Converged Packet Core
Modernize existing mobile networks for a flexible, cost-effective journey to 5G.
5G signaling is a crucial aspect of the 5G core network. A carefully designed signaling architecture delivers optimal network performance with load-balanced network functions (NFs), eliminating bottlenecks and resulting in a highly dependable and secure network.
Mavenir provides a 5G signaling solution that enables robust communication in 5G networks for:
Mavenir’s Service Communication Proxy (SCP) and Security Edge Protection Proxy (SEPP) are built from the ground up on stringent cloud-native principles. They endow Mavenir’s 5G Signaling solution with cloud-native and architectural benefits that offer operational efficiency, better performance, resource efficiency and webscale capacity.
Learn the mechanisms defined by 3GPP to secure inter-PLMN signaling and traffic on 5G interconnections and how Mavenir’s Secure Edge Protection Proxy (SEPP) protects the edge of the MNO’s core network and facilitates roaming use cases.
Mavenir’s SCP performs message mediation to harmonize messages exchanged between NFs from different vendors or supporting different 3GPP releases.
In the Service-Based Architecture (SBA), defined by 3GPP, the interconnected Network Functions (NFs) mutually authenticate each other and, where applicable, are authorized to access the services of other producer NFs (pNFs). A pNF (the NF whose service is requested) provides services to a consumer NF (cNF – the NF that utilizes the service) and vice-versa—a consumer NF can be a producer NF for other network functions.
To facilitate this process, the Service-Based Architecture enables a centralized discovery framework that employs an NF Repository Function (NRF), which maintains a record of available NF instances and their supported services. It allows other NF instances to subscribe and be notified of registrations from NF instances.
In the 3GPP release 15 architecture, each NF when acting as a cNF, is responsible for choosing a pNF from among the set of results returned from a query to the Network Repository Function (NRF), performing load balancing among those results, managing faults and timeouts that sometimes result in failover to a different instance of the pNF, and also adjusting its behavior to account for implementation differences among different vendors of the same type of pNF.
In Release 16 however, 3GPP introduced the Service Communication Proxy (SCP) to enable consumer NFs to outsource these responsibilities to a central function that can be more easily configured, monitored, and managed.
The SCP provides load balancing in a distributed cloud environment and makes inter-vendor integration more feasible and easier.
The use of SCP in 5G core networks is comparable to the use of a diameter routing agent in 4G mobile core networks. The SCP acts as an intermediary between services and NF instances, gains awareness of content, performance and mediation in the control plane, and balances loads across all NFs.
Fifth generation (5G) wireless technology is built on a services-based architecture that uses HTTP/2 based signaling. Being the communication language of the internet, attackers and fraudsters are more familiar and knowledgeable about HTTP/2, and the security mechanisms used for 4G and earlier wireless generations are no longer adequate or secure enough.
Interconnection and roaming are critical for mobile operators, and they are highly interested in ensuring the security of all inter-PLMN (Public Land Mobile Networks) signaling and traffic.
Hence, 3GPP built in security into the 5G architecture and standards—to make it ‘secure by design’— by defining N32 as the interconnection interface. And their System Security Group (3GPP SA3) has defined a mechanism for securing the 5G signaling over the interconnect by introducing the Secure Edge Protection Proxy (SEPP), which protects the edge of the mobile operator 5G Core network.
In comparison to 4G and earlier generations, SEPP is a new network element, and its main function is to protect the local mobile network edge, acting as the security edge proxy on the interconnection between the local network and remote networks.
Mavenir SEPP is the only available product that is 3GPP Rel-17 compliant and supports PRINS (Protocol for N32 Interconnect Security). Mavenir SEPP can perform dynamic mediation for inter-PLMN connections where interoperability issues are more likely to occur.