5G Makes A Cloud-Native Application Architecture Vital

Delivering Applications in a 5G World

We are living in a world where we are connected to everything, everywhere. This is possible thanks to thousands of applications developed to enhance our day-to-day lives. The introduction of the fifth generation of mobile technology, 5G, has been a catalyst in accelerating the development of even more new applications. Applications need to react in real time and be close to the user, resulting in a movement of applications toward the edge through multi-access edge computing (MEC). MEC brings compute, storage, and networking closer to applications, devices, and users. It also delivers lower latency and enhanced security, paving the way for the ever-expanding gamut of innovations in industries ranging from government to healthcare to manufacturing.
 

A Cloud-Native Architecture Is Vital in an App-Centric World

Service providers are beginning their 5G journeys by building out their end-to-end 5G microservices-based, cloud-native infrastructure from the core to the edge and far edge of the network. This cloud-native solution is an evolution of a virtualized network. It provides the ability to dynamically place workloads within a network to enable new levels of operational automation, flexibility, and adaptability.

Moving to a cloud-native architecture provides service providers with many advantages:

• Faster time-to-market: A cloud-native approach speeds deployment of new use cases with continuous integration and continuous delivery (CI/CD), process automation in operations and support, and Agile DevOps development processes.
• Greater efficiency: Cloud-native applications consume up to 40% fewer resources compared with virtual machine-based software.
• The ability to scale: With a cloud-native architecture, service providers can scale to hundreds of thousands of nodes.
• Reduced operational costs: Automated and programmable operations across a multi-cloud environment help to lower costs.
• Improved resource utilization: By decoupling hardware from software, service providers can reuse resources when they are no longer needed.
• Faster development time: A cloud-native approach speeds process automation in development and operations, and supports Agile DevOps development processes. 

Shifting to Network Disaggregation with a Service-Based Architecture

Service providers will need to define and deploy a cloud-native infrastructure across the entire network from the core to the far edge. As defined by the 3rd Generation Partnership Project (3GPP), a Service-Based Architecture (SBA) is a set of interconnected network functions (NFs) that deliver the control plane functionality and common data repositories of a 5G network. Supporting a cloud-native SBA brings new requirements for the control, coordination, and orchestration of disaggregated network functions that are distributed across the network. These network functions are containerized microservices that can support the 5G Core, virtualized radio access network (vRAN), and N6-LAN NF. With a distributed, disaggregated network, service providers can obtain an adaptive network that scales as needed, thus avoiding initial preliminary upfront costs incurred with static 4G networks.

Figure 1: A 5G end-to-end, cloud-native architecture from core data center to far edge

5G Ushers in Network Disaggregation

A cloud-native, service-based architecture has brought about a paradigm shift that enables service providers to migrate from a vertical to a horizontal stack implementation. A vertical stack approach increases vendor lock-in and requires that each vendor enables its own infrastructure, thereby increasing complexity.

A horizontal stack approach breaks such vendor complications and limitations while enabling the service provider to maintain control and visibility of its network. With a horizontal stack, service providers gain a consistent cloud-native infrastructure (telco cloud) implemented across core, edge, and far-edge sites—supporting vRAN, a standalone (SA) 5G Core, internal applications, and enterprise- and consumer-facing applications. In this way, 5G allows service providers to move to a horizontal stack approach, making it possible to scale edge sites as needed for the enterprises they serve.

A cloud-native, service-based architecture has brought about a paradigm shift that enables service providers to migrate from a vertical to a horizontal stack implementation.

Table 1 highlights the key drivers for 5G disaggregation, which enables service providers to realize the complete benefits of a cloud-native infrastructure.^[1]

Table 1: Drivers for disaggregation in a 5G network^[1]

Cloud-Native Challenges for Service Providers

Kubernetes has become the enterprise standard for cloud-native architecture container management and orchestration. However, service provider networks have unique requirements that Kubernetes doesn’t meet. The challenges that service providers face with Kubernetes include:

• The inability to apply policy control over multiple traffic types and support the transition from 4G (SIP, Diameter, SCTP, etc.) to 5G protocols. 
• The inability to apply proper security at multiple points in a network and across multiple layers.
• Lack of visibility into the flow of traffic both into and within the infrastructure. 
• Lack of revenue controls as service providers continue to operate both 4G and 5G over the next several years. As the SA 5G Core is rolled out, many service providers will leverage their existing 4G billing and charging systems to speed the delivery of 5G and get a faster return on their investments.

