Transforming towards a cloud-native architecture brings service providers many advantages and challenges. F5 cloud-native solutions help accelerate 5G adoption.
Delivering Applications and Services Closer to Subscribers
The introduction of 5G is a catalyst in accelerating the development of millions of new applications. Massive amounts of data-heavy and latency-sensitive applications are being developed, resulting in a movement of subscriber computing to multi-access edge computing (MEC). MEC brings computing, storage, networking, and services closer to applications, devices, and users. It also delivers lower latency and enhanced security, paving the way for innovations in industries ranging from government to healthcare to manufacturing.
A Cloud-Native Architecture Is Vital in an App-Centric World
Service providers continue the 5G journey by building out microservices-based, cloud-native infrastructure from the core to the edge of the network. This cloud-native solution is an evolution of a virtualized network. Dynamically provisioning workloads within a network enables new levels of operational automation, flexibility, and adaptability.
Moving to a cloud-native architecture includes many advantages:
Cloud-native applications consume up to 40% fewer resources compared with virtual machine-based software.
Shifting to Network Disaggregation with a Service-Based Architecture
Service providers are defining and deploying a cloud-native infrastructure across the entire network from the core to the far edge. As defined by the 3rd Generation Partnership Project (3GPP), a Service-Based Architecture (SBA) is a set of interconnected network functions (NFs) that deliver the control plane functionality and common data repositories of a 5G network. Supporting a cloud-native SBA brings new requirements for the control, coordination, and orchestration of disaggregated network functions that are distributed across the network. Network functions are containerized microservices that can support the 5G Core, virtualized radio access network (vRAN), and the N6-LAN network functions.
Figure 1: A 5G end-to-end, cloud-native architecture from core data center to far edge
5G Network Disaggregation
Cloud-native, service-based architecture introduces a paradigm shift that enables service providers to migrate from a vertical to a horizontal stack implementation. A vertical stack approach increases vendor lock-in and requires that each vendor enables its own infrastructure, increasing complexity.
A horizontal stack approach breaks such vendor complications and limitations while enabling the service provider to maintain control and visibility of its network. With a horizontal stack, service providers gain a consistent cloud-native infrastructure (telco cloud) implemented across core, edge, and far-edge sites—supporting vRAN, a standalone (SA) 5G Core, internal applications, and enterprise- and consumer-facing applications 5G allows service providers to move to a horizontal stack approach, making it possible to scale edge sites as needed for subscribers.
A cloud-native, service-based architecture has brought about a paradigm shift that enables service providers to migrate from a vertical to a horizontal stack implementation.
Figure 2a: Vertical stack approach
Figure 2b: Horizontal stack approach
Table 1 highlights the key drivers for 5G disaggregation, which enables service providers to realize the complete benefits of a cloud-native infrastructure.
DRIVERS FOR DISAGGREGATIONS
Dynamic and real-time network maintenance
Automated and closed-loop maintenance predicated on model- and policy-driven processes, open application programming interfaces (APIs), and cross-domain and real-time data and telemetry
Multi-vendor 5G network deployments
Multi-vendor, modular, and horizontal stack for 5G Core deployments that are interoperable among multiple clouds (for example, telco cloud, edge, public)
Cloud-native methodologies and technologies
Underpinning technologies including Kubernetes, microservices, state-optimized design, service mesh, network service mesh, Platform as a Service (PaaS), machine learning, and artificial intelligence
Modern software design
Software design is pegged to fine-grained, isolated, and elastic functions (microservices) based on declarative (model-like) DevOps and cloud principles. This is in contrast to physical appliances characterized by coarse-grained component granularity, linear processes, and a prescriptive/imperative (script-like) model.
Table 1: Drivers for disaggregation in a 5G network
Kubernetes has become the standard for cloud-native architecture container management and orchestration. However, Kubernetes was not designed to host telco network functions (NFs) and their telco specific protocols, such as 5G HTTP/2-REST, Diameter, SIP, GTP, and SCTP.
The challenges that service providers face with Kubernetes include:
F5 5G Solutions
F5 provides solutions that address these cloud-native infrastructure challenges and support the networking and security requirements for the vRAN, 5G Core, and enterprise applications. F5 solutions include:
Figure 3: F5 solutions across a distributed 5G network
F5 BIG-IP Next Service Proxy for Kubernetes
The F5 BIG-IP Next Service Proxy for Kubernetes (SPK) is a unique offering specifically designed to provide a single point of networking and security for Kubernetes and specifically architected for service provider networks. BIG-IP Next SPK provides a single point of networking for the cluster (ingress and egress), reduces the attack surface for greater security, and supports 4G and 5G signaling protocols. BIG-IP Next SPK aligns with Kubernetes design patterns for configuration and orchestration. BIG-IP SPK delivers:
F5 Carrier-Grade Aspen Mesh
F5 Carrier-Grade Aspen Mesh helps service providers improve application traffic visibility, security, and policy management. The service mesh is designed specifically for service provider cloud-native infrastructures and is built on the open source platform Istio with added features critical for a service provider network. F5 Carrier-Grade Aspen Mesh delivers:
In addition to these features, F5 Carrier-Grade Aspen Mesh provides packet capture capabilities, which standard Kubernetes does not. Packet capture is important for troubleshooting communication issues between CNFs within the cluster and to support governmental requirements such as lawful intercept.
