How cloud-native tech will impact 5G mobile networks
Article by Radware vice president of technologies Yaniv Hoffman.
While the rapid advance of 5G communications delivers comprehensive benefits for communication service providers (CSPs), the new technology also presents challenges in security and cost.
CSPs are entering a new phase of network cloudification to transform their network infrastructure. This technology transformation will capitalise on network function virtualisation, software-defined networking and artificial intelligence.
Their strategy to capture new growth is shifting as well. Future growth is being driven by the move to virtualise mobile core networks in response to the growth of user data, the increasing adoption of IoT devices, new 5G business and complex networks.
Network cloudification offers CSPS several significant business benefits:
- Capital expenditure benefits from better utilisation of solutions on general-purpose hardware.
- Operating expenditure benefits from reduced labour and operational efficiencies gained through cloud automation, agility and scalability.
- Value-added services leverage cloud platforms to enable new services and revenue streams.
The original goals for cloud were to decouple growth from cost and rapidly deliver new services. CSPs did this in 4G environments by transitioning the network elements into big virtual network functions.
These functions were too big and not cost-effective. In addition, their use of legacy operations made networks unwieldy to deploy, scale and maintain. These challenges will multiply in the 5G environment.
CSPs understand they must shift to being cloud-native to deliver business agility in rapidly onboard new apps. The scale of 5G opens the door to more devices and a diverse mix of services, making it difficult for legacy operations to keep up.
More CSPs are partnering with cloud providers in order to accelerate the 5G transformation journey, which offers benefits such as fully automated deployments, ease of management and orchestration of workload in the hybrid cloud. The transformation delivers deployment flexibility for demand-driven network growth, reducing manual monitoring.
High profile cloud partnerships demonstrate some of the benefits of 5G. These include:
Microsoft Azure – Microsoft acquired Affirmed Networks (network virtualisation provider specialising in vEPC and v5GC). The partnership allowed Microsoft to produce Azure for Operators: a suite of products with Azure networking and cloud infrastructure, network virtualisation and cloud applications.
AT&T – At the end of June, AT&T announced that it is moving its 5G mobile network to Microsoft cloud. This strategic alliance provides a path for all AT&T mobile network traffic to be managed using Microsoft Azure technologies. Both companies will start with AT&T’s 5G core, which connects mobiles users and IoT devices to the internet and other services.
Nokia and Google – In January, Google Cloud and Nokia announced they would jointly develop cloud-native 5G core solutions for CSPs and enterprise customers. The new partnership will deliver cloud capabilities to the network edge.
Cisco and Altiostar – They partnered to create blueprints to accelerate 4G/5G OpenRAN solutions deployments to service provider networks.
Vodafone and Verizon – They partnered with AWS to explore edge computing opportunities.
VMware has been moving into the telco sector with more updates to its telco cloud platform, including support for Open RAN.
Because of its distributed nature, the deployment of 5G networking infrastructure differs dramatically from previous generations of mobile networks. CSPs face new challenges in moving from a component-based topology to a service-based network.
For example, before 5G, mobile radio access and the core networks consisted of isolatable network elements with specific tasks. In 4G networks, a virtual evolved packet core (EPC) in the network emerged.
5G takes this a step further by transforming all network components into virtual, microservice elements that are software-based and deployed in various locations.
The software-based microservices architecture enables network slicing. This includes the ability to isolate different services, each with its own parameters, setup and security policies — all on one hardware element.
The 5G network must be designed to support multiple security policies, segregated by slice on individual network components. The more slices, the more microservices in the network that are exposed to the internet.
Traditional security methods with predefined rules, thresholds and manual setup will not work in a 5G environment. Service providers need to automate operations and have a scalable infrastructure to manage policies, which requires DevOps capabilities. All security tools need to be automated for onboarding and deployment.
5G networks introduce new traffic patterns that run east/west towards applications. Therefore, there is a need to inspect egress traffic. The number of inspection points increases dramatically from peering points and traffic at edge computing points.
CSPs need to consider the following unique security threats when planning protection for 5G networks:
- In network edge protection, multiple edge (breakouts) and mesh types significantly increase exposure.
- Outbound attacks include IoT botnets and attacks on the network edge.
- Inbound attacks, include floods from public cloud and the internet, and attacks on core network services.
- Network gateway attacks are based on burst attacks, IoT, BOT, API, DNS and SSL, raising complexity and impacting the infrastructure and API gateways.
- Network slicing occurs when each slice has its own threat risk that requires per-slice security policies and a coherent defensive strategy across all slices. Mobile edge core security infrastructure and 5G availability assurance also need protection.
- Attacks on multi-access edge computing components include targeting service capability and mobility management entities. Defences need to prevent network resource failure.
- Outgoing attacks to external servers from IoT devices are also a risk. IT needs to prevent network reputation risk, while infections targeted towards narrow band IoT devices also require protection to avoid IoT device infection with botnets.
- The public/private cloud edge needs protection. The shift in some areas of workload to the public cloud introduces new security concerns to service provider networks with additional shifts in microservice environments and cloud-native network function.
To counter the ever-evolving attacks by cyber-criminals, organisations must include in their defensive armoury WAF/API protection for their cloud-native environments.