F5 5G Service Provider Solutions

F5 provides solutions that address these cloud-native infrastructure challenges and support the networking and security requirements for the vRAN, 5G Core, and enterprise applications. The company also supports service providers as they transition from 4G to 5G. F5 solutions and services include:

• F5 BIG-IP Service Proxy for Kubernetes
• F5 Carrier-Grade Aspen Mesh
• F5 N6-LAN services
• F5 security solutions

Figure 3: F5 solutions across a distributed 5G network

F5 BIG-IP Service Proxy for Kubernetes

Within the 5G micro-container based architecture, service providers must have a way to maintain real-time application visibility and analytics. They must also be able to scale to meet application delivery demands, ensuring applications are available during development and production.

The F5 BIG-IP Service Proxy for Kubernetes (SPK) is a unique offering specifically designed to help service providers monitor the health of their container-based applications. BIG-IP SPK provides ingress/egress control with multi-protocol signaling support and critical cloud security, helping to deploy a cloud-native infrastructure across a service provider network. BIG-IP SPK aligns with Kubernetes design patterns for configuration and orchestration. It also provides industry-leading networking and security features to a Kubernetes-based infrastructure. BIG-IP SPK delivers:
 

Ingress/egress control

• L4 load balancing: TCP, UDP, and SCTP
• L7 load balancing: Diameter, SIP, HTTP/2
• GTPcV2 load balancing
• Routing
• Rate limiting
   

Security

• Signaling firewall, DDoS, WAF
• Encrypt/decrypt
• Topology hiding
   

Visibility

• Revenue assurance
• Statistics and analytics
  
  

F5 Carrier-Grade Aspen Mesh

F5 Carrier-Grade Aspen Mesh helps service providers improve application traffic visibility, security, and policy management. The service mesh is designed specifically for service provider cloud-native infrastructures and is built on the open source platform Istio with added features critical for a service provider network. F5 Carrier-Grade Aspen Mesh delivers:

• Traffic visibility at all layers through a view of traffic within each 5G Core Kubernetes cluster. This provides revenue assurance and visibility into the data needed to monetize 5G using existing billing systems.
• Advanced security with a consistent approach for encrypting and authenticating all traffic between multi-vendor and multi-site networks functions. F5 Carrier-Grade Aspen Mesh is built on techniques based on a carrier-grade and 3GPP-compatible certificate authority.
• Traffic control and policy management that enable service providers to efficiently route service communication—and enforce business and compliance policies for the service mesh and network traffic. 

In addition to these features, F5 Carrier-Grade Aspen Mesh provides packet capture capabilities, which standard Kubernetes does not. Packet capture is important for troubleshooting communication issues between CNFs within the cluster and to support governmental requirements such as lawful intercept.

5G SA Core Example

BIG-IP SPK and Carrier-Grade Aspen Mesh solve different challenges of using Kubernetes in a 5G cloud-native infrastructure. BIG-IP SPK meets the need for multi-protocol signaling support, security, and visibility of traffic into the Kubernetes cluster, while Carrier-Grade Aspen Mesh addresses communication between CNFs. Both are critical to the deployment of a 5G cloud-native infrastructure.

Figure 4: An SA 5G Core, cloud-native networking architecture utilizing BIG-IP SPK and Carrier-Grade Aspen Mesh

F5 N6 LAN Services

5G networks deliver dynamic applications that can be deployed at the core data center, edge, and far edge. As a result, network functions that used to be located in the S/Gi-LAN in 4G are now service-based CNFs that can move to the location of the applications. 

These new NFs are self-contained, independent, and reusable. Each network function service exposes its functionality through a service-based Interface (SBI), which employs a well-defined REST interface using HTTP/2. This functionality, called N6 LAN, is at the N6 interface between the packet gateway and the data network.

F5 N6 LAN network functions include traffic management, network security, DNS services, policy enforcement, and carrier-grade network address translation (NAT). Until recently, most of these services have been implemented as dedicated hardware devices, but the rise of network functions virtualization (NFV) has led a gradual transition to virtualized appliances running on common server infrastructure or commercial off-the-shelf solutions.

To meet service provider needs, F5 provides the industry’s most comprehensive set of N6 services in a consolidated and virtualized solution. Consolidating and virtualizing N6 services can result in up to a 60% reduction in capital and operating expenditures—while boosting performance and lowering latency.^[2]

The F5 N6 services solution integrates a wide range of services from security to video optimization into a single platform. Service expansion is simplified, and the unified framework ensures there is a common technology to help service providers optimize their network and transition to 5G.