5G SA Core Example
BIG-IP Next SPK and Carrier-Grade Aspen Mesh solve different challenges of using Kubernetes in a 5G cloud-native infrastructure. BIG-IP Next SPK meets the need for multi-protocol signaling support, security, and visibility of traffic ingressing and egressing the Kubernetes cluster, while Carrier-Grade Aspen Mesh addresses communication between CNFs. Both are critical to the deployment of a 5G cloud-native infrastructure.
Figure 4: An SA 5G Core, cloud-native networking architecture utilizing BIG-IP Next SPK and Carrier-Grade Aspen Mesh
F5 N6 LAN Services
5G networks deliver dynamic applications that can be deployed at the core data center, edge, and far edge. Network functions that used to be located in the S/Gi-LAN in 4G are now service-based CNFs that can move to the location of the applications.
New network functions are self-contained, independent, and reusable. Each network function service exposes its functionality through a service-based interface (SBI), which employs a well-defined REST interface using HTTP/2. This functionality, called N6 LAN, is at the N6 interface between the packet gateway and the data network.
F5 N6 LAN network functions include traffic management, network security, DNS services, policy enforcement, and carrier-grade network address translation (NAT). Until recently, most of these services have been implemented on dedicated hardware devices, but with the rise of virtualized infrastructure those network functions are now being deployed as virtual network functions (VNFs) and more recently cloud-native network functions (CNFs).
To meet service provider needs, F5 provides the industry’s most comprehensive set of N6 services in a consolidated and virtualized solution. Consolidating and virtualizing N6 services can result in up to a 60% reduction in capital and operating expenditures—while boosting performance and lowering latency.2
The F5 N6 services solution integrates a wide range of services from security to video optimization into a single platform. Service expansion is simplified, and the unified framework ensures there is a common technology to help service providers optimize their network and transition to 5G.
F5’s N6 LAN network functions may be consumed as hardware appliances, VNFs, or CNFs, allowing the service provider to choose the best deployment solution for the use case.
Figure 5a: Gi-LAN/N6 services offered
Figure 5b: F5 simplifies the design, deployment, and operation of critical N6 services
With F5 N6 solutions and services, service providers can:
F5 Security Solutions
5G delivers more connection points, higher throughput, and new protocols that increase the number of security attack surfaces. Comprehensive security is required throughout the network, including at the core, edge, and far edge. F5 security tools include:
F5 DDoS protection: Delivers seamless, flexible, and easy-to-deploy solutions that enable a fast response, no matter the type of distributed denial-of-service (DDoS) attack. DDoS protection products include F5 DDoS Hybrid Defender and F5 Silverline DDoS Protection.
F5 AFM: Provides comprehensive protection for networks and protocols to ensure subscribers’ experience to reduce churn and increase revenues. Actionable visibility enables fast mitigation of attacks.
F5 Advanced Web Application Firewall (WAF): Protects apps with behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data. Defends against the most prevalent attacks against apps without requiring updates to the apps themselves.
F5 Distributed Cloud Bot Defense: Leverages artificial intelligence and machine learning to defeat attackers and prevent fraud. Protects web and mobile applications and API endpoints from sophisticated automation attacks that would otherwise result in large-scale fraud.
Why Use Service Provider 5G Solutions from F5
Smooth the transition to 5G
Maintain the 4G infrastructure and foster interoperability with Kubernetes and the 5G Core with help from F5 that includes:
Achieve cloud-native performance and security
Build a cloud-native, container-based architecture by leveraging Kubernetes and advanced security. With F5, service providers can:
Maximize traffic visibility and control
Gain service-provider-related functionality for the control and visibility that are critical for transitioning to 5G with Kubernetes containers. F5 delivers:
5G networks are poised to deliver high bandwidth, low latency, and faster performance—both driving and enabling application innovation and new business models. To deliver cost-effective 5G performance, service providers are taking advantage of the microservices-based, cloud-native containerized architecture already in use by enterprises. These new solutions give service providers the ability to dynamically place workloads within a network and build out their MEC platform to support the next generation of applications.
Leading-edge solutions from F5 help service providers deliver new 5G functionality while maintaining their existing 4G core networks. F5 BIG-IP Next Service Proxy for Kubernetes (SPK) and F5 Carrier-Grade Aspen Mesh enable service providers to maintain real-time application visibility, scale to meet demand, and increase traffic visibility and security. F5 N6 LAN solutions help service providers deliver network functions, reducing cost and improving performance. These solutions work in conjunction with F5 security solutions designed to protect networks from new attack vectors and threats. With the right solutions in place, service providers can take advantage of the many benefits of a cloud-native infrastructure from the core to the far edge of the network as they embark on the 5G journey.