5G Network Slicing
Another Opinion: 5G Fails to Deliver on Promises and Potential
Introduction:
For many years now, this author has repeatedly stated that 5G would be the biggest train wreck in all of tech history. That is still the case. It’s primarily due to the lack of ITU standards (really only one- ITU M.2150) and 5G core network implementation specs (vs 5G network architecture) from 3GPP.
We’ve noted that the few 5G SA core networks deployed are all different with no interoperability or roaming between networks. I can’t emphasize enough that ALL 3GPP defined 5G functions and features (including security and network slicing) require a 5G SA core network. Yet most of the deployed 5G networks are NSA which use a 4G infrastructure for everything other than the RAN.
It also must be emphasized that the 5G URLLC Physical layer specified in ITU-R M.2150 does not meet the performance requirements in ITU-R M.2410 as the URLLC spec is based on 3GPP Release 15. Astonishingly, the 3GPP Release 16 work item “URLLC in the RAN” has yet to be completed, despite Release 16 being “frozen” in June 2020 (2 1/2 years ago). The official name of that Release 16 work item is “Physical Layer Enhancements for NR Ultra-Reliable and Low Latency Communication (URLLC)” with the latest spec version dated June 23, 2022. That work item is based on the outcome of the study items resulting in TR 38.824 and TR 38.825. It specifies PDCCH enhancements, UCI enhancements, PUSCH enhancements, enhanced inter UE TX prioritization/multiplexing and enhanced UL configured grant transmission.
Finally, revision 6 of ITU-R recommendation M.1036 on terrestrial 5G frequency arrangements (especially for mmWave), still has not been agreed upon by ITU-R WP5D. That has resulted in a “frequency free for all,” where each country is defining their own set of 5G mmWave frequencies which inhibits 5G end point device interoperability.
……………………………………………………………………………………………………………………………………………………………………..
In an article titled, 5G Market Growth, Mohamad Hashisho provides his view of why 5G has not lived up to its promise and potential.
Standalone 5G Is Yet to Breakout:
5G market growth still needs to feel as imposing as many imagined it. A technology created to replace previous generations still relies on their infrastructure. Standalone (SA) 5G is unrestricted by the limits of the prior generation of telecommunications technology because it does not rely on the already-existing 4G infrastructure. As a result, it can deliver the fast speeds and low latency that 5G networks have consistently promised. Clearly, standalone(SA) 5G is the way to go, so why do we not see effective implementation and marketing for it?
The numerous challenges businesses encounter while using SA are alluded to in the various telco comments about device availability, carrier aggregation, and infrastructure upgrades. The 5G New Radio system is connected to the current 4G core, the network’s command center, with older NSA. As its name suggests, SA sweeps this crutch aside and substitutes a new 5G core. But operators face several difficulties when they push it out, according to Brown. The first is the challenge of creating “cloud-native” systems, as they are known in the industry. Most operators now want to fully utilize containers, microservices, and other Internet-world technologies rather than simply virtualizing their networks. With these, networks risk being less efficient and easier to automate, and new services may take longer to launch. But the transition is proving to be challenging.
Overpromising, Yet to Deliver:
5G came out of the corner swinging. Huge promises were thrown around whenever the subject of 5g was discussed. It has been a while since 5G came to fruition, yet its market growth remain humble. Some might say that the bark was way more extensive than the bite. While some of these promises were delivered, they weren’t as grand as the ones yet to happen.
Speed was one of the main promises of 5G. And while some argue that this promise is fulfilled, others might say otherwise. Speeds are yet to reach speeds that can eclipse those of 4G. It is not only about speeds, though. It is about the availability of it. The high-speed services of 5G networks are only available in some places. Its been years and many regions are yet to receive proper 5G services. Simply put, a large portion of the dissatisfaction surrounding 5G can be attributed to the failure to fully deploy the infrastructure and the development of applications that fully utilize 5G.
5G of Tomorrow Struggles With Its Today:
5G is, without a doubt, the way to go for the future, but does its present state reflect that? Maybe. That is the issue. Years into its adoption, the answer should be decisive. Telcos might see potential in the maybes and work based on tomorrow’s potential. Consumers won’t be as patient. The consumers need the promised services now. You need to keep your customer base around with promises of the future. Especially when 4G LTE did the job well, really well.
Moreover, some areas in the US, not in struggling countries, have speeds slower than 4G LTE. Some 5G phones struggle to do the minimum tasks. Phones have to stick to specific chips capable of 5G support. But it is not about the small scale. Let’s think big, going back to the big promises 5G made. Smart cities, big-scale internet activities happening in real-time. IoT integration everywhere, controlling drones and robots from across the world. Automated cars as well, 5G was promised to deliver on all that, today and not tomorrow, but here we are.
Finally, the marketing was hit and miss, more miss, to be frank. Most consumers pay more to be 5G ready, while 5G still needs to be truly prepared. It’s hard to keep people interested when 4G is doing great. The only thing that the people needed was consistency, and sadly 5G is less consistent than some would hope.
Concluding Thoughts:
Lastly, innovation waits for none. This even includes 5G and 5G market growth. There are talks, even more than talks, about 6G. China is pushing for 6G supremacy, while Nokia and japan are starting the conversation about 7G. A major oversight that 5G missed was range. 5 G does great over small distances.
When the promises were massive in scale and global, you practically shot yourself in the foot. Time is running out for 5G, or is it pressuring 5G to live up to its potential?
……………………………………………………………………………………………………………………………………………………………………………
References:
https://insidetelecom.com/5g-market-growth/
https://www.itu.int/rec/R-REC-M.2150/en
https://www.itu.int/pub/R-REP-M.2410
https://www.itu.int/dms_pubrec/itu-r/rec/m/R-REC-M.1036-6-201910-I!!PDF-E.pdf
https://www.3gpp.org/specifications-technologies/releases/release-16
Ericsson and Nokia demonstrate 5G Network Slicing on Google Pixel 6 Pro phones running Android 13 mobile OS
In separate announcements today, Ericsson and Nokia stated they had completed 5G Network Slicing trials with Google on Pixel 6 Pro smart phones running the Android 13 mobile OS [1.].
Network Slicing is perhaps the most highly touted benefits of 5G, but its commercial realization is taking much longer than most of the 5G cheerleaders expected. That is because Network Slicing, like all 5G features, can only be realized on a 5G standalone (SA) network, very few of which have been deployed by wireless network operators. Network slicing software must be resident in the 5G SA Core network and the 5G endpoint device, in this case the Google Pixel 6 Pro smartphone.
Note 1. On August 15, 2022, Google released Android 13 -the latest version of its mobile OS. It comes with a number of new features and improvements, as well as offers better security and performance fixes. However, it’s implementation on smartphones will be fragmented and slow according to this blog post.
For devices running Android 12 or higher, Android provides support for 5G Network Slicing, the use of network virtualization to divide single network connections into multiple distinct virtual connections that provide different amounts of resources to different types of traffic. 5G network slicing allows network operators to dedicate a portion of the network to providing specific features for a particular segment of customers. Android 12 introduces the following 5G enterprise network slicing capabilities, which network operators can provide to their enterprise clients.
Android 12 introduces support for 5G network slicing through additions to the telephony codebase in the Android Open Source Project (AOSP) and the Tethering module to incorporate existing connectivity APIs that are required for network slicing.
