Showing posts with label SDN / NFV. Show all posts
Showing posts with label SDN / NFV. Show all posts

Tuesday, 22 March 2022

Realizing Zero Trust Architecture for 5G Networks

Over the last couple of years, I keep on coming across Zero-Trust Architecture (ZTA). A simple way to explain is that the standard model of security is known as perimeter security model, where everything within the perimeter can be trusted. In zero-trust (ZT) model, no assumptions is made about trustworthiness and hence it is also sometimes known as perimeterless security model.

This short video from IBM clearly explains what ZT means:

This blog post from Palo Alto Networks also clearly explains ZT:

By definition, Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero Trust for 5G removes implicit trust regardless of what the situation is, who the user is, where the user is or what application they are trying to access.

The impact of Zero Trust on network security specifically protects the security of sensitive data and critical applications by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention and simplifying granular user-access controls. Where traditional security models operate under the assumption that everything inside an organization’s perimeter can be trusted, the Zero Trust model recognizes that trust is a vulnerability.

In short, Zero Trust for 5G presents an opportunity for service providers, enterprises and organizations to re-think how users, applications and infrastructure are secured in a way that is scalable and sustainable for modern cloud, SDN-based environments and open-sourced 5G networks. Delivering the Zero Trust Enterprise means taking Zero Trust principles, making them actionable and effectively rebuilding security to keep pace with digital transformation. 

A research paper looking at Intelligent ZTA (i-ZTA) provides an interesting approach to security in 5G and beyond. The paper can be downloaded from here. The abstract states:

While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices in multi-radio access technology (RAT) has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. This paper presents the architectural design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. The envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. The i-ZTA is also expected to exploit the multi-access edge computing (MEC) technology of 5G as a key enabler of intelligent MED components for resource-constraint devices.

Ericsson Technology Review covered Zero Trust in 5G Networks in one of their issues. Quoting from the article:

The 3GPP 5G standards define relevant network security features supporting a zero trust approach in the three domains: network access security, network domain security and service-based architecture (SBA) domain security. 

The network access security features provide users with secure access to services through the device (mobile phone or connected IoT device) and protect against attacks on the air interface between the device and the radio node. Network domain security includes features that enable nodes to securely exchange signaling data and user data, for example, between radio and core network functions (NFs).

The 5G SBA is built on web technology and web protocols to enable flexible and scalable deployments using virtualization and container technologies and cloud-based processing platforms. SBA domain security specifies the mechanism for secure communication between NFs within the serving network domain and with other network domains. 

While the new requirements and functionality introduced in the 5G specifications are already aligned with many of the zero trust tenets. It is already evident, however, that further technology development, standardization and implementation are needed in areas such as policy frameworks, security monitoring and trust evaluation to support the adoption of zero trust architecture in new telecom environments that are distributed, open, multi-vendor and/or virtualized.

While various technologies can support organizations in adhering to the guiding principles of zero trust as part of their total active defense strategy, it is important to remember that technology alone will never be sufficient to realize the full potential of zero trust. Successful implementation of a network based on zero trust principles requires the concurrent implementation of information security processes, policies and best practices, as well as the presence of knowledgeable security staff. Regardless of where a CSP is in its transition toward a zero trust architecture, the three pillars of people, processes and technology will continue to be the foundation of a robust security architecture.

Related Posts:

Thursday, 22 July 2021

AT&T Cybersecurity Experts Provide 5G Security Overview

The National Governors Association (NGA) in the USA is the voice of the leaders of 55 states, territories, and commonwealths. On May 24th, the Resource Center for State Cybersecurity featured a panel of experts from AT&T for a conversation on understanding the 5G ecosystem, security risks, supply chain resilience and the challenges and opportunities that exist around deployment.

The talk highlighted top 5G security areas of concern. The top three being:

  • Increased attack surface due to massive increase in connectivity
  • Greater number & variety of devices accessing the network
  • Complexity of extending security policy to new types of non-traditional and IoT devices


Some of the Security Advantages with 5G are highlighted as follows:

  • Software Defined Networking/Virtualization
  • Stronger 3GPP encryption for over-the-air encryption
  • Subscriber Identity Privacy
  • Roaming or network-to-network protection
  • Network Slicing

The slides of the talk is available here and the video is as follows:

Related Posts:

Wednesday, 7 July 2021

Different Types of RAN Architectures - Distributed, Centralized & Cloud


I come across a question relating to the different type of RAN architectures once per month on an average. Even though we have covered the topic as part of some or the other tutorial, we decided to do a dedicated tutorial on this.

