………………………………………………………………….

Glossary:

Term

Description

NFV

Network Function Virtualization

VNF

Virtual Network Functions

CNF

Containerized Network Functions

UPF

User Plane Function

AMF

Access Management Function

TDF

Traffic Detection Function

PCF

Policy Charging Function

NSSF

Network Slice Subnet Function

UDSF

Unstructured Data Storage Function

A & AI

Active and Available Inventory

CLAMO

Control Loop Automation Management Function

NFVI

Network Function Virtualized Infrastructure

SDN

Software Defined Networks

VLAN

Virtual LAN

L2TP

Layer2 Tunneling Protocol

SBI

Service Based Interface

NRF

Network Repository Function

NEF

Network Exposure Function

NAT

Network Address translation

LB

Load Balance

HA

High Availability

PaaS

Platform as a Service

ENI

Enhanced Network Intelligence

ZSM

Zero touch Service Management

EFK

Elastic search, FLuentd and Kibana

API

Application Programming Interface

………………………………………………………………………………………………………………………………..

About Saad Sheikh:

Saad Sheikh is an experienced telecommunications professional with more than 18 years of experience for leading and delivering technology solutions . He is currently Vice President and Chief Architect with Southtel, which is the leading System integrator in South Africa.  There he is leading 5G, Cloud, Edge Networking, Open RAN, Networking and Automation units.  He is helping to bring the power of innovative solutions to Africa.

Prior to this he was Chief Architect with STC (Saudi Telecom Company) where he lead the company Cloud Infrastructure Planning and Architecture Design to deliver large scale 5G , NFV , SDN and Cloud projects in Middle East. Previously, he held senior positions with both vendors and operators in Asia, Africa and APAC driving large scale projects in IT and Telecom.

 

Telefonica in 800 Gbps trial and network slicing pilot test

Telefonica and its network suppliers Nokia and Huawei have reached data transmission speeds of up to 800 Gbps in two pilot tests of photonic mesh technology. This trial reached speeds of 400 Gbps between Madrid and Barcelona (a distance of 830 kilometres), rising to 800 Gbps in a trial over shorter distances (47 kilometres) in the Madrid metropolitan area.
In a statement, Telefonica said the photonic mesh layer uses WDM (Wavelength Division Multiplexing) technology to achieve higher capacity, reduced latency and far lower energy consumption compared with traditional optical network transmission.
The high-speed trial used Huawei’s OSN 9800 optical equipment and Nokia’s 1830 Photonic Service Switch and 7950 XRS IP router.
…………………………………………………………………………………………………..
Separately, Telefonica is coordinating a 5G Network Slicing pilot test with Cisco and the University of Vigo.  The objective is to demonstrate how flexible 5G networks can devote specific capacities to different services and customers.This project consists of implementing a demonstrator on laboratory infrastructure at the facilities of the University of Vigo, where three slices will be deployed in order to offer distinctive services: low latency, high bandwidth and emergencies. This will enable, for example, customers to make use of the 5G network and enjoy ultra high-definition content while guaranteeing the resources of the mobile network in the event of an emergency in the area.

With this initiative the intention is also to begin building services for customers to be marketed via Telefónica’s 5G network. The project will thus enable Telefónica to obtain key results that will serve to drive the ecosystem and promote the interoperability and standardisation of this technology with a view to its marketing towards the end customer. Some of the sectors that can benefit the most from Network Slicing are the State Security Corps and Forces, media and communication, cars, industry and hotels.

5G Network Slicing Tutorial + Ericsson releases 5G RAN slicing software

5G Network Slicing Tutorial:

While there is no ITU-T recommendation to implement 5G network slicing, 3GPP Network Slicing requirements are included in 3GPP TS 22.261, Service requirements for the 5G system Stage 1, for Release 15 and updated for Release 16.  As defined by 3GPPNetwork slicing allows the  5G network operator to provide customized networks with different QoS capabilities.

A Network Slice is a logical (virtual) network customized to serve a defined business purpose or customer, consisting of an end-to-end composition of all the varied network resources required to satisfy the specific performance and economic needs of that particular service class or customer application. The ideas in play in developing and progressing the ‘slice’ concept draw on a progression of similar but simpler parallels in preceding network architectures including IP/Ethernet networking services (VLANs, IP VPNs, VPLS, etc.), and broaden the scope to include a wide range of access and core network functions from end-to-end and from the top to the bottom of the networking stack. Network slicing offers a conceptual way of viewing and realizing service provider networks by building logical networks on top of a common and shared infrastructure layer. Network slices are created, changed and removed by management and orchestration functions, which must be considerably enhanced to support this level of multi-domain end-to-end virtualization.