Here’s a functional block diagram depicting 5G network slicing architecture in AOSP:
Image Credit: Android Open Source Project
1. Ericsson and Google demonstrated support on Ericsson network infrastructure for multiple slices on a single device running Android 13, supporting both enterprise (work profile) and consumer applications. In addition, for the first time, a slice for carrier branded services will allow communications service providers (CSP) to provide extra flexibility for customized offerings and capabilities. A single device can make use of multiple slices, which are used according to the on-device user profiles and network policies defined at the CSP level.
The results were achieved in an Interoperability Device Testing (IODT) environment on Google Pixel 6 (Pro) devices using Android 13. The new release sees an expansion of the capabilities for enterprises assigning network slicing to applications through User Equipment Route Selection Policy (URSP ) rules, which is the feature that enables one device using Android to connect to multiple network slices simultaneously.
Two different types of slices were made available on a device’s consumer profile, apart from the default mobile broadband (MBB) slice. App developers can now request what connectivity category (latency or bandwidth) their app will need and then an appropriate slice, whose characteristics are defined by the mobile network, will be selected. In this way either latency or bandwidth can be prioritized, according to the app’s requirements. For example, the app could use a low-latency slice that has been pre-defined by the mobile network for online gaming, or a pre-defined high-bandwidth slice to stream or take part in high-definition video calling.
In an expansion of the network slicing support offered by Android 12, Android 13 will also allow for up to five enterprise-defined slices to be used by the device’s work profile. In situations where no USRP rules are available, carriers can configure their network so traffic from work profile apps can revert to a pre-configured enterprise APN (Access Point Name) connection – meaning the device will always keep a separate mobile data connection for enterprise- related traffic even if the network does not support URSP delivery.
Monica Zethzon, Head of Solution Area Packet Core at Ericsson said: “As carriers and enterprises seek a return on their investment in 5G networks, the ability to provide for a wide and varied selection of use cases is of crucial importance. Communications Service Providers and enterprises who can offer customers the flexibility to take advantage of tailored network slices for both work and personal profiles on a single Android device are opening up a vast reserve of different uses of those devices. By confirming that the new network slicing capabilities offered by Android 13 will work fully with Ericsson network technology, we are marking a significant step forward in helping the full mobile ecosystem realize the true value of 5G.”
Ericsson and partners have delivered multiple pioneering network slicing projects using the Android 12 device ecosystem. In July, Telefonica and Ericsson announced a breakthrough in end-to-end, automated network slicing in 5G Standalone mode.
2. Nokia and Google announced that they have successfully trialed innovative network slice selection functionality on 4G/5G networks using UE Route Selection Policy (URSP) [2.] technology and Google Pixel 6 (Pro) phones running Android 13. Once deployed, the solution will enable operators to provide new 5G network slicing services and enhance the customer application experience of devices with Android 13. Specifically, URSP capabilities enable a smartphone to connect to multiple network slices simultaneously via different enterprise and consumer applications depending on a subscriber’s specific requirements. The trial, which took place at Nokia’s network slicing development center in Tampere, Finland, also included LTE-5G New Radio slice interworking functionality. This will enable operators to maximally utilize existing network assets such as spectrum and coverage.
Note 2. User Equipment Route Selection (URSP) is the feature that enables one device using Android to connect to multiple network slices simultaneously. It’s a feature that both Nokia and Google are supporting.
URSP capabilities extend network slicing to new types of applications and use cases, allowing network slices to be tailored based on network performance, traffic routing, latency, and security. For example, an enterprise customer could send business-sensitive information using a secure and high-performing network slice while participating in a video call using another slice at the same time. Additionally, consumers could receive personalized network slicing services for example for cloud gaming or high-quality video streaming. The URSP-based network slicing solution is also compatible with Nokia’s new 5G radio resource allocation mechanisms as well as slice continuity capabilities over 4G and 5G networks.
The trial was conducted using Nokia’s end-to-end 4G/5G network slicing product portfolio across RAN-transport-core as well as related control and management systems. The trial included 5G network slice selection and connectivity based on enterprise and consumer application categories as well as 5G NR-LTE slice interworking functionalities.
Nokia is the industry leader in 4G/5G network slicing and was the first to demonstrate 4G/5G network slicing across RAN-Transport-Core with management and assurance. Nokia’s network slicing solution supports all LTE, 5G NSA, and 5G SA devices, enabling mobile operators to utilize a huge device ecosystem and provide slice continuity over 4G and 5G.
Nokia has carried out several live network deployments and trials with Nokia’s global customer base including deployments of new slicing capabilities such as Edge Slicing in Virtual Private Networks, LTE-NSA-SA end-to-end network slicing, Fixed Wireless Access slicing, Sliced Private Wireless as well as Slice Management Automation and Orchestration.
Ari Kynäslahti, Head of Strategy and Technology at Nokia Mobile Networks, said: “New application-based URSP slicing solutions widen operator’s 5G network business opportunities. We are excited to develop and test new standards-based URSP technologies with Android that will ensure that our customers can provide leading-edge enterprise and consumer services using Android devices and Nokia’s 4G/5G networks.”
Resources:
…………………………………………………………………………………………………………………………………………………………….
Addendum:
- Google’s Pixel 6 and Pixel 6 Pro, which run on Android 12, are the first two devices certified on Rogers 5G SA network in Canada, which was deployed in October 2021. However, 5G network slicing hasn’t been announced yet.
- Telia deployed a commercial 5G standalone network in Finland using gear from Nokia and the operator highlighted its ability to introduce network slicing now that it has a 5G SA core.
- OPPO, a Chinese consumer electronics and mobile communications company headquartered in Dongguan, Guangdong, recently demonstrated the pre-commercial 5G enterprise network slicing product at its 5G Communications Lab in collaboration with Ericsson and Qualcomm. OPPO has been conducting research and development in 5G network slicing together with network operators and other partners for a number of years now.
- Earlier this month, Nokia and Safaricom completed Africa’s first Fixed Wireless Access (FWA) 5G network slicing trial.
References:
https://source.android.com/docs/core/connect/5g-slicing
Nokia and Safaricom complete Africa’s first Fixed Wireless Access (FWA) 5G network slicing trial
Nokia and Safaricom complete Africa’s first Fixed Wireless Access (FWA) 5G network slicing trial
Nokia today announced that it has successfully piloted its 4G and 5G Fixed Wireless Access (FWA) network slicing with mobile operator, Safaricom on its live commercial network. This is the first-time 4G/5G network slicing has been successfully achieved in Africa. The trial utilized a multi-vendor network environment and included RAN, transport and core as well as software upgrades to a range of Nokia’s products and services.
The successful trial demonstrates that Safaricom is now poised to support new types of enterprise network services, including fast lane internet access and application slicing. In addition, Nokia is enabling secured FWA slice connectivity to enterprise locations, as well as to private or public application clouds.
The multi-vendor pilot which took place in Kenya’s Western Region, strengthens the strategic partnership between the two companies, with Nokia already providing a wide variety of services and solutions. The pilot demonstrated a number of solutions including Nokia’s AirScale 4G/5G base stations, the NetAct network management and assurance system and Nokia’s FastMile 4G/5G CPE.