Figure 5a: Gi-LAN/N6 services offered

Figure 5b: F5 simplifies the design, deployment, and operation of critical N6 services

With F5 N6 solutions and services, service providers can:

• Provide intelligent traffic management and local DNS services for customizable subscriber and network-aware traffic steering solutions.
• Deliver carrier-grade NAT (CGNAT) services and migrate networks from IPv4 to IPv6.
• Secure their networks from volumetric attacks with ISCA-certified security solutions.
• Provide subscriber-aware policy enforcement, traffic classification, TCP optimization, and URL categorization.
• Create and deploy new subscriber security services including DNS-based parental controls and a subscriber aware IoT firewall specifically designed to target IoT devices.
• Enhance video optimization with signature detection and granular policy control powered by machine learning.

F5 Security Solutions

5G delivers more connection points, higher throughput, and new protocols that increase the number of security attack surfaces. Comprehensive security is required throughout the network including at the core, edge, and far edge. F5 security tools include:

F5 DDoS protection: Delivers seamless, flexible, and easy-to-deploy solutions that enable a fast response, no matter the type of distributed denial-of-service (DDoS) attack. DDoS protection products include F5 DDoS Hybrid Defender and F5 Silverline DDoS Protection.

F5 AFM: Provides comprehensive protection for networks and protocols to ensure subscriber’s experience to reduce churn and increase revenues. Actionable visibility enables fast mitigation of attacks.

F5 Advanced Web Application Firewall (WAF): Protects apps with behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data. Defends against the most prevalent attacks against apps without requiring updates to the apps themselves.

F5 Shape security: Leverages artificial intelligence and machine learning to defeat attackers and prevent fraud. Protects web and mobile applications and API endpoints from sophisticated automation attacks that would otherwise result in large-scale fraud. 

Why Use Service Provider 5G Solutions from F5

Smooth the transition to 5G
Maintain the 4G infrastructure and foster interoperability with Kubernetes and the 5G Core with help from F5 that includes:

• Speeding time-to-market of new, compelling, and differentiated 5G services.
• Simplifying core network architecture and operations and reducing costs with F5’s unique N6 LAN solutions.
• Enabling billing for 5G services.

Achieve cloud-native performance and security

Build a cloud-native, container-based architecture by leveraging Kubernetes and advanced security. With F5, service providers can:

• Obtain a container-based architecture that is scalable for the core, edge, and far edge.
• Gain dynamic network scalability for improved horizontal scaling and flexibility.
• Implement security at the core, edge, and far edge.
• Leverage Aspen Mesh encryption.

Maximize traffic visibility and control

Gain service provider-related functionality for the control and visibility that are critical for transitioning to 5G with Kubernetes containers. F5 delivers:

• Enhanced visibility and traceability for billing.
• Improved traffic management including routing, load balancing, and rate limiting for 4G protocols.
• Kubernetes self-discovery for automatic configuration of load balancing.
• Packet capture for troubleshooting and lawful intercept.
• Aspen Mesh for analytics and policy management.
• Seamless operation in a multi-tenant environment.

Conclusion

5G networks are poised to deliver high bandwidth, low latency, and faster performance—both driving and enabling application innovation and new business models. To deliver cost-effective 5G performance, service providers are taking advantage of the microservices-based, cloud-native containerized architecture already in use by enterprises. These new solutions give service providers the ability to dynamically place workloads within a network and build out their MEC platform to support the next generation of applications.

Leading-edge solutions from F5 help service providers deliver new 5G functionality while maintaining their existing 4G core networks. F5 BIG-IP Service Proxy for Kubernetes (SPK) and F5 Carrier-Grade Aspen Mesh enable service providers to maintain real-time application visibility, scale to meet demand, and increase traffic visibility and security. At the same time, F5 N6 LAN solutions help service providers deliver network functions where they are needed, saving cost and improving performance. These solutions work in conjunction with F5 security solutions designed to protect networks from new attack vectors and threats. With the right solutions in place, service providers can take advantage of the many benefits of a cloud-native infrastructure from the core to the far edge of the network as they embark on the 5G journey.

^[1] ABI research, “Cloud-Native Networking for a 5G Era” 

^[2] F5 Solution Overview, “Gi LAN Simplification”