The video and slides are embedded below

As always, feedback and comments welcome.

Related Posts:

Wednesday, 30 June 2021

Open RAN Terminology and Players


When we made our little Open RAN explainer, couple of years back, we never imagined this day when so many people in the industry will be talking about Open RAN. I have lost track of the virtual events taking place and Open RAN whitepapers that have been made available just in the last month.

One of the whitepapers just released was from NTT Docomo, just in time for MWC 2021. You can see the link in the Tweet

Even after so much information being available, many people still have basic questions about Open RAN and O-RAN. I helped make an Open RAN explainer series and blogged about it here. Just last week, I blogged about the O-RAN explainer series that I am currently working on, here.

There were some other topics that I couldn't cover elsewhere so made some short videos on them for the 3G4G YouTube channel. The first video/presentation explains Open RAN terminology that different people, companies and organizations use. It starts with open interfaces and then looks at radio hardware disaggregation and compute disaggregation. Moving from 2G/3G/4G to 5G, it also explains the Open RAN approach to a decomposed architecture with RAN functional splits.

If you look at the Telecom Infra Project (TIP) OpenRAN group or O-RAN Alliance, the organizations driving the Open RAN vision and mission, you will notice many new small RAN players are joining one or both of them. In addition, you hear about other Open RAN consortiums that again include small innovative vendors that may not be very well known. 

The second video is an opinion piece looking at what is driving these companies to invest in Open RAN and what can they expect as return in future.

As always, all 3G4G videos' slides are available on our SlideShare channel.

Related Posts:

Friday, 16 October 2020

Couple of Tutorials on ETSI NFV MANO


The premises of virtualization is to move physical network functions (PNF in hardware) into software and to design them in a way so that they can be deployed on a NFVI (Network Functions Virtualization Infrastructure, a.k.a. the cloud).

MANagement and Orchestration (MANO) is a key element of the ETSI network functions virtualization (NFV) architecture. MANO is an architectural framework that coordinates network resources for cloud-based applications and the lifecycle management of virtual network functions (VNFs) and network services. As such, it is crucial for ensuring rapid, reliable NFV deployments at scale. MANO includes the following components: the NFV orchestrator (NFVO), the VNF manager (VNFM), and the virtual infrastructure manager (VIM).

NFV MANO is broken up into three functional blocks:

  • NFV Orchestrator: Responsible for onboarding of new network services (NS) and virtual network function (VNF) packages; NS lifecycle management; global resource management; validation and authorization of network functions virtualization infrastructure (NFVI) resource requests.
  • VNF Manager: Oversees lifecycle management of VNF instances; fills the coordination and adaptation role for configuration and event reporting between NFV infrastructure (NFVI) and Element/Network Management Systems.
  • Virtualized Infrastructure Manager (VIM): Controls and manages the NFVI compute, storage, and network resources.

For the NFV MANO architecture to work properly and effectively, it must be integrated with open application program interfaces (APIs) in the existing systems. The MANO layer works with templates for standard VNFs and gives users the power to pick and choose from existing NFVI resources to deploy their platform or element.

Couple of good old tutorials, good as gold, explaining the ETSI NFV MANO concept. The videos are embedded below. The slides from the video are probably not available but there are other slides from ETSI here. If you are new to this, this is a good presentation to start with.

NFV MANO Part 1: Overview and VNF Lifecycle Management: Uwe Rauschenbach | Rapporteur | ETSI NFV ISG covers:

  • ETSI NFV MANO Concepts
  • VNF Lifecycle Management

NFV MANO Part 2: Network Service Lifecycle Management: Jeremy Fuller | Chair, IFA WG | ETSI NFV ISG covers:
  • Network Service Lifecycle Management

If you have any better suggestions for the slides / video, please feel free to add in the comments.

Related Posts:

Saturday, 10 October 2020

What is Cloud Native and How is it Transforming the Networks?


Cloud native is talked about so often that it is assumed everyone knows what is means. Before going any further, here is a short introductory tutorial here and video by my Parallel Wireless colleague, Amit Ghadge.  

If instead you prefer a more detailed cloud native tutorial, here is another one from Award Solutions.