Network slicing (which requires a 5G SA Core Network) enables operators the ability to divide a network into multiple virtual slices, which can be optimized for a specific target application or service. The end user of each network slice can then be serviced with different priorities, routing, levels of network performance and security capabilities. Slices can be managed and deployed in minutes, and each one has key performance indicators used for service assurance.
Nokia’s 4G/5G network slicing solution (SORRY, no such thing as 4G network slicing), which received a prestigious award from GTI 2021 in the ‘Innovative Breakthrough in Mobile Technology’ category, supports LTE, 5G NSA and 5G SA technologies with slice service continuity between the networks. This enables slicing services for all LTE and 5G devices.
James Maitai, Network Director, Safaricom, said: “We are proud to have hosted Africa’s first successful pilot of 4G/5G FWA slicing on our network, and looking forward to tailoring our service offerings to individual customers and industries, to meet their needs for high-speed connectivity precisely and without unnecessary cost. Nokia’s expertise has been key to this success, and we anticipate many more strategic wins in this area as our business expands.”
Ramy Hashem, Head of Safaricom Customer Team at Nokia, said: “It is great to have successfully completed this pilot with Safaricom, which is a huge step forward in providing Safaricom with state-of-the-art connectivity. Early experience of new slicing technology is invaluable in understanding the new business opportunities it enables. Nokia was the first vendor to offer a slicing solution and we are looking forward to continuing our partnership with Safaricom in providing world-class 4G and 5G network slicing services to its customers.”
Resources:
Webpage: Automated network slicing
Webpage: 5G Edge Slicing
Webpage: Nokia AirScale
Webpage: Nokia FastMile
Webpage: Nokia 5G RAN
Webpage: Nokia NetAct
Deutsche Telekom demos end to end network slicing; plans ‘multivendor’ open RAN launch in 2023
DT and Ericsson recently demonstrated an impressive proof of concept implementation: they established connectivity with guaranteed quality of service (QoS) between Germany and Poland via 5G end-to-end network slicing. With an SD-WAN solution from Deutsche Telekom, the data connection can be flexibly controlled and managed via a customer portal. The solution ensures that different service parameters in the network can be operated across country borders. At the same time, network resources are flexibly allocated. This approach is being presented for the first time worldwide. It is particularly advantageous for global companies that operate latency-critical applications at different, international locations.
End-to-end network slicing, which requires a 5G SA core network, is a key enabler for unlocking 5G opportunities. It’s been highly touted to drive business model innovation and new use cases across various industry segments. 5G slicing will enable use cases that require specific resources and QoS levels. Globally operating enterprise are more and more seeing the need for uniform connectivity characteristics to serve their applications in different markets. Some of the latency-critical business applications that demand consistent international connectivity performance are related to broadcasting, logistics, and automotive telematics.
In this trial, the QoS connectivity was extended from Germany to Poland using a 5G slicing setup that is based on commercial grade Ericsson 5G Standalone (SA) radio and core network infrastructure and a Deutsche Telekom commercial SD-WAN solution. The home operator-controlled User Plane Function (UPF) is placed in Poland as the visited country and the entire setup is managed by an Ericsson orchestrator integrated with a Deutsche Telekom business support system via open TM Forum APIs. Combining 5G slicing and SD-WAN technology allows flexible connectivity establishment and control, while traffic breakout close to the application server in visited countries enables low latency.
…………………………………………………………………………………………………………………………………..
According to Light Reading, Deutsche Telekom (DT) has already issued a request for quotation (RFQ) to Open RAN vendors and is currently selecting partners for a commercial rollout next year. NEC – a Japanese vendor of radio units (among other things)- and Mavenir -a U.S. developer of baseband software-were mentioned as Open RAN Town participants (and likely DT RFQ respondents). “It is a multivendor setup,” said DT’s Claudia Nemat.
However, there are obstacles that Open RAN must overcome to be widely deployed. In particular, energy efficiency. Deutsche Telekom, along with most other big operators, is determined to reduce its carbon footprint and slash energy bills. Open RAN “is less energy efficient than today’s RAN technology,” Ms. Nemat said. The use of x86 general-purpose microprocessors in virtualized, open RAN deployments seems to be responsible for this inefficiency.
“If you have an ASIC [application-specific integrated circuit] for baseband processing, it is always cheaper than using a general-purpose microprocessor like an Intel processor,” said Alex Choi, Deutsche Telekom’s head of strategy and technology innovation, two years ago.
One option is to use ASICs and other chips as hardware accelerators for more efficient baseband processing. Companies including Marvell, Nvidia and Qualcomm all have products in development for sale as merchant silicon in open RAN deployments. Nemat, noted a breakthroughs with Intel.
“We achieved a reduction of electricity consumption of around minus 30%. For us, that is a big step forward for commercial deployment.”
Light Reading’s Iain Morris, provided this assessment:
Even so, a commercial open RAN deployment involving companies like NEC and Mavenir is hard to imagine. Any widespread rollout of their technologies would mean swapping out equipment recently supplied by Ericsson or Huawei (DT’s current 5G network equipment vendors), unless Deutsche Telekom plans to run two parallel networks. Either option would be costly.
Far likelier is that a 2023 deployment will be very limited. Other operators including the UK’s BT and France’s Orange have talked about using open RAN initially for small cells – designed to provide a coverage boost in specific locations.
A private network for a factory is one possible example. Outside Germany, of course, there may be a bigger short-term opportunity in Deutsche Telekom markets where 5G has not been as widely deployed.
In late June 2021, Deutsche Telekom switched on its ‘O-RAN Town’ deployment in Neubrandenburg, Germany. O-RAN Town is a multi-vendor open RAN network that will deliver open RAN based 4G and 5G services across up to 25 sites. The first sites are now deployed and integrated into the live network of Telekom Germany. This includes Europe’s first integration of massive MIMO (mMIMO) radio units using O-RAN open fronthaul interfaces to connect to the virtualized RAN software.
Ms. Nemat said at the time, “Open RAN is about increasing flexibility, choice and reinvigorating our industry to bring in innovation for the benefit our customers. Switching on our O-RAN Town including massive MIMO is a pivotal moment on our journey to drive the development of open RAN as a competitive solution for macro deployment at scale. This is just the start. We will expand O-RAN Town over time with a diverse set of supplier partners to further develop our operational experience of high-performance multi-vendor open RAN.”
……………………………………………………………………………………………………………………………………………………………………..
In November 2021, Deutsche Telekom announced it was taking the lead in a new Open lab to accelerate network disaggregation and Open RAN. The German Federal Ministry for Transport and Digital Infrastructure (BMVI) is financing the Lab with 17 million Euros and that’s to be matched by approximately a 17 million Euro investment from a consortium under the leadership of Deutsche Telekom (DT).
The lab will furthermore be supported by and working closely with OCP (Open Compute Project), ONF (Open Networking Foundation), ONAP (Open Network Automation Platform), the O-RAN Alliance and the TIP (Telecom Infra Project). Partners and supporters together form the user forum, which is open for participation by other interested companies, especially SMEs, working on applications as well as equipment and development. As an open lab it is built for collaboration within the wider telecommunications community. The i14y Lab Berlin will be the central location and core node of satellite locations such as Düsseldorf and Munich. Other highlights:
- Testing and integrating components of disaggregated networks in the lab to accelerate time to market of open network technology for the multi-vendor network of the future.
