CSPs are entering a new phase of network cloudification to transform their network infrastructure. This technological transformation will take advantage of the virtualization of network functions, software-defined networking and artificial intelligence.
Their strategy for capturing new growth is also evolving. Future growth is driven by the shift to virtualization of mobile core networks in response to the growth of user data, increasing adoption of IoT devices, new 5G activities and complex networks.
Network cloudification offers CSPs several major business benefits:
• Capital expenditure benefits from better aggregation and better use of solutions and services on general-purpose equipment.
• Operating expenses benefit from reduced manpower and operational efficiency through cloud automation, agility and scalability, which indirectly impact the customer experience .
• Value-added services leverage cloud platforms to enable new services and revenue streams.
The initial goals of the cloud were to decouple growth from costs and quickly deliver new services. CSPs have done this in 4G environments by turning network elements into large virtual network functions.
These functions were too big and not cost effective. Additionally, their use of legacy operations made networks difficult to deploy, scale, and maintain. These challenges will multiply in the 5G environment.
CSPs today understand that they need to get more from the cloud, which needs to be rebuilt as a native cloud to provide business agility in rapidly integrating new applications and deploying and operating new services. The scale of 5G opens the door to more devices and a diverse range of services, making it difficult to track legacy operations.
Benefits of cloud native
We are increasingly seeing CSPs partnering with cloud providers to accelerate the 5G transformation journey, which offers benefits such as fully automated deployments, ease of management, and workload orchestration across the board. the hybrid cloud. Essentially, the transformation provides deployment flexibility and automated scaling of network functions for demand-driven network growth, reducing manual monitoring and operational complexity.
High-level cloud partnerships demonstrate some of the benefits of 5G. These include:
• Microsoft Azure – Microsoft has acquired Affirmed Networks (a network virtualization provider specializing in vEPC and v5GC). The partnership has enabled Microsoft to produce Azure for Operators, a suite of products with Azure network and cloud infrastructure, network virtualization and cloud applications, as well as Azure AI and an analytics engine.
• AT&T – At the end of June, AT&T announced the move of its 5G mobile network to the Microsoft cloud. This strategic alliance provides a path for all AT&T mobile network traffic to be managed using Microsoft Azure technologies. Both companies will start with AT & T’s 5G core, which connects mobile users and IoT devices to the internet and other services.
• Nokia and Google – In January, Google Cloud and Nokia announced that they would jointly develop basic 5G cloud-native solutions for CSPs and enterprise customers. The new partnership will provide cloud capabilities at the edge of the network.
• Cisco and Altiostar – They have teamed up to create plans to accelerate deployments of OpenRAN 4G / 5G solutions on service provider networks.
• Vodafone and Verizon – They have partnered with AWS to explore advanced computing opportunities.
• VMware entered the telecommunications industry with more updates to its cloud telecommunications platform, including support for Open RAN.
Due to its distributed nature, the deployment of 5G network infrastructure differs significantly from previous generations of mobile networks. CSPs face new challenges in moving from a component-based topology to a service-based network.
For example, before 5G, mobile radio access and core networks consisted of isolable network elements with specific tasks. In 4G networks, a virtual evolved packet core (EPC) in the network has emerged.
5G goes one step further by transforming all network components into software-based virtual microservice elements, disaggregated and deployed in various locations.
The software-based microservices architecture enables network slicing. This includes the ability to isolate different services, each with their own settings, configuration, and security policies, all on a single piece of hardware.
The 5G network should be designed to support multiple, slice-separated security policies on individual network components. The more slices there are, the more microservices and interface points in the network that are in turn exposed to the Internet.
Traditional security methods with predefined rules, thresholds, and manual configuration will not work in a 5G environment. Service providers need to automate operations and have a scalable infrastructure to manage policies, which requires DevOps capabilities. All security tools must be automated for integration and deployment.
5G networks introduce new traffic models oriented east / west towards applications. Therefore, it is necessary to inspect the egress traffic. The number of inspection points increases dramatically not only from peering points, but also from traffic to edge compute points.
CSPs should consider the following unique security threats when planning to protect 5G networks:
• In protecting the edge of the network, several types of edge (breaks) and meshes greatly increase the exposure.
• Outbound attacks include IoT botnets and attacks at the edge of the network.
• Inbound attacks, including flooding from the public cloud and the Internet, and attacks on backbone network services.
• Network Gateway attacks are based on Burst, IoT, BOT, API, DNS and SSL attacks, increasing complexity and impact on infrastructure, telecom cloud / application servers, and API gateways.
• Network slicing occurs when each slice has its own threat risk that requires per slice security policies and a consistent defensive strategy across all slices. The basic security infrastructure of the mobile edge and the assurance of 5G uptime also require protection.
• Attacks against multi-access edge computing components include targeting service capability and mobility management entities. Defenses must prevent failure of network resources.
• Outbound attacks to external servers from IoT devices are also a risk. IT needs to prevent network reputation risk, while infections targeted at narrowband IoT devices also need protection to prevent botnets from infecting IoT devices.
• The edge of the public / private cloud needs to be protected. Shifting some areas of the workload to the public cloud introduces new security concerns for service provider networks with additional changes in the microservices environment and cloud native networking functionality.
To counter the many, varied and ever-evolving attacks from cybercriminals, it is essential that organizations include WAF / API protection for their cloud native environments in their defensive arsenal.