Here are a few use cases for 5G network slicing, which will likely to lead to different phases of adoption:

• Network Slicing can be used for operational purposes by a single network operator, to differentiate characteristics and resources for different broad
classes of services
• Network slicing can be used by a service provider seeking to establish a virtual service provider network over the infrastructure of a physical network operator
• Network slicing can allow individual end customers (enterprises) to be able to customize a virtual network for their operations and consume these network resources in a more dynamic way similar to today’s cloud services (i.e. dynamically varying scale, or for temporary needs).
• Network slicing can allow for “traffic splitting” across networks (5G, 4G, and WiFi via hybrid fiber-coax).

………………………………………………………………………………………………………………………………………………………………………………………………..

Ericsson launches 5G RAN Slicing to spur 5G business growth:

  • New software solution enables communications service providers to deliver innovative 5G use cases to consumers and enterprises with guaranteed performance
  • Built on Ericsson radio expertise and a scalable and flexible architecture, the new solution supports customized business models and growth requirements of advanced use cases
  • Ericsson 5G RAN Slicing strengthens end-to-end network slicing capabilities needed to deliver different services over a common infrastructure

 Today, Ericsson announced new software for 5G network operators to introduce network slicing. Ericsson 5G RAN Slicing allocates radio resources at 1 millisecond scheduling and supports multi-dimensional service differentiation handling across slices. Operators can use the platform to deliver dedicated high-quality services for various use cases.

Network slicing supports multiple logical networks for different service types over one common infrastructure. It is a key enabler for unlocking 5G revenue opportunities such as enhanced video, in-car connectivity and extended reality, Ericsson said.

Ericsson said what makes its product distinct is that it boosts end-to-end management and orchestration support for fast and efficient service delivery. This gives service providers the differentiation and guaranteed performance needed to monetize 5G investments. Ericsson’s network slicing platform is already in use in the consumer segment and for enterprise applications such as video-assisted remote operations, AR/VR, sports event streaming, cloud gaming, smart city, and applications for Industry 4.0 and public safety. Customers working with the system include KDDI and Swisscom.

An Ericsson report estimates USD 712 billion in an addressable consumer market for service providers by 2030. The addressable market for network slicing alone in the enterprise segment is projected at USD 300 billion by 2025 (GSMA data). As 5G scales up, service providers are looking to maximize returns on their investments by targeting innovative and high revenue-generating use cases such as cloud gaming, smart factories, and smart healthcare.

Toshikazu Yokai, Executive Officer, Chief Director of Mobile Technology, at KDDI, says: “End-to-end slicing is key to monetizing 5G investment and RAN slicing will help make that happen. Across different slices in our mobile networks, RAN slicing will deliver the quality assurance and latency required by our customers.”

Mark Düsener, Head of Mobile and Mass Market Communication at Swisscom, says: “We’re gearing up for the next stage of 5G where we expect to apply end-to-end network slicing, and RAN slicing is key to guaranteed performance. With efficient sharing of network resources across different slices, we will be able to provide communications for diverse 5G applications such as public safety or mobile private networks.”

Sue Rudd, Director, Networks and Service Platforms, Strategy Analytics, says: “Ericsson is the first vendor to offer a fully end-to-end solution with RAN slicing based on dynamic radio resource partitioning in under 1 millisecond using embedded radio control mechanisms to assure Quality of Service, Over the Air, in real time. This truly end-to-end approach integrates radio optimization with policy-controlled network orchestration to deliver inherently secure virtualized private RAN slicing without the loss of the 30 – 40 percent spectrum capacity due to ‘hard slicing’. Ericsson’s real-time dynamic RAN slicing bridges the ‘RAN gap’ to make e2e slicing profitable.”

About Ericsson 5G RAN Slicing:

The Ericsson 5G RAN Slicing solution offers a unique, multi-dimensional service differentiation handling that allows for the effective use of dynamic radio resource partitioning, slice-aware quality of service (QoS) enforcement, and slice orchestration functionality for service-level agreement (SLA) fulfilment. Built on Ericsson radio expertise and a flexible and scalable slicing architecture, the solution dynamically shares radio resources at 1 millisecond scheduling for best spectrum efficiency. This enables service providers to offer a variety of use cases with increased flexibility and versatility. It ensures end-to-end network slice management and orchestration support for fast service delivery and supports business models for virtual, hybrid and dedicated private networks​. The solution can also power use cases for mission-critical and time-critical communication services.

References:

https://transition.fcc.gov/bureaus/oet/tac/tacdocs/reports/2018/5G-Network-Slicing-Whitepaper-Finalv80.pdf

 

 

https://techblog.comsoc.org/2018/05/18/ieee-comsoc-papers-on-network-slicing-and-5g/

https://www.ericsson.com/en/network-slicing

https://www.ericsson.com/en/press-releases/2021/1/ericsson-launches-5g-ran-slicing-to-spur-5g-business-growth

https://www.telecompaper.com/news/ericsson-releases-5g-ran-slicing-software–1369987

Join an Ericsson live broadcast session: February 4, 2021 at, 3pm CET on LinkedInFacebookTwitter, or YouTube