- The lab has already started operations at DT Innovation Campus Winterfeldtstraße
- Important foundation for building a European and German ecosystem of vendors and system integrators
A recent Research Nester report predicts a market size of $21 billion for O-RAN in 2028.
[Source: https://www.researchnester.com/reports/open-radio-access-network-market/2781].
References:
https://www.telekom.com/en/media/media-information/archive/telekom-at-mwc-barcelona-2022-647894
https://www.telekom.com/en/media/media-information/archive/global-5g-network-slicing-648218
5G Security explained: 3GPP 5G core network SBA and Security Mechanisms
by Akash Tripathi with Alan J Weissberger
Introduction:
5G networks were deployed in increasing numbers this past year. As of December 2021, GSA had identified 481 operators in 144 countries or territories that were investing in 5G, up from 412 operators at the end of 2020. Of those, a total of 189 operators in 74 countries/territories had launched one or more 3GPP-compliant 5G services, up by 40% from 135 from one year ago.
Despite 5G’s much advertised potential, there are significant security risks, especially with a “cloud native” service based architecture, which we explain in this article.
New 5G services, functions and features have posed new challenges for 5G network operators. For example, bad actors could set up “secure” wireless channels with previously issued 5G security keys.
Therefore, it’s imperative for 5G operators to address end-to-end cyber security, using an array of novel techniques and mechanisms, which have been defined by 3GPP and (to a much lesser extent) by GSMA.
5G Security Requires 5G SA Core Network:
It’s important to distinguish between 5G NSA network security (which use 4G security mechanisms and 4G core network/EPC) vs. 5G SA network security (which uses 5G core network serviced base architecture and new 5G security mechanisms as defined by 3GPP).
Samsung states in a whitepaper:
▪ With the launch of 5G Stand Alone (SA) networks, 3GPP mitigates some long-standing 4G vulnerabilities to enable much stronger security.
▪ At the same time, the way the Service Based Architecture ‘explodes’ the new 5G Core opens up potentially major new vulnerabilities. This requires a fundamentally new approach to securing the 5G Core, including comprehensive API security.
▪ Operators can communicate 5G SA’s new security features to some business users. Communication to consumers is more challenging because the benefit of new security enhancements will only come into effect incrementally over many years.
▪ Mobile network security cannot depend on 3GPP alone. Operators must apply robust cyber security hygiene and operational best practice throughout their operations.
In addition, the 5G network infrastructure must meet certain critical security requirements, such as the key exchange protocol briefly described below.
There are many other risks and challenges, such as the rising shortage of well-trained cyber security and cyber defense specialists. We will address these in this article. But first, a backgrounder….
5G Core Network Service Based Architecture (SBA):
To understand 5G security specifications, one has to first the 3GPP defined 5G SA/core network architecture.
5G has brought about a paradigm shift in the architecture of mobile networks, from the classical model with point-to-point interfaces between network function to service-based interfaces (SBIs).
The 5G core network (defined by 3GPP) is a Service-Based Architecture (SBA), whereby the control plane functionality and common data repositories of a 5G network are delivered by way of a set of interconnected Network Functions (NFs), each with authorization to access each other’s services.
Network Functions are self-contained, independent and reusable. Each Network Function service exposes its functionality through a Service Based Interface (SBI), which employs a well-defined REST interface using HTTP/2. To mitigate issues around TCP head-of-line (HOL) blocking, the Quick UDP Internet Connections (QUIC) protocol may be used in the future.
Here’s an illustration of 5G core network SBA:
The 5G core network architecture (but not implementation details) is specified by 3GPP in the following Technical Specifications:
| TS 23.501 | System architecture for the 5G System (5GS) |
| TS 23.502 | Procedures for the 5G System (5GS) |
| TS 23.503 | Policy and charging control framework for the 5G System (5GS); Stage 2 |
The 5G network consists of nine network functions (NFs) responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting user equipment to the Internet using a base station. These technologies create a liability for attackers to carry out man-in-the-middle and DoS attacks against subscribers.
Overview of 3GPP 5G Security Technical Specifications:
The 5G security specification work are done by a 3GPP Working Group named SA3. For the 5G system security mechanisms are specified by SA3 in TS 33.501. You can see all versions of that spec here.
3GPP’s 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.
Another important 3GPP Security spec is TS 33.51 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class, which is part of Release 16.
It’s critically important to note that ALL 3GPP security spec features and functions are required to be supported by vendors, but the are ALL OPTIONAL for 5G service providers. That has led to inconsistent implementations of 5G security in deployed and planned 5G networks as per this chart, courtesy of Heavy Reading:
Scott Poretsky, Ericsson’s Head of Security, wrote in an email to Alan:
“The reason for the inconsistent implementation of the 5G security requirements is the language in the 3GPP specs that make it mandatory for vendor support of the security features and optional for the operator to decide to use the feature. The requirements are defined in this manner because some countries did not want these security features implemented by their national telecoms due to these security features also providing privacy. The U.S. was not one of those countries.”
………………………………………………………………………………………………..
Overview of Risks and Potential Threats to 5G Networks:
A few of the threats that 5G networks are likely to be susceptible to might include those passed over from previous generations of mobile networks, such as older and outdated protocols.
-
Interoperability with 2G-4G Networks
For inter-operability with previous versions of software or backward compatibility, 5G must still extend interoperability options with mobile gadgets adhering to the previous generation of cellular standards.
This inter-operability necessity ensures that vulnerabilities detected in the outmoded Diameter Signaling and the SS7 Interworking functions followed by 2G-4G networks can still be a cause of concern for the next-generation 5G network.
-
Issues related to data protection and privacy
There is a likely possibility of a cyber security attack such as Man-in-the-Middle (MITM) attack in a 5G network where a perpetrator can access personal data through the deployment of the International Mobile Subscriber Identity (IMSI)-catchers or cellular rogue base stations masquerading as genuine mobile network operator equipment.
-
Possibility of rerouting of sensitive data
The 5G core network SBA itself could make the 5G network vulnerable to Internet Protocol (IP) attacks such as Distributed Denial of Service (DDoS). Similarly, network hijacking, which involves redirecting confidential data through an intruder’s network, could be another form of attack.
-
Collision of Politics and Technology
Government entities can impact 5G security when it comes to the production of hardware for cellular networks. For instance, various countries have new regulations that ban the use of 5G infrastructure equipment that are procured from Chinese companies (Huawei and ZTE) citing concerns over possible surveillance by the Chinese government.
-
Network Slicing and Cyberattacks
Network slicing is a 5G SA core network function (defined by 3GPP) that can logically separate network resources. The facility empowers a cellular network operator to create multiple independent and logical (virtual) networks on a single shared access. However, despite the benefits, concerns are being raised about security risks in the form of how a perpetrator could compromise a network slice to monopolize resources for compute-intensive activities.
3GPP Public Key based Encryption Schemes:
3GPP has introduced more robust encryption algorithms. It has defined the Subscription Permanent Identifier (SUPI) and the Subscription Concealed Identifier (SUCI).
- A SUPI is a 5G globally unique Subscription Permanent Identifier (SUPI) allocated to each subscriber and defined in 3GPP specification TS 23.501.
- SUCI is a privacy preserving identifier containing the concealed SUPI.