Back in June, Johanna Newman, Principal Cloud Transformation Manager, Group Technology Strategy & Architecture at Vodafone spoke at the Cloud Native World with regards to Vodafone's Cloud Native Journey 


Roz Roseboro, a former Heavy Reading analyst who covered the telecom market for nearly 20 years and currently a Consulting Analyst at Light Reading wrote a fantastic summary of that talk here. The talk is embedded below and selective extracts from the Light Reading article as follows:

While vendors were able to deliver some cloud-native applications, there were still problems ensuring interoperability at the application level. This means new integrations were required, and that sent opex skyrocketing.

I was heartened to see that Newman acknowledged that there is a difference between "cloud-ready" and "cloud-native." In the early days, many assumed that if a function was virtualized and could be managed using OpenStack, that the journey was over.

However, it soon became clear that disaggregating those functions into containerized microservices would be critical for CSPs to deploy functions rapidly and automate management and achieve the scalability, flexibility and, most importantly, agility that the cloud promised. Newman said as much, remarking that the jump from virtualized to cloud-native was too big a jump for hardware and software vendors to make.

The process of re-architecting VNFs to containerize them and make them cloud-native is non-trivial, and traditional VNF suppliers have not done so at the pace CSPs would like to see. I reference here my standard chicken and egg analogy: Suppliers will not go through the cost and effort to re-architect their software if there are no networks upon which to deploy them. Likewise, CSPs will not go through the cost and effort to deploy new cloud networks if there is no software ready to run on them. Of course, some newer entrants like Rakuten have been able to be cloud-native out of the gate, demonstrating that the promise can be realized, in the right circumstances.

Newman also discussed the integration challenges – which are not unique to telecom, of course, but loom even larger in their complex, multivendor environments. During my time as a cloud infrastructure analyst, in survey after survey, when asked what the most significant barrier to faster adoption of cloud-native architectures, CSPs consistently ranked integration as the most significant.

Newman spent a little time discussing the work of the Common NFVi Telco Taskforce (CNTT), which is charged with developing a handful of reference architectures that suppliers can then design to which will presumably help mitigate many of these integration challenges, not to mention VNF/CNF life cycle management (LCM) and ongoing operations.

Vodafone requires that all new software be cloud-native – calling it the "Cloud Native Golden Rule." This does not come as a surprise, as many CSPs have similar strategies. What did come as a bit of a surprise, was the notion that software-as-a-service (SaaS) is seen as a viable alternative for consuming telco functions. While the vendor with the SaaS offering may not itself be cloud-native (for example, it could still have hardware dependencies), from Vodafone's point of view, it ends up performing as such, given the lower operational and maintenance costs and flexibility of a SaaS consumption model.

If you have some other fantastic links, videos, resources on this topic, feel free to add in the comments.

Related Posts:

Friday, 22 June 2018

5G and IoT Security Update from ETSI Security Week 2018

ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.


Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.

5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?

The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives
The workshop intends to:

  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
  • Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
  • Give an update of what is happening in 3GPP 5G security;
  • Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
  • Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
  • Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
  • Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.


So here are the relevant presentations:

Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson

Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC

Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters

Integrating the SIM (iUICC), Adrian Escott, QUALCOMM

Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman

Network Slicing, Anne-Marie Praden, Gemalto

Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet

5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo

Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies

ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17

Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO


Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems

Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems

5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup

Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs

Security Best Practises using RESTful APIs, Sven Walther, CA Technologies

Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence

Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)


Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson


Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal

Setting the Scene, Franck Boissière, European Commission

ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA

Smart City Aspects, Bram Reinders, Institute for Future of Living

The Network Operators Perspective on IoT Security, Ian Smith, GSMA


Related Links:

Sunday, 25 March 2018

5G Security Updates - March 2018


Its been a while since I wrote about 5G security in this fast changing 5G world. If you are new to 3GPP security, you may want to start with my tutorial here.

3GPP SA3 Chairman, Anand R. Prasad recently mentioned in his LinkedIn post:

5G security specification finalized! Paving path for new business & worry less connected technology use.

3GPP SA3 delegates worked long hours diligently to conclude the specification for 5G security standard during 26 Feb.-2 Mar. Several obstacles were overcome by focussed effort of individuals & companies from around the globe. Thanks and congrats to everyone!

All together 1000s of hours of work with millions of miles of travel were spent in 1 week to get the work done. This took 8 meetings (kicked off Feb. 2017) numerous on-line meetings and conference calls.

