Building Secure and Scalable 5G Networks

 

Industry projections estimate that there will be 50 billion connected devices worldwide by 2020, or 7 devices for every person on earth. The fifth generation of mobile networks (5G) will be the next important step in the evolution of mobile communications in an aspiration to build a connected society. 5G promises ubiquitous high-speed mobile broadband service and will be instrumental in the adoption of IoT technologies like wearables, smart homes, industry applications, and traffic control. To architect 5G networks as critical infrastructure in this mobile evolution to a connected society, service providers will face tremendous regulatory and end user pressure to build 5G networks that are secure and scalable.

 

5G Network Requirements

5G seeks to deliver greater throughput, lower latency, and higher reliability with integrated security mechanisms. These include:

  • Sub-1ms latency for the air interface
  • Downlink speeds greater than 1Gbps
  • 10-100x increase in connected devices with higher connection rates and throughput
  • Higher security due to increased vulnerabilities with the number of connected devices

 

 

Secure and Scale 5G Networks

The increased number of applications and services will open up new threat vectors that may expose service providers’ assets and impact service availability. The large and diverse number of devices connected to the network may become targets of hacking and denial-of-service attacks. These potentially damaging effects from new Distributed Denial of Service (DDoS) attacks and malicious Advanced Persistent Threats (APTs) against 5G networks could have severe consequences. Given that 5G will be the critical infrastructure, these evolved threats will put tremendous pressure on service providers to build and strengthen security in the network.

Aside from security, scale and performance will be required to handle the surge of millions to billions of secure DNS requests per second that may impact network performance and availability. The inevitable spikes in network signaling, and attacks in signaling protocols such as SIP and Diameter, could cause signaling storms, potentially bringing down the network. To optimize performance and improve quality of user experience, service providers need tools to manage traffic priority and steer traffic based on the device type, its current application, and associated signaling.

To handle IoT devices coupled with requirements such as an ultra-low latency data path for certain use cases, prioritization of each device, and its corresponding applications connected on the 5G networks, service providers will need a long-term strategy to address the security of their networks. This includes protecting the network and applications from known and unknown security threats that impact devices, networks, and applications. Specifically, mechanisms to ensure and protect user data and networks at every layer while providing a seamless transition from purpose-built implementations to NFV solutions that are flexible and programmable.

 

Secure every layer in SPs network

To protect against sophisticated and emerging threats and maintaining a highly available network, service providers need to secure every layer in their network. This includes mitigating and protecting attacks on the DNS infrastructure, core network resources, and L7 application services.

 

Scale with highest performance solution

To handle the explosive growth in the number of subscribers, data usage, and the rise of IoT connectivity, SPs will need to invest in solutions that can scale at high performance. This includes SW/HW platforms that can scale for billions of concurrent connections and support millions of new connections per second.

In response to these high scale connectivity requirements, F5 has launched its B4450 blade, which is the industry’s highest performing security solution for next generation mobile networks.  The 100GbE NEBS-compliant platform delivers unparalleled performance with 1.2 billion concurrent connections, more than 20 million connections per second and 1.2TB of throughput.

 

Offer a programmable platform

Service agility is key to the service provider’s ability to implement new revenue generating services.  Being able to simplify and automate provisioning and upgrades of services are critical factors to agility. A programmable interface provides service providers the agility to flexibly develop and tailor L4-L7 services and functions.

F5 offers flexible deployment options with support across all major virtualization platforms. F5 solutions enable fully customizable network and application layer visibility and control using iRules, iApps, and iControl. F5 VNFs support a broad range of major hypervisor and virtualization platforms for VMware, KVM, Xen, Hyper-V, and Linux. F5’s BIG-IQ Cloud can be used as VNFM for F5 VNFs. BIG-IQ Cloud can be integrated with preferred vendors MANO solutions. 

 

Consolidate L4-L7 services

To help reduce network complexity and simplify network architectures, service providers can leverage service chaining or consolidating of services such as ADC, FW, DNS, policy management, and CGNAT within a single platform.

F5 helps SPs optimize networks. F5 consolidates L4-L7 services and simplifies network architectures reducing CapEx and OpEx.  As service providers evolve to 5G, F5 scales to handle the massive amount of connections and concurrent connections associated with IoT.  F5 delivers virtualized platforms operating on the same core Operating System (TMOS) whether running on purpose built or virtualized platforms. This gives SPs the ability to support hybrid network architectures as they transition to NFV.

 

Virtualize Networks

Network functions virtualization (NFV) and software-defined networking (SDN) enable service providers to transform how they build and scale their networks with a more flexible and agile architecture. These architectures can enable service providers to rapidly deliver new services and pursue profitable business models. Additionally, SPs can implement virtual network functions (VNFs) that allow them to seamlessly transition towards the 5G vision of network slicing. Using VNFs, service providers can build isolated sub-networks, each optimized for specific use case traffic characteristics.

F5 Virtual Network Functions (VNFs) includes virtual firewall (vFW), virtual Application Delivery Controller (vADC), virtual policy charging enforcement function (vPCEF), and virtual DNS (vDNS). F5 also offers virtual Diameter Routing Agent and virtual Diameter Edge Agent via the F5 Traffix™ Signaling Delivery Controller™ (SDC) for Diameter-based networks.  F5 VNFs are interoperable with leading management and orchestration systems, providing a complete NFV ecosystem.

F5 VNFs supports standard APIs and REST APIs that enable seamless integration with leading NFV orchestrators and SDN controllers of the service providers’ preferred choice.

These advances highlight F5’s innovation in security and NFV, helping SPs to transition from 4G to 5G.

 

For further information on how F5’s solutions help service providers secure and scale networks towards the 5G visions, please visit:

F5.com/NFV

F5.com/CCNF