The User Equipment (UE) generates a SUCI using a Elliptic Curve Integrated Encryption Scheme (ECIES)-based protection scheme with the public key of the Home Network that was securely provisioned to the Universal Subscriber Identity Module (USIM) during the USIM registration.
Through the implementation of SUCI, the chance of meta-data exploits that rely on the user’s identity are significantly reduced.
Zero Trust architecture:
As 5G will support a massive number of devices, Zero Trust can help private companies to authenticate and identify all connected devices and keep an eye on all the activities of those devices for any suspected transgression within the network. While it has been successfully tested for private enterprise networks, its capability for a public network like open-sourced 5G remains to be gauged.
Private 5G Networks:
A private 5G network will be a preferred mode for organizational entities that require the highest levels of security taking into account national interests, economic competitiveness, or public safety. A fully private 5G network extends an organization with absolute control over the network hardware as well as software set-up. All of those mechanisms can be proprietary as the 5G private network deployment is only within one company’s facilities (campus, building, factory floor, etc).
Future of 5G Security:
The next-generation 5G-based wireless cellular network has put the spotlight on new opportunities, challenges, and risks, which are mandatorily required as the 5G technology makes great strides.
The 5G security mechanisms will continue to evolve in 3GPP (with Release 17 and above). Many of them will be transposed to become (“rubber stamped”) ETSI standards.
Note that 3GPP has not submitted its 5G core network architecture or 5G security specifications to ITU-T which is responsible for all 5G (IMT 2020) non-radio standards.
Europe’s General Data Protection Regulation (GDPR), applicable as of May 25th, 2018 in all EU member states, harmonizes data privacy laws across Europe. It could serve as a model for network security and data protection initiatives outside the European Union.
Conclusions:
The 5G network has the possibility to enhance network and service security. While 5G comes with many built-in security controls by design, developed to enhance the protection of both individual subscribers and wireless cellular networks, there is a constant need to remain vigilant and a step ahead in terms of technological innovation to thwart possible new cyber-attacks.
An end-to-end security framework across all layers and all domains would be essential. Introducing best practices and policies around security and resilience will remain imperative to future-proof 5G networks.
References:
Strong Growth Forecast for 5G Security Market; Market Differentiator for Carriers
Report Linker: 5G Security Market to experience rapid growth through 2026
AT&T Exec: 5G Private Networks are coming soon + 5G Security Conundrum?
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3169
5G Security Vulnerabilities detailed by Positive Technologies; ITU-T and 3GPP 5G Security specs
Author Bio:
Akash Tripathi is a Content Marketing strategist at Top Mobile Tech. He has 10+ years of experience in blogging and digital marketing. At Top Mobile Tech, he covers various how-to and tips & tricks related to iPhone and more related to technologies. For more about Akash, please refer to:
https://twitter.com/akashtripathi8
https://www.linkedin.com/in/akash-tripathi-42315959/
https://www.facebook.com/akash.tripathi.562
https://www.instagram.com/akashtripathi8/
Is 5G network slicing dead before arrival? Replaced by private 5G?
The telecom industry has been hyping 5G network slicing for several years now, asserting that carriers will be able to make money by selling “slices” of their networks to different enterprises for their exclusive use. Effectively, creating wireless virtual private networks.
Network slicing is a very complicated technology that must work across a 5G SA core, RAN, edge and transport networks. There are no standards for network slicing, which is defined in several 3GPP Technical Specifications.
From 3GPP TS 28.530:
Network slicing is a paradigm where logical networks/partitions are created, with appropriate isolation, resources and optimized topology to serve a purpose or service category (e.g. use case/traffic category, or for MNO internal reasons) or customers (logical system created “on demand”).
- network slice: Defined in 3GPP TS 23.501 v1.4.0
- network slice instance: Defined in 3GPP TS 23.501 V1.4.0
- network slice subnet: a representation of the management aspects of a set of Managed Functions and the required resources (e.g. compute, storage and networking resources).
- network slice subnet instance: an instance of Network Slice Subnet representing the management aspects of a set of Managed Function instances and the used resources (e.g. compute, storage and networking resources).
- Service Level Specification: a set of service level requirements associated with a Service Level Agreement to be satisfied by a network slice instance.
…………………………………………………………………………………………
An IEEE Techblog tutorial on network slicing is here.
………………………………………………………………………………………..
Yet despite all the pomp and circumstance, there are few if any instances of commercially available 5G SA core networks that support network slicing. Perhaps that’s because with the lack of standards there won’t be any interoperability or roaming from one 5G SA core network to another.
Meanwhile, private 5G is coming on strong, especially with Amazon’s announcement which we covered in this post:
Benefits of Private 5G Networks:
A private 5G network, also known as a local or non-public 5G network, is a local area network that provides dedicated bandwidth using 5G technology. Although the telecommunication industry is currently building the needed infrastructure and network gear to support 5G, there has not yet been a widespread rollout.
“5G deployment is still in its infancy, and we use movement from standardization bodies implementing models for Industry 4.0 or smart buildings as an indicator that the 5G private network is a foundational component for their future,” says Jon Abbott, EMEA technology director of Vertiv.
Many companies are working with service providers to use these developing networks, but some prefer the advantages that come with building their own private 5G systems.
A large component in the growth of private 5G networks is the release of an unlicensed spectrum for industry verticals. It gives businesses the option to deploy a private 5G network without having to work with an operator.
Because a private network can be designed for protection and human safety, sensor control, and security, the improved bandwidth is ideal for various use cases in multiple industries.
Benefits of a private network include:
- Reducing the company’s dependence on providers, thereby allowing full control over operating methods
- Separate data processing and storage
- Security policies can be designed and controlled within the organization, allowing companies to customize the network the way they want
- The overall high speeds, low latency, and application support of 5G
Risks of 5G:
Although there are many benefits, faster network do still come with risks. For example, the improved speed and latency can inadvertently create new avenues for cyber-criminals. As more systems go wireless, the more sources cyber criminals can attempt to hack. Furthermore, the growing adoption of 5G is increasing alongside the use of 5G-enabled devices. Because many of these devices are interconnected to various systems through the Internet of Things, the probability of a data leak increases.
Businesses need to take the proper steps to secure their systems in order to ward off cyber criminals as they attempt to take advantage of the fast speeds of 5G. When the implementation of 5G begins, organizations must have security systems, such as firewalls, VPNs, malware software, intrusion detection systems (IDS) and intrusion prevention systems (IPS), in place.
From a Dell’Oro Group report on Private Wireless Networks:
Private Wireless RAN and Core network Configurations:
There is no one-size-fits-all when it comes to private wireless. We are likely looking at hundreds of deployment options available when we consider all the possible RAN, Core, and MEC technology, architectures, business, and spectrum models. At a high level, there are two main private wireless deployment configurations, Shared (between public and private) and Not Shared:
- The shared configuration, also known as Public Network Integrated-NPN (PNI-NPN), shares resources between the private and public networks.
- Not shared, also known as Standalone NPN (SNPN), reflects dedicated on-premises RAN and core resources. No network functions are shared with the Public Land Mobile Network (PLMN).
Not surprisingly, there will be a plethora of deployment options to address the RAN domain. In addition to the shared vs. standalone configuration and LTE vs. 5G NR, private wireless RAN systems can be divided into two high-level RAN configurations: Wide-Area and Local-Area.