Excited to declare that this tremendous effort led to timely completion of 5G security specification (TS 33.501) providing secure services to everyone and everything!

The latest version of specs is on 3GPP website here.

ITU also held a workshop on 5G Security in Geneva, Switzerland on 19 March 2018 (link). There were quite a few interesting presentations. Below are some slides that caught my attention.

The picture in the tweet above from China Mobile summarises the major 5G security issues very well. 5G security is going to be far more challenging than previous generations.

The presentation by Haiguang Wang, Huawei contained a lot of good technical information. The picture at the top is from that presentation and highlights the difference between 4G & 5G Security Architecture.


New entities have been introduced to make 5G more open.


EPS-AKA vs 5G-AKA (AKA = Authentication and Key Agreement) for trusted nodes


EAP-AKA' for untrusted nodes.


Slice security is an important topic that multiple speakers touched upon and I think it would continue to be discussed for a foreseeable future.

Dr. Stan Wing S. Wong from King’s College London has some good slides on 5G security issues arising out of Multi-Tenancy and Multi-Network Slicing.

Peter Schneider from Nokia-Bell Labs had good slides on 5G Security Overview for Programmable Cloud-Based Mobile Networks

Sander Kievit from TNO, a regular participant of working group SA3 of 3GPP on behalf of the Dutch operator KPN presented a view from 3GPP SA3 on the Security work item progress (slides). The slide above highlights the changes in 5G key hierarchy.

The ITU 5G Security Workshop Outcomes is available here.

ETSI Security Week 2018 will be held 11-15 June 2018. 5G security/privacy is one of the topics.

There is also 5GPPP Workshop on 5G Networks Security (5G-NS 2018), being held in Hamburg, Germany on August 27-30, 2018.

In the meantime, please feel free to add your comments & suggestions below.


Related Posts & Further Reading:

Tuesday, 13 February 2018

Artificial Intelligence - Beyond SON for Autonomous Networks


What is the next step in evolution of SON? Artificial Intelligence obviously. The use of artificial intelligence (AI) techniques in the network supervisory system could help solve some of the problems of future network deployment and operation. ETSI has therefore set up a new 'Industry Specification Group' on 'Experiential Networked Intelligence' (ISG ENI) to develop standards for a Network Supervisory assistant system.


The ISG ENI focuses on improving the operator experience, adding closed-loop artificial intelligence mechanisms based on context-aware, metadata-driven policies to more quickly recognize and incorporate new and changed knowledge, and hence, make actionable decisions. ENI will specify a set of use cases, and the generic technology independent architecture, for a network supervisory assistant system based on the ‘observe-orient-decide-act’ control loop model. This model can assist decision-making systems, such as network control and management systems, to adjust services and resources offered based on changes in user needs, environmental conditions and business goals.


The introduction of technologies such as Software-Defined Networking (SDN), Network Functions Virtualisation (NFV) and network slicing means that networks are becoming more flexible and powerful. These technologies transfer much of the complexity in a network from hardware to software, from the network itself to its management and operation. ENI will make the deployment of SDN and NFV more intelligent and efficient and will assist the management and orchestration of the network.


We expect to complete the first phase of ENI work in 2019. It will include a description of use cases and requirements and terminology, including a definition of features, capabilities and policies, which we will publish in a series of informative best practice documents (Group Reports (GRs)).
This will of course require co-operation from many different industry bodies including GSMA, ITU-T, MEF, IETF, etc.

Will see how this goes.

Further reading:



Tuesday, 25 July 2017

5G Security Updates - July 2017


Its been nearly 2 years since I last blogged about ETSI Security workshop. A lot has changed since then, especially as 5G is already in the process of being standardised. This is in addition to NFV / SDN that also applied to 4G networks.

ETSI Security Week (12 - 16 June) covered lot more than 5G, NFV, SDN, etc. Security specialists can follow the link to get all the details (if they were not already aware of).

I want to quickly provide 3 links so people can find all the useful information:

NFV Security Tutorialdesigned to educate attendees on security concerns facing operators and providers as they move forward with implementing NFV. While the topics are focused on security and are technical in nature we believe any individual responsible for designing, implementing or operating a NFV system in an organization will benefit from this session. Slides here.

NFV Security: Network Functions Virtualization (NFV), leveraging cloud computing, is set to radically change the architecture, security, and implementation of telecommunications networks globally. The NFV Security day will have a sharp focus on the NFV security and will bring together the world-wide community of the NFV security leaders from the industry, academia, and regulators. If you want to meet the movers and shakers in this field, get a clear understanding of the NFV security problems, challenges, opportunities, and the state of the art development of security solutions, this day is for you. Slides here.



5G Security: The objectives of this event are to:
  • Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views will shape together in order to understand the challenges, threats and the security requirements that the 5G scenarios will be bringing.
  • Give an update of what is happening in:
    • 5G security research: Lot of research is on-going on 5G security and several projects exist on the topic.
    • 5G security standards: Standardization bodies have already started working 5G security and their work progress will be reviewed. Also any gap or additional standardization requirements will be discussed.
    • Verticals and business (non-technical) 5G security requirements: 5G is playground where different verticals besides the telecom industry is playing a role and their requirements will be key for the design of 5G security. In addition 5G is where "security" will become the business driver.
  • Debate about hot topics such as: IoT security, Advances in lightweight cryptography, Slicing security. Privacy. Secure storage and processing. Security of the interconnection network (DIAMETER security). Relevance of Quantum Safe Cryptography for 5G, Authorization concepts....
Slides for 5G Security here.

In addition, Jaya Baloo, CISO, KPN Telecom talks about 5G network security at TechXLR8 2017. Embedded is a video of that:


Friday, 2 September 2016

Some more thoughts on 5G

5G is often seen as a panacea for everything that is imperfect in mobile technology. Any issues with coverage, capacity, connectivity and speed are all expected to be solved with the arrival of 5G. While I don’t think we will be able to solve all the issues on the table, 5G will hopefully resolve quite a few of them.

Back in June I did an interview with the organizers of 5G World Series where I expressed my views for the questions that were posed to me. You can see this interview below.


Now that I have had time to think about the questions, here are a bit more detailed thoughts. As always, feedback, comments & suggestions welcome


Q: What will network architecture look like in the 5G era?

I have long argued that 5G will not be a single technology but a combination of multiple old and new technologies. You will often find various terms like Multi-stream Aggregation (MSA), Opportunistic Aggregation and Multi-connectivity being used to explain this. Not only will 2G, 3G and 4G have a role to play, Wi-Fi and other unlicensed technologies would be a part of 5G too.

I have had many discussions on this topic with respected analysts and many of them agree.
One of the approaches being proposed for the initial version of 5G is the non-standalone version of 5G which will use LTE as the control plane anchor and new 5G radio for user plane. Not only will this be easier to deploy along with the existing LTE network, it would be faster and hopefully less costly.

Q: To what extent is 5G dependent on virtualization?

Networks and Network Functions are progressively being virtualized, independently of 5G. Having said that, virtualization will play a big role in achieving the 5G architecture. Mobile operators can’t be expected to keep paying for proprietary hardware; virtualization would help with cost reduction and quick deployments.

Network slicing for instance will help partition the network for different requirements, on the fly depending on what is going on at any particular time.

Related post: 5G, NFV and Network Slicing


Q: What is your view on the interplay between standards and open-source developments?

Standards enable cost reduction by achieving economy of scale whereas open-source development enable innovation and quick deployment. They are both needed and they will willingly or unwillingly co-exist.


Q: What do you see as the 3 greatest technical uncertainties or challenges on route to 5G?

While there are many known and unknown challenges with 5G, some obvious ones that we can see are:

  • Spectrum identification and harmonization.
  • Getting to the right architecture which is backward compatible and future proof, without making it too complex
  • SON – Once you have everything in place you have to make many different parts of the network work together with different kinds of loads and traffic. SON will play a crucial role here.


Q: What would 5G actually mean for consumers, business and IoT? / What will 5G allow me to do that I can’t right now with 4G?

There are a lot of interesting use cases being discussed like remote operations and remote controlled cars but most of them do not represent the general consumers and some of them are just gimmicks.

NGMN - 5G Use case families and related examples

I really like the NGMN whitepaper that laid out some simple use cases.

If done properly, 5G will allow:

  • Simplification of the network resulting in low latency – this means that your content will load faster and the delay between requests and responses are small. 
  • Reasonable speed broadband everywhere - This will also depend on the operators’ rollouts plan but different technologies in 5G network would (should) enable a good speed reliable broadband not just in the middle of the cell but also on the edges. In fact, the concept of edges should be looked at in 5G and a solution to avoid data rates falling off should be found.
  • Connectivity on the move – Whether we are talking about connectivity in trains/buses or from public safety point of view, it is important to define group connectivity, direct communications, etc.