Dell’Oro Group continues to believe that it will take some time to realize the full vision with private wireless. Setting aside the more mature public safety market, we expect that some of these more nascent local private opportunities to support both Broadband and Critical IoT will follow Amara’s Law, meaning that there will likely be a disconnect between reality and vision both over the near and the long term.
References:
Microsoft proposes a 5G overlay on their “Azure for Operators” cloud WAN
In a blog post, Microsoft proposes to sell global data transport and routing services to 5G network operators under its new Azure for Operators business. The proposition (described below) is to use a 5G overlay on Microsoft Azure’s cloud WAN.
“Operators spend a lot of money to manage and maintain their networks and peering relationships, but so does Microsoft. The question then is, why are two massive industries doing the same thing? Because both parties move packets around, doesn’t it make more sense for them to collaborate?” wrote Victor Bahl, Microsoft CTO of the company’s new Azure for Operators business, in a blog post to the company’s website. “Here, the well-managed, reliable, and performant Azure network should be thought of as the backbone that operators trust. With this shift in thinking will come all the advantages of innovation that IT companies like Microsoft are rapidly bringing in.”
Azure’s planet-scale WAN
Azure maintains a massive WAN with significant capacity and one that is continuously growing. We have over 175,000 miles of lit fiber optic and undersea cable systems. This connectivity covers close to 200 network points of presence (PoPs) over 60 regions, across 140 countries.
Azure’s network is connected to many thousands of ISPs and other networks with significant peering capacity. Our global network is well-provisioned, with redundant fiber paths that can handle multiple simultaneous failures, it also has massive reserve capacity in unlit dark fiber. These optical fibers are fully owned or leased by Microsoft, and all traffic between and among Azure datacenters within a region or across regions is automatically encrypted at the physical layer.
This combination of redundant capacity to handle failures, dark capacity for significant growth, and research advancements being made in increasing transmission speeds means that we have a massive amount of spare capacity to serve 5G traffic to a broad array of new operators.
Bahl said Microsoft is selling its network services to large, established 5G network operators that already manage their own routing and transport operations, as well as newer telcos that may not have developed such systems. Under Microsoft’s vision, 5G network operators can focus on erecting cell towers and central offices, but can rely on Microsoft’s Internet backbone to carry their customers’ traffic from those locations across the U.S. and the rest of the world.
Making Azure WAN great for 5G traffic
For many years, Microsoft researchers and engineers have been working on a hybrid-global traffic orchestrator for routing network packets across Azure’s WAN. Our orchestrator takes control away from classic Internet protocols and instead moves that control into software that we build and control for 5G traffic. We place the 5G flows that demand high performance on low-latency, high bandwidth paths to and from the Internet. Network flows that are cost-sensitive are instead routed through cheaper paths.
In effect, we have developed a fast-(packet) forwarding mechanism to build a 5G overlay on our existing WAN, thereby supporting a variety of 5G network slices with different wired transport properties, while avoiding interference with the operation of the underlying enterprise cloud network.
We have also extended our state-of-the-art network verification capability to cover complex network topologies by modeling Virtual WAN, Virtual Networks, and other network function virtualizations (NFVs), as well as modeling reachability using formal methods. Using fast solvers, we can verify reachability constraints on customer topologies, at deployment time or when undergoing a config change.
We have applied machine learning to predict the impact of peering link outages and congestion mitigation strategies and use the data to improve the availability of the WAN peering surface area.
Our expertise in optimization algorithms has been shown to ultimately reduce cloud networking spend. Techniques like these will be invaluable in carving out 5G paths on the overlay that are cost-efficient, but still meet the performance needs of every network slice.
o[
The significant upside for operators
To reiterate, Microsoft is heavily invested in running a well-managed, always-available global network. We have been incorporating multiple groundbreaking technologies, including scalable optimization, formal verification of routing policies, machine learning, and AI. We envision operators to not only be able to use our WAN to transfer 5G packets, with low latency, but also to benefit from multiple network services such as DDoS protection, firewalls, traffic accelerators, connection analytics, load balancers, and rate limiters, many of which we use in running existing Azure network workloads.
At Microsoft, we bring the full power of research and engineering leadership into our networks, rapidly incorporating innovation and new features to provide reliable, low-latency, low-cost service. In turn, this effort will open up the significant potential of next-generation services and applications as envisioned by the community at large. It is no understatement to say that collaboration between operators and Azure is key to unleashing the true power of 5G.
o[Last year Microsoft acquired telecom software vendors Affirmed Networks and Metaswitch Networks, and subsequently introduced its Azure for Operators to “provide operators with the agility they need to rapidly innovate and experiment with new 5G services on a programmable network.” The company earlier this year doubled down on the opportunity with the purchase of AT&T’s Network Cloud operation, a move that positions AT&T to shift its 5G core network operations into Microsoft’s cloud over the next three years.
More broadly, Microsoft is one of a trio of massive cloud computing companies that are hoping to generate sales among telecom companies, including 5G network operators. Google, Amazon Web Services (AWS) and Microsoft are all now selling various products and services into the telecom space.
Several telecom network providers including Canada’s Telus and Deutsche Telekom – are jumping at the prospect of partnering with a cloud computing service provider. Of note is Dish Network’s massive deal with AWS, whereby it plans to run all of its network software in the Amazon cloud and AT&T outsourcing its 5G SA Core network to run on Microsoft Azure cloud.
References:
https://azure.microsoft.com/en-gb/blog/unleashing-the-true-potential-of-5g-with-cloud-networks/
AT&T 5G SA Core Network to run on Microsoft Azure cloud platform
AT&T Exec: 5G Private Networks are coming soon + 5G Security Conundrum?
Just two weeks after Verizon won a 5G Private Network contract in the UK, AT&T now says that Private 5G Networks are coming soon to your office or campus. AT&T’s Rita Marty wrote in a blog post that many companies want “5G in a private space.”
“We’ve done exactly that at AT&T Stadium in Dallas. Fans will get experiences like live stats projected over the field on their smartphone camera.”
“Some organizations want a truly private, standalone 5G system. They envision full control of a “local area network” similar to corporate Wi-Fi, but with the performance, reliability and security of cellular. Nellis Air Force Base in Nevada is testing one flavor: a 5G-powered command-and-control center on a trailer. It will form the hub of a moveable, private cellular network for local personnel in a conflict area.
Ms. Marty alluded to network slicing and edge computing in her blog post. Those are two ultra hyped technologies that have yet to be deployed at scale by any 5G network operator.
“Other organizations are enhancing their 5G coverage with the ability to control specific local traffic themselves. They can peel off (via network slicing) certain data flows for “edge computing.” This means alarms in a factory, for instance, could be processed right on the premises – and thus much more quickly. MxD, a manufacturing innovation center in Chicago, is showing how fractions of seconds can help solve quality, safety and inventory issues.
Network slicing allows 5G network operators to create different sub-networks (which can be private) networks with different properties. Each sub-network slices the resources from the physical network to create its own independent, no-compromised network for its preferred applications. It requires a 5G standalone core network, the implementation of which has not been standardized and AT&T has yet to deploy.
Most of AT&T’s activities in mobile edge computing and private 5G networks are in trials and testing. AT&T is working to bring enhanced capabilities to their edge computing solutions by testing AT&T Network Edge (ANE) with cloud providers. AT&T says ANE’s potential benefits include:
- Lower latency: Deliver low-latency connectivity to high performance compute
- Network routing optimization: Network integration with cloud providers
- Extended cloud ecosystem: AT&T intends to develop an extended ANE ecosystem, allowing customers to use cloud services like they do today.