Q: What will set companies apart in the development of 5G?

The days of vendor lock-ins are over. What will set companies apart is their willingness to be open to working with other companies by having open API’s and interfaces. Operator networks will include solutions from many different vendors. For them to be quick to bring innovative solutions to the market, they need vendors to work together rather than against each other.


Q: There is a lot of talk about the vision for 2020. What do you think the world will look like in terms of connectivity in 2030?

It would be fair to say that by 2030, connectivity would have reached a completely new dimension. One of the big areas of development that is being ignored by mainstream mobile community is the development of satellite communications. There are many low earth orbit (LEO) constellations and high-throughput satellites (HTS) being developed. These LEO and HTS combination can provide high speed connectivity with 4G like latency and high throughputs for planes/ships which cannot be served by ground based mobile technology. Broadband access everywhere will only become a reality with satellite technology complementing mobile technology.

Related Post: The role of satellites in 5G world

Disclaimer: This blog is maintained in my personal capacity and this post expresses my own personal views, not the views of my employer or anyone else. 

Sunday, 21 February 2016

Possible 5G Network Architecture Evolution


Came across this interesting Network Architecture evolution Roadmap by Netmanias. Its embedded below and available to download from the Netmanias website.



Saturday, 30 January 2016

SDN & NFV lecture

I have been meaning to add this interesting lecture delivered by Dr. Yaakov Stein of RAD at IETF.

The video, which cannot be embedded, is available here. If you cant wait to get into the main presentation, jump to 19.40 on the time bar at the bottom.

The slides from the presentation are embedded below.



Assuming that you understand NFV and SDN well, have a look at another interesting whitepaper that was published by Signals Research group, "Bending Iron – Software Defined Networks & Virtualization for the Mobile Operator", available here.

Saturday, 28 November 2015

5G, NFV and Network Slicing


5G networks have multifaceted requirements where the network needs to be optimised for data rate, delay and connection numbers. While some industry analysts suspect that these requirements cannot be met by a single network, vendors suggest that Network Slicing will allow all these requirements to be met by a single network.

Ericsson's whitepaper provides a good definition of what network slicing means:

A logical instantiation of a network is often called a network slice. Network slices are possible to create with both legacy platforms and network functions, but virtualization technologies substantially lower barriers to using the technology, for example through increased flexibility and decreased costs.
...
Another aspect of management and network slicing is setting up separate management domains for different network slices. This may allow for completely separate management of different parts of the network that are used for different purposes. Examples of use cases include mobile virtual network operators (MVNOs) and enterprise solutions. This kind of network slice would, in current Evolved Packet Core (EPC) networks, only cover the PDN gateway (PGW) and the policy control resource function (PCRF). However, for machine type communication (MTC) and machine-tomachine (M2M) solutions, it is likely that it would also cover the Mobile Management Entities (MMEs) and Serving Gateways (SGWs).


NGMN came out with the 5G whitepaper which touched on this subject too: 

Figure above illustrates an example of multiple 5G slices concurrently operated on the same infrastructure. For example, a 5G slice for typical smartphone use can be realized by setting fully-fledged functions distributed across the network. Security, reliability and latency will be critical for a 5G slice supporting automotive use case. For such a slice, all the necessary (and potentially dedicated) functions can be instantiated at the cloud edge node, including the necessary vertical application due to latency constraints. To allow on-boarding of such a vertical application on a cloud node, sufficient open interfaces should be defined. For a 5G slice supporting massive machine type devices (e.g., sensors), some basic C-plane functions can be configured, omitting e.g., any mobility functions, with contentionbased resources for the access. There could be other dedicated slices operating in parallel, as well as a generic slice providing basic best-effort connectivity, to cope with unknown use cases and traffic. Irrespective of the slices to be supported by the network, the 5G network should contain functionality that ensures controlled and secure operation of the network end-to-end and at any circumstance.


Netmanias has a detailed article on this topic which is quite interesting too, its available here.

Recently, South Korean operator SK Telecom and Ericsson concluded a successful trial of this technology, see here. Ericsson is also working with NTT Docomo on 5G including network slicing, see here.