Image Credit: AT&T
Private networks also need careful thought and consultation, Ms. Marty stated. “Considerations include design, spectrum, and who’s going to actually run it. Even a standalone network, and even 5G, must be set up properly to achieve the highest security against cyberattacks,” she added.
5G Security Conundrum:
As leader of AT&T’s 5G security team, Ms. Marty has her work cut out for her. Especially considering choosing which of the 3GPP 5G SA security specs to support. Many of them are not complete and targeted for 3GPP Release 17. Also, European network operators have taken different approaches to 5G security and this will likely be a global phenomenon.
The real work on 5G security is being done by 3GPP with technical specification (TS) 33.501 Security architecture and procedures for 5G system being the foundation 5G security document. That 3GPP spec was first published in Release 16, but the latest version dated 16 December 2020 is targeted at Release 17. You can see all versions of that spec here.
3GPP’s 5G security architecture is designed to integrate 4G equivalent security. In addition, the reassessment of other security threats such as attacks on radio interfaces, signaling plane, user plane, masquerading, privacy, replay, bidding down, man-in-the-middle and inter-operator security issues have also been taken in to account for 5G and will lead to further security enhancements.
Another important 3GPP Security spec is TS 33.51 Security Assurance Specification (SCAS) for the next generation Node B (gNodeB) network product class, which is part of Release 16. The latest version is dated Sept 25, 2020.
Here’s a chart on 3GPP and GSMA specs on 5G Security, courtesy of Heavy Reading:
Scott Poretsky, Ericsson’s Head of Security, wrote in an email:
“The reason for the inconsistent implementation of the 5G security requirements is the language in the 3GPP specs that make it mandatory for vendor support of the security features and optional for the operator to decide to use the feature. The requirements are defined in this manner because some countries did not want these security features implemented by their national telecoms due to these security features also providing privacy. The U.S. was not one of those countries.”
……………………………………………………………………………………………………………………….
References:
https://about.att.com/innovationblog/2021/private_5G_networks.html
https://www.business.att.com/learn/top-voices/att-continues-development-of-network-edge-compute.html
https://techblog.comsoc.org/2018/05/18/ieee-comsoc-papers-on-network-slicing-and-5g/
5G Security Issues Raise Mission Critical Questions & Issues
Evaluating Gaps and Solutions to build Open 5G Core/SA networks
by Saad Sheikh, Vice President and Chief Architect, SouthTel, South Africa
Since the “freezing” of the much awaited 3GPP Release-16 in July 2020, many network equipment vendors have sought to develop 5G core/5G stand alone (5G SA) network capabilities. Those includee network slicing. massive IoT. uRLLC (ultra reliable, ultra low latency communications), edge network computing, NPN (non public network) and IAB (Integrated Access and Backhaul), etc.
It is just natural that all of the big telco’s in APAC and globally have started their journey towards 5G Standalone (5G SA) core network. However, most of the commercial deployments are based on vendor E2E stack which is a good way to start the journey and offer services quickly.
Yet there’s a big caveat: With the type of services and versatility of solution specially on the industry verticals required and expected from both 3GPP Release16 and 5G SA core network it is just a matter of time when network equipment vendors cannot fulfill all the solutions and that is when a dire need to build a Telco grade Cloud platform will become a necessity.
During the last two years we have done a lot of work and progress in both better understanding of what will be the Cloud Native platforms for the real 5G era. As of now, the 5G Core container platforms from an open cloud perspective are not fully ready but we are also not too far from making it happen.
2021 is the year that we expect a production ready open 5G native cloud platform avoiding all sorts of vendor lock ins.
…………………………………………………………………………………………………………………………….
Let’s try to understand top issues enlisted based on 5G SA deployments in Core and Edge network:
- Vendors are mostly leveraging existing NFVI to evolve to CaaS by using a middle layer shown Caas on Iaas. The biggest challenge is this interface is not open which means there are many out of box enhancements done by each vendor. This is one classic case of “When open became the new closed.”
Reference: https://cntt-n.github.io/CNTT/doc/ref_model/chapters/chapter04.html
The most enhancement done on the adaptors for container images are as follows:
- Provides container orchestration, deployment, and scheduling capabilities.
- Provides container Telco enhancement capabilities: Huge page memory, shared memory, DPDK, CPU core binding, and isolation
- Supports container network capabilities, SR-IOV+DPDK, and multiple network planes.
- Supports the IP SAN storage capability of the VM container.
- Migration path from Caas on IaaS towards BMCaaS is not smooth and it will involve complete service deployment, it is true with most operators investing heavily in last few years to productionize the NFVi no body is really considering to empty pockets again to build purely CaaS new and stand-alone platform however smooth migration must be considered.
- We are still in early phase of 5G SA core and eMBB is only use case so still we have not tested the scaling of 5G Core with NFVi based platforms.
- ETSI Specs for CISM are not as mature as expected and again there are a lot of out of the box. customizations done by each vendor VNFM to cater this.
Now let’s consider where the open platforms are lacking and how that might be fixed.
Experience #1: 5G Outgoing traffic from PoD:
The traditional Kubernetes and CaaS Platforms today handles and scales well with ingress controller however 5G PoD’s and containers outgoing traffic is not well addressed as both N-S and E-W traffic follows same path and it becomes an issue of scaling finally.
We know some vendors like Ericsson who already bring products like ECFE and LB in their architecture to address these requirements.
Experience#2: Support for non-IP protocols:
PoD is natively coming with IP and all external communication to be done by Cluster IP’s it means architecture is not designed for non-IP protocols like VLAN, L2TP, VLAN trunking
Experience#3: High performance workloads:
Today all high data throughputs are supported CNI plugin’s which natively are like SR-IOV means totally passthrough, an Operator framework to enhance real time processing is required something we have done with DPDK in the open stack world
Experience#4: Integration of 5G SBI interfaces:
The newly defined SBI interfaces became more like API compared to horizontal call flows, however today all http2/API integration is based on “Primary interfaces” .
It becomes a clear issue as secondary interfaces for inter functional module is not supported.
Experience#5: Multihoming for SCTP and SI is not supported:
For hybrid node connectivity at least towards egress and external networks still require a SCTP link and/or SIP endpoints which is not well supported
Experience#6: Secondary interfaces for CNF’s:
Secondary interfaces raise concerns for both inter-operability, monitoring and O&M, secondary interfaces is very important concept in K8S and 5G CNF’s as it is needed during
- For all Telecom protocols e.g BGP
- Support for Operator frameworks (CRD’s)
- Performance scenarios like CNI’s for SR-IOV
Today, only viable solution is by NSM i.e. a service mesh that solves both management and monitoring issues.
Experience#7: Platform Networking Issues in 5G:
Today in commercial networks for internal networking most products are using Multus+VLAN while for internal based on Multus+VxLAN it requires separate planning for both underlay and overlay and that becomes an issue for large scale 5G SA Core Network
Similarly, top requirements for service in 5G Networks are the following:
- Network separation on each logical interface e.g VRF and each physical sub interface
- Outgoing traffic from PoD
- NAT and reverse proxy
Experience#8: Service Networking Issues in 5G:
For primary networks we are relying on Calico +IPIP while for secondary network we are relying ion Multus
Experience#9: ETSI specs specially for BM CaaS:
Still I believe the ETSI specs for CNF’s are lacking compared to others like 3GPP and that is enough to make a open solution move to a closed through adaptors and plugin’s something we already experienced during SDN introduction in the cloud networks today a rigorous updates are expected on
- IFA038 which is container integration in MANO
- IFA011 which is VNFD with container support
- Sol-3 specs updated for the CIR (Container image registry) support
Experience#10: Duplication of features on NEF/NRM and Cloud platforms:
In the 5G new API ecosystem operators look at their network as a platform opening it to application developers. API exposure is fundamental to 5G as it is built into the architecture natively where applications can talk back to the network, command the network to provide better experience in applications however the NEF and similarly NRF service registry are also functions available on platforms. Today it looks a way is required to share responsibility for such integrations to avoid duplicates.
Reference Architectures for the Standard Platform:
Sol#1: Solving Data Integration issues
Real AI is the next most important thing for telco’s as they evolve in their automation journey from conditional #automation to partial autonomy . However to make any fully functional use case will require first to solve #Data integration architecture as any real product to be successful with #AI in Telco will require to use Graph Databases and Process mining and both of it will based on assumption that all and valid data is there .
Sol#2: AI profiles for processing in Cloud Infra Hardware profiles
With 5G networks relying more on robust mechanisms to ingest and use data of AI , it is very important to agree on hardware profiles that are powerful enough to deliver AI use cases to deliver complete AI pipe lines all the way from flash base to tensor flow along with analytics .
Sol#3: OSS evolution that support data integration pipeline
To evolve to future ENI architecture for use of AI in Telco and ZSM architecture for the closed loop to be based on standard data integration pipeline like proposed in ENI-0017 (Data Integration mechanisms).
Sol#4: Network characteristics
A mature way to handle outgoing traffic and LB need to be included in Telco PaaS.
Sol#5: Telco PaaS
Based on experience with NFV it is clear that IaaS is not the Telco service delivery model and hence use cases like NFVPaaS has been in consideration for the early time of NFV . With CNF introduction that will require a more robust release times it is imperative and not optional to build a stable Telco PaaS that meet Telco requirements. As of today, the direction is to divide platform between general PaaS that will be part of standard cloud platform over release iterations while for specific requirements will be part of Telco PaaS.
The beauty of this architecture is no ensure the multi-vendor component selection between them. The key characteristics to be addressed are discussed below.
Paas#1: Telco PaaS Tools
The agreement on PaaS tools over the complete LCM , there is currently a survey running in the community to agree on this and this is an ongoing study.
Reference: https://wiki.anuket.io/display/HOME/Joint+Anuket+and+XGVELA+PaaS+Survey
Paas#2: Telco PaaS Lawful interception
During recent integrations for NFV and CNF we still rely on Application layer LI characteristics as defined by ETSI and with open cloud layer ensuring the necessary LI requirements are available it is important that PaaS include this part through API’s.
Paas#3: Telco PaaS Charging Characteristics
The resource consumption and reporting of real time resources is very important as with 5G and Edge we will evolve towards the Hybrid cloud.
Paas#4: Telco PaaS Topology management and service discovery
A single API end point to expose both the topology and services towards Application is the key requirement of Telco PaaS
Paas#5: Telco PaaS Security Hardening
With 5G and critical services security hardening has become more and more important, use of tools like Falco and Service mesh is important in this platform
Paas#6: Telco PaaS Tracing and Logging
Although monitoring is quite mature in Kubernetes and its Distros the tracing and logging is still need to be addressed. Today with tools like Jaeger and Kafka /EFK needs to be include in the Telco PaaS
Paas#7: Telco PaaS E2E DevOps
For IT workloads already the DevOps capability is provided by PaaS in a mature manner through both cloud and application tools but with enhancements required by Telco workloads it is important the end-to-end capability of DevOps is ensured. Today tools like Argo need to be considered and it need to be integrated with both the general PaaS and Telco PaaS
Paas#9: Packaging
Standard packages like VNFD which cover both Application and PaaS layer.
Paas#8: Standardization of API’s
API standardization in ETSI fashion is the key requirement of NFV and Telco journey and it needs to be ensured in PaaS layer as well. For Telco PaaS it should cover VES , TMForum,3GPP , ETSI MANO etc . Community has made following workings to standardize this
- TMF 641/640
- 3GPP TS28.532 /531/ 541
- IFA029 containers in NFV
- ETSI FEAT17 which is Telco DevOps
- ETSI TST10 /13 for API testing and verification
Based on these features there is an ongoing effort with in the LFN XGVELA community and I hope more and more users, partners and vendors can join to define the Future Open 5G Platform
Reference: https://github.com/XGVela/XGVela/wiki/XGVela-Meeting-Logistics
………………………………………………………………………………………………………………………………….
Glossary:
|
Term |
Description |
|
NFV |
Network Function Virtualization |
|
VNF |
Virtual Network Functions |
|
CNF |
Containerized Network Functions |
|
UPF |
User Plane Function |
|
AMF |
Access Management Function |
|
TDF |
Traffic Detection Function |
|
PCF |
Policy Charging Function |
|
NSSF |
Network Slice Subnet Function |
|
UDSF |
Unstructured Data Storage Function |
|
A & AI |
Active and Available Inventory |
|
CLAMO |
Control Loop Automation Management Function |
|
NFVI |
Network Function Virtualized Infrastructure |
|
SDN |
Software Defined Networks |
|
VLAN |
Virtual LAN |
|
L2TP |
Layer2 Tunneling Protocol |
|
SBI |
Service Based Interface |
|
NRF |
Network Repository Function |
|
NEF |
Network Exposure Function |
|
NAT |
Network Address translation |
|
LB |
Load Balance |
|
HA |
High Availability |
|
PaaS |
Platform as a Service |
|
ENI |
Enhanced Network Intelligence |
|
ZSM |
Zero touch Service Management |
|
EFK |
Elastic search, FLuentd and Kibana |
|
API |
Application Programming Interface |
………………………………………………………………………………………………………………………………..
About Saad Sheikh:
Saad Sheikh is an experienced telecommunications professional with more than 18 years of experience for leading and delivering technology solutions . He is currently Vice President and Chief Architect with Southtel, which is the leading System integrator in South Africa. There he is leading 5G, Cloud, Edge Networking, Open RAN, Networking and Automation units. He is helping to bring the power of innovative solutions to Africa.
Prior to this he was Chief Architect with STC (Saudi Telecom Company) where he lead the company Cloud Infrastructure Planning and Architecture Design to deliver large scale 5G , NFV , SDN and Cloud projects in Middle East. Previously, he held senior positions with both vendors and operators in Asia, Africa and APAC driving large scale projects in IT and Telecom.
Telefonica in 800 Gbps trial and network slicing pilot test
With this initiative the intention is also to begin building services for customers to be marketed via Telefónica’s 5G network. The project will thus enable Telefónica to obtain key results that will serve to drive the ecosystem and promote the interoperability and standardisation of this technology with a view to its marketing towards the end customer. Some of the sectors that can benefit the most from Network Slicing are the State Security Corps and Forces, media and communication, cars, industry and hotels.