Sunday, 15 February 2015

5G and NFV


In my 5G: A 2020 vision presentation, I argued that some of the technologies that will be necessary for 5G is in fact independent of 5G. One such technology is NFV. Having said that, I also argue that the minimum prototype for 5G would require an NFV based implementation.


Tieto gave an interesting presentation in our last Small Cell SIG event explaining how the network will be implemented based on NFV. The presentation is embedded below:



There is also an interesting paper that expands on this further, available from Slideshare here.

Monday, 1 December 2014

Bringing Network Function Virtualization (NFV) to LTE

SDN and NFV have gained immense popularity recently. Not only are they considered important for reducing the Capex and Opex but are being touted as an important cog in the 4.5G/5G network. See here for instance.


I introduced NFV to the blog nearly a year back here. ETSI had just published their first specs around then. When I talked about SDN/NFV back in May, these ETSI standards were evolving into a significant reference documents. This is a reason 4G Americas recently published this whitepaper (embedded below), for the operators to start migrating to NFV architecture to reap long term benefits. The following is from the whitepaper:

The strategies and solutions explored in the 4G Americas report on NFV aim to address these issues and others by leveraging IT virtualization technology to consolidate many network equipment types onto industry standard high volume servers, networking and storage. NFV is about separating network functions from proprietary hardware and then consolidating and running those functions as virtualized applications on a commodity server. Broadly speaking, NFV will enable carriers to virtualize network functions and run them as software applications within their networks. NFV focuses on virtualizing network functions such as firewalls, Wide-Area Network (WAN) acceleration, network routers, border controllers (used in Voice over IP (VoIP) networks), Content Delivery Networks (CDNs) and other specialized network applications. NFV is applicable to a wide variety of networking functions in both fixed and mobile networks.
“NFV is making great progress throughout the world as operators work with their vendor partners to address the opportunities of increasing efficiency within their network infrastructure elements,” stated Chris Pearson, President of 4G Americas. “There is a great deal of collaborative innovation and cooperation between wireless carriers, IT vendors, networking companies and wireless infrastructure vendors making NFV for LTE possible.”
Global communication service providers, along with many leading vendors, are participating in the European Telecommunications Standards Institute’s (ETSI) Industry Specification Group for Network Functions Virtualization (NFV ISG) to address challenges such as:
  • An increasing variety of proprietary hardware appliances like routers, firewalls and switches
  • Space and power to accommodate these appliances
  • Capital investment challenges
  • Short lifespan
  • A long procure-design-integrate-deploy lifecycle
  • Increasing complexity and diversity of network traffic
  • Network capacity limitations
Three main benefits of NFV outlined in the 4G Americas paper include:
  • Improved capital efficiency: Provisioning capacity for all functions versus each individual function, providing more granular capacity, exploiting the larger economies of scale associated with Commercial Off-the-Shelf (COTS) hardware, centralizing Virtual Network Functions (VNFs) in data centers where latency requirements allow, and separately and dynamically scaling VNFs residing in the user (or data or forwarding) plane designed for execution in the cloud, control and user-plane functions as needed.
  • Operational efficiencies: Deploying VNFs as software using cloud management techniques which enables scalable automation at the click of an operator’s (or customer’s) mouse or in response to stimulus from network analytics. The ability to automate onboarding, provisioning and in-service activation of new virtualized network functions can yield significant savings. 
  • Service agility, innovation and differentiation: In deploying these new VNFs, time-to-market for new network services can be significantly reduced, increasing the operator’s ability to capture market share and develop market-differentiating services.
In particular, mobile operators can take advantage of NFV as new services are introduced. Evolved Packet Core (EPC), Voice over LTE (VoLTE), IP Multimedia System (IMS) and enhanced messaging services, among others, are examples of opportunities to use virtualized solutions. Some operators started deploying elements of NFV in 2013 with an expectation that many service areas could be mostly virtualized in the next decade.

The whitepaper as follows:


Sunday, 21 September 2014

NFV and 5G compatibility issues

There was an interesting discussion on Twitter that has been storified by Keith Dyer. Lets start by having a quick look at the C-RAN architecture that features in the discussion.


There are couple of excellent C-RAN presentations for anyone interested. This one by EE (with 9K+ views) and this from Orange (with 19K+ views).

Anyway, here is the story:


For anyone interested in exploring the discussion further, The Mobile Network has a more detailed comments here.

There are also an interesting article worth reading: