SOLUTION OVERVIEW

The Path from

4G to 5G
Balancing 4G network with 5G rollouts.

L LC
uR

mM
TC
G
5

eM
BB
KEY BENEFITS Service providers are in a race against competitors, continuing to monetize
Control Insights their current investment in 4G while rapidly transitioning to 5G to ensure
Policy control and intelligent traffic
customer retention and competitive advantage. To enable success, it’s
management over multiple traffic
types tailored for service provider critical to have interoperable solutions with current infrastructure for the
networks.
following areas:
Security
Security controls at multiple • Signaling interworking in the migration from 4G to 5G
points and across multiple layers,
providing end-to-end network • Transitioning to best of suite S/Gi-LAN to N6 service-based interface
protection.
• Implementing cloud-native 5G infrastructure
Visibility
Monitor traffic into and within
the infrastructure, improving This paper aims to help the reader understand the evolution from 4G to 5G,
operational efficiency, easing what it enables, and how to get there.
troubleshooting, and creating
flexible revenue controls.

Background
Migrating to a new mobile technology is far from straightforward and requires strong
collaboration to ensure success. 5G is the turning point of innovation, accelerating
new opportunities with new technologies. The key differentiator with 5G vis a vis its 4G
predecessor is that 5G is designed to leverage 4G LTE technology – the new must work
with the existing technology and networks. This makes the complexity and permutations
boundless. The key to success for service providers is working with reliable partners that
have solved the 4G challenges and continue to solve 5G challenges regardless of where
the service providers are in their digital transformation journey.

5G rollouts are moving full speed ahead but what has not been clearly forged is how 4G will
coexist with 5G technology. Every service provider must construct their very own unique
migration path, leveraging their existing network as they try to monetize their 5G investments.
5G was by no means meant to render any technology obsolete – it was designed with the
exact opposite in mind.

VATION
Y AU INNO
LIT
BI T
A

O
FIT

MA
REASE PRO

TIO

SECU ITY
N

Reduce 5G &
INC

TTM Security
AG

IL
IT
RED TS Y& Y
UCE COS F L E X I B ILI T
Figure 1: Unique journey from
4G to 5G
Increase automation, Adapting for
modularity, and flexibility emerging industry

THE PATH FROM 4G TO 5G 2

 The Three Critical Areas to Solve for 5G

S I G N A L I N G I N T E R W O R K I N G I N T H E M I G R AT I O N F R O M
4G TO 5G

Why this is an issue

EVERY SERVICE PROVIDER There are a number of signaling challenges that a service provider must address in 5G
MUST CONSTRUCT THEIR network deployments which also exist in 4G networks. As discussed earlier, 4G and 5G
VERY OWN UNIQUE networks will need to coexist as standards evolve. Disrupting existing 4G network functions
MIGRATION PATH, (for instance charging systems) is not an option as service providers are monetizing their
LEVERAGING THEIR existing 5G network.
EXISTING NETWORK AS
THEY TRY TO MONETIZE Signaling is the lifeblood of all cellular networks. There are common signaling challenges that
THEIR 5G INVESTMENTS. face both 4G and 5G networks such as:

• Overload handling and load balancing.

• The interworking of signaling protocols between 4G and 5G hybrid networks.

• 5G roaming security, protecting interfaces between networks.

GRADUAL TRANSITION PATHS INVOLVE INTERWORKING SEGREGATED NETWORKS

4G IMS 5G IMS 4G IMS 5G IMS

(Telephony/ (Telephony/ (Telephony/ (Telephony/
Messaging) Messaging) Messaging) Messaging)
Diameter

HTTP/2
Diameter

4G EPC 5G Core
HTTP/2

4G EPC 5G Core

4G Charging 5G Charging
System System
4G Charging 5G Charging
System System
TODAY’S NETWORKS FUTURE NETWORKS

Figure 2: 4G and 5G signaling

Any mix of 4G and 5G cores and services will result If a network is pure 4G or 5G, then no IWF is required, but
interworking in a need for an interworking function (IWF). signaling ingress controller is needed for 5G deployment.

What you should do

Service providers need to plan out their signaling migration path from 4G to 5G. Unlimited
scalability is critical in a mobile network. Service providers need to manage their 4G control
plane traffic and signaling with Diameter session-oriented load balancing technology along
with interworking with 5G HTTP/2 signaling. F5 is an industry leader in offering robust 4G
signaling solutions for service providers with the BIG-IP load balancer, Diameter Routing
Agent (DRA), and a Diameter Edge Agent (DEA). Therefore, transitioning to 5G is made easy
by providing an interworking path between 4G and 5G signaling.

THE PATH FROM 4G TO 5G 3

 4G LTE NETWORK 4G/5G HYBRID NETWORK 5G NETWORK

IP NETWORK CLOUD-NATIVE NETWORK NSSF AUSF UDM NEF NRF

Nnssf Nausf Nudm Nnef Nnrf

HSS PCRF OCS OTT MME HSS OCS UDM
SCP

Npcf Namf Nsmf Naf Nbsf Nchf

DRA DRA IWF SCP

PCF AMF SMF AF BSF CHF

N1 N2 N4
S-GW AS MME CSCF S-GW NRF PCRF AMF

UE UPF DN
Uu N3
N9
gNB

Diameter and SIP Signaling Diameter and HTTP/2 Signaling HTTP/2 Signaling

How F5 Can Help

Figure 3: Mobile core signaling
evolution
F5 offers critical signaling interworking and signaling translation solutions that can
successfully scale and manage 4G control plane traffic and signaling with 5G network
signaling functions without compromising traffic, leading to unprecedented quality of
experiences (QoE) for consumers. The table below provides insight into some of the
permutations possible as service providers migrate to hybrid core mobile networks.

4G IMS, Charging, Mixed IMS, 5G IMS, Charging,

Partners Charging, Partners Partners
Diameter Rx Diameter Rx, HTTP/2 N5 HTTP/2 N5

Interworking Interworking
Pure 4G Diameter ONLY
Translation: N5 → Rx Translation: N5 → Rx
Packet Core Session Binding:
Session Binding: Session Binding:
Diameter Gx/Rx DRA
DRA; Gx/N5 DRA; Gx/N5

Interworking
4G/5G Mix Interworking Interworking
Translation:
Packet Core(s) Translation: Rx → N5 Translation: N5 → Rx
N5 → Rx; Rx → N5
Diameter Gx/Rx, Session Binding: Session Binding:
Session Binding:
HTTP/2 N4 DRA; N4/Rx Gx/N5; ; NRF/SBI
DRA; Gx/N5; N4/Rx

Interworking Interworking
Pure 5G HTTP/2 ONLY
Figure 4: Hybrid core 4G/5G transition Translation: Rx → N5 Translation: Rx → N5
Packet Core Session Binding:
paths use IWF for applications, Session Binding: Session Binding:
HTTP/2 N4 NRF/SCP/SMF
charging, and intercarrier N4/Rx N4/Rx; NRF/SBI

THE PATH FROM 4G TO 5G 4

 Having championed 4G signaling, F5 also provides 5G Core network signaling solutions. The
F5 5G Core signaling solution includes Service Communication Proxy (SCP), Binding Session
Function (BSF), and Security Edge Protection Proxy (SEPP). Together these 5G Signaling
network functions address service providers 5G signaling network challenges by providing:

• Simplified network topology by applying signaling aggregation and routing.

• Load balancing, overload handling and message parameter harmonization.

• Optimization of 5G SBA signaling controls to enable better network visibility and boost
network performance by continuously coordinating with other network functions.

• Support for binding session capability for 5G Voice over IMS.

Figure 5: 5G Core signaling functions
• Support for 5G roaming which provides security and protection of messages
optimizing 5G signaling traffic.
exchanged between public land mobile networks (PLMNs).

Control Plane
NETWORK RESOURCE MANAGEMENT SIGNALING SCP: Service
Communications
Proxy

BSF: Binding Session

AF NEF NSSF NRF NWDAF SCP BSF SEPP Function

SEPP: Security Edge

Protection Proxy

AMF SMF PCF AUSF UDM HSS

SUBSCRIBER AND
POLICY MANAGEMENT SUBSCRIBER DATA MANAGEMENT
SESSION MANAGEMENT

User Plane
N3IWF UPF

Untrusted non Data Network

3GPP Network

F5’s Service Communication Proxy (SCP) supports the following use cases:

• Simplified 5G cloud-native SBA network mesh connectivity

• Flexible user-based routing selection

F5’S SIGNALING
SOLUTIONS INCLUDE • Real time congestion control, load balancing, and overload protection
SERVICE COMMUNICATION • End-to-end user experience visibility for multi-vendor environment
PROXY, BINDING SESSION
• 4G/5G protocol interworking
FUNCTION, AND SECURITY
EDGE PROTECTION PROXY • Communication security

THE PATH FROM 4G TO 5G 5

 5G OVERLAY SOLUTION 4G/5G CONVERGENT SOLUTION

AMF SMF AUSF UDM NRF PCRF + PCF OCS OCS AAA CHF HSS + UDM

5G 5G 5G 5G
Network

DRA SCP DRA + SCP

PGW-C + SMF MME + AMF

Control
4G Plane
Gy/Gz Rx
Network
User
Plane 4G Diameter 5G HTTP/2

OCS/ PGW-U + UPF

HSS MME PGW PCRF OCFS AF

IMS
Network 4g/5g RAN
4G Diameter
5G HTTP/2 Data
Network

F5’s Binding Session Function (BSF) network function will support:

Figure 6: 4G/5G protocol interworking

• Session binding to support scalable policy solution

• Session binding capabilities to support the interworking with IMS (VoLTE) services
delivered over NR

F5’s Security Edge Protection Proxy (SEPP) will support the following:

• Roaming security: SEPP sits on the edge of the network, protecting the network from
threats originating from roaming partners and IPX providers. SEPP includes message
filtering and policing on inter-PLMN control plane interfaces, as well as topology hiding.

Control Plane
SEPP SEPP

Security Edge Security Edge

Protection Proxy Protection Proxy

N32
• Network Signaling • Network Signaling
• Mobility Management • Mobility Management
• Subscriber Data Management • Subscriber Data Management
• Network Resource Management • Network Resource Management
• Policy Management • Policy Management

Data Plane
Figure 7: Security Edge Protection
Proxy (SEPP) N6 N6
UE UPF DN UPF UE

THE PATH FROM 4G TO 5G 6

 TRANSITIONING YOUR BEST OF SUITE S/GI-LAN TO N6
S E R V I C E - BA S E D I N T E R FAC E

Why this is an issue

Scaling is a number one concern for service providers especially with the explosive demand
F5’S 5G SIGNALING
NETWORK SOLUTIONS WORK that 5G is generating. The containerized N6 LAN interface can result in device sprawling as
IN TANDEM TO ADDRESS architectures increase in complexity because a multi-vendor environment consists of a best-
5G NETWORK SIGNALING of-breed rather than best-of-suite. Adopting the best-of-breed approach can dilute the cost
CHALLENGES benefit associated with virtualizing your network and add additional complexity due to vendor
interoperability. The results can increase CapEx and OpEx, introduce additional points of
failure into the network, and make it difficult to scale your network. As a result, the delivery of
new services to subscribers can involve major delays, leading to loss of new revenue streams
and lowered subscriber QoE.

N6 LAN CONTROL PLANE

AUSF UDM OCS PCF MANO MANO MANO

N6 LAN DATA PLANE

DEVICES

Access UPF TCP Video LDNS DPI Subscriber CGNAT Firewall Internet
Network Optimization Optimization Security & DDoS
Services

What you should do

Figure 8: What is N6 LAN?
(Before F5) With 5G comes a rapid growth in apps, data and video streaming which will continue to put
strain on the mobile network. The S/Gi interface in 3G and 4G is transformed into a Service
Based Interface (SBI) with the introduction of the 5G Core. The N6 LAN supports services
including network address translation (NAT), firewall, policy management, traffic steering,
and URL filtering, as well as TCP and video optimization. You can intelligently steer traffic,
including video traffic, to optimization platforms or apply policy management actions based
on subscriber and application awareness.

THE PATH FROM 4G TO 5G 7

 How F5 Helps
A containerized N6 LAN solution from F5 helps you build a cost-effective model, allowing for
faster time to market for new services and less network complexity. F5 containerized network
functions (CNFs) are a core component within an efficient virtual N6 LAN, providing solutions
such as virtual policy enforcement, virtual firewall, and virtual Application Delivery Controller
(ADC) services.

TCP & Video Application CGNAT IoT Subscriber Gi Firewall DDoS Secure
Optimization Identification Firewall Security Protection DNS Cache
Reporting Services

SIMPLIFIED & CONSOLIDATED Gi/N6

User PGW Internet

UPF

From physical to VNF to CNF SmartNIC for FPGA acceleration

F5’s N6 LAN solution allows dynamic service chaining based on real-time subscriber and
Figure 9: F5’s consolidated N6
LAN solution
application awareness, along with delivering secure N6 LAN. By deploying a common, shared
set of commercial, off-the-shelf (COTS) hardware to run various functions, a service provider
can reduce hardware costs and deploy multiple services dynamically. This cloud model
means you can deliver services based on real-time network conditions and use network
resources more efficiently. Because you can launch new services without any network
downtime, you also increase service agility. A containerized N6 LAN lets you innovate,
improve subscriber QoE, and lower costs resulting in a 60% TCO.

CONSOLIDATION OF
SERVICES RESULTED IN A
60% SAVINGS ON TOTAL
COST OF OPERATION.

THE PATH FROM 4G TO 5G 8

 SAVINGS FROM CONSOLIDATING
CONTAINERIZED SERVICES
• Lower CPU usage
• Fewer CPU hops, minimizing latency

60%
TCO Savings With
• “Zero Copy” memory architecture optimizes
resource consumption

F5’s N6 LAN • Network simplification, easier orchestration

and management
• Simplified troubleshooting
Figure 10: TCO savings with
F5’s N6 LAN • Easier to implement new services,
software upgrades

I M P L E M E N T I N G C O N TA I N E R I Z E D 5 G C L O U D - N AT I V E

Why this is an issue

Service providers implementing a cloud-native infrastructure are pioneers in their digital
transformation journey. The one-size-fits-all approach no longer applies to 5G networks where
multiple cloud deployments are merely a starting point. 5G infrastructure is built on a cloud-
native containerized architecture where container workloads are managed using Kubernetes,
which orchestrates applications based on network requirements. Kubernetes was not
specifically designed for carrier grade deployments or the need for service providers to keep
complexity and cost to a minimum. This drives the prioritization of the following requirements
when designing and deploying 5G cloud-native infrastructure:

• Visibility: Network traffic visibility is vital in any mobile network and even more so in a
5G network. Kubernetes inherently does not provide ingress or egress traffic visibility
into the Kubernetes nodes and clusters.

• Security: Security controls need to be applied at multiple points in the network and
across multiple layers. Enabling packet capture and the ability implement security at
container ingress is critical to ensuring that bad traffic stays out of a service provider’s
network. Enabling encryption is also fundamental in a 5G network security offering.

• Control: Policy management and analytics enable network control and are essential in
automating an already complex 5G network.

F5’S 5G SOLUTIONS What you should do

PROVIDE THE VISIBILITY, Service providers migrating to a 5G cloud-native environment will have a combination of
CONTROL, AND SECURITY physical network functions (PNFs), virtual network functions (VNFs) and cloud-native network
SERVICE PROVIDERS NEED functions (CNFs). LTE 4G networks are still experiencing much growth and will need to be
FOR A SUCCESSFUL 5G supported alongside 5G non-standalone NR and 5G Core.
TRANSITION.

THE PATH FROM 4G TO 5G 9

 Cloud-native 5G architecture, along with containers, is critical in enabling diversified service
requirements. A container is a software package with the entire toolset needed to run an
application. Containers are lightweight and efficient for quick development time and they
provide security as there are no software dependencies outside of the container. Container
workloads are managed with Kubernetes which automates and scales applications based
on the network requirements. Why are containers so critical in 5G? With the dynamic nature
of containers, they can easily adapt to the needs of the network, allowing for the proper
placement of the application and its workloads within a network, enabling agility, speed, and
efficiency within the network.

CONTAINERS

CNF 1 CNF 2 CNF N

VIRTUALIZATION LAYER-KUBERNETES
Figure 11: Cloud-native
containerization COMPUTE NETWORK STORAGE

How F5 Can Help

F5 enables the visibility, control, and security needed for 5G cloud-native deployments. F5’s
5G Cloud-Native Infrastructure solution is comprised of two products:

• BIG-IP Service Proxy for Kubernetes (SPK)

• Aspen Mesh

BIG-IP Service Proxy for Kubernetes (SPK)

BIG-IP Service Proxy for Kubernetes (SPK) provides critical carrier-grade capabilities to a
Kubernetes environment, enabling extended performance and security for cloud-native 5G
deployments. SPK features include:

• Scale: F5’s solution can scale to hundreds of thousands of sites.

THE PATH FROM 4G TO 5G 10

 5G FAR EDGE 5G EDGE 5G CORE DATA CENTER

Service Proxy

5G NR vCU UPF MEC

Service Proxy Service Mesh

vDU Service Mesh

~100+ Sites ~10 Sites

~100,000+ Sites

MEC: Multiple-Access-Edge Compute

vDU: Virtual Distributed Unit
vCU: Virtual Central Unit
UPF: User Plane Function

• 5G Ingress/Egress Control: Intelligent handling of messaging protocols enabling

Figure 12: F5 infrastructure solution
scaling capability signaling control for routing and load balancing. An example is Diameter signaling
can now be scaled for multiple containers, enabling the interworking of 4G and
5G signaling.

KUBERNETES (F5, OPENSHIFT, OTHERS)

F5 SERVICE
http/2 http/2 Diameter

Diameter - TCP/SCTP

SIP - TCP/UDP BIG-IP

Next SIP http/2 http/2 http/2

SPK
HTTP/2 - TCP

http/2 SIP Diameter

Figure 13: 5G ingress use cases

• Per-subscriber traffic visibility: Enabling per-subscriber visibility at ingress

provides traceability over any event that needs to be tracked for compliance and
billing purposes.

• Load balancing: Provides load balancing for Layer 4 and Layer 7 (TCP, UDP, SCTP,
HTTP/S, HTTP/2/S, Diameter, GTPcV2. and SIP).

THE PATH FROM 4G TO 5G 11

 • 4G and 5G signaling protocol support: TCP, UDP, SCTP, HTTP/S, HTTP/2/S, Diameter,
GTPcV2 and SIP provide a containerized “proxy” 4G to 5G functionality.

• Service discovery: Provides application workload service discovery.

• Enhanced security: Providing a signaling firewall at traffic ingress prevents

compromised traffic from entering the Kubernetes clusters.

• mTLS encryption: Provides encryption through mTLS to secure service-to-service

communication.

• Topology hiding: The internal structure of a cloud-native function (CNF) is obscured

at traffic ingress.

OPTIMIZED TRAFFIC To touch on a few of the value areas above, security services such as distributed denial-
STEERING ENABLES A TCO of-service (DDoS) protection, firewall, and web application firewall (WAF) can be applied
REDUCTION OF 47%. at ingress to prevent malicious traffic from entering the cluster and impacting the 5G
core network functions and customer applications. Additional security is also provided
by SmartNIC, in partnership with Intel, which implements a signaling firewall. This firewall
provides ingress security, preventing compromised traffic from entering the cluster while
providing optimized traffic steering which enables a TCO reduction of 47%. The SmartNIC
can be used to offload and optimize specific network services (such as cryptographic security
functions and packet processing). This alleviates strain on CPU resources and prevents CPU
overload resulting in significant performance improvements.

KUBERNETES CLUSTER
F5 SERVICES
NODE

BIG-IP
Next None
Legitimate
Users
SPK

Malicious
Attackers NODE

Intel
SmartNIC
Intel QAT
SVC

Figure 14: SmartNIC security benefits Public

Cloud

THE PATH FROM 4G TO 5G 12

 Container visibility is also critical in providing revenue assurance by offering detailed
transaction records. The entry point to the Kubernetes cluster is the ideal location to gather
information for compliance and billing.

KUBERNETES (F5, OPENSHIFT, OTHERS)

F5 SERVICES http/2 http/2 Diameter

BIG-IP
Next

SPK

SIP http/2 http/2 http/2

Signaling

Revenue
Assurance

Figure 15: The entry point to the

http/2 SIP Diameter
Kubernetes cluster is the ideal
location to gather information for
compliance and billing.

Aspen Mesh

F5’s service mesh delivers a configurable and low-latency infrastructure layer designed to
handle a high volume of communication among services using APIs and provides critical
capabilities including:

Service discovery

• Observability

• Encryption via mutual TLS (mTLS)

• Packet capture for traceability

• L7 policy management

• Management across clusters providing load-balancing capabilities

• Simple insertion point for provider-owned certs and policy

F5 IS COMMITTED The service mesh builds on open source Istio and is implemented by providing a proxy
UNDERSTANDING AND instance, called a sidecar, for each service instance. Sidecars handle interservice
CONQUERING THE communications, monitoring, and security-related concerns thus offering an abstraction
CHALLENGES OF 5G layer for individual services (applications). By providing a sidecar data plane at every app
DEPLOYMENT. (CNF container), F5 Aspen Mesh can intercept all ingress and egress container traffic. This
capability enables CNF sidecar traffic capture, including intra-node CNF traffic and pre-
encryption tapping, and also reduces SSL load for brokers. The service proxy easily integrates

THE PATH FROM 4G TO 5G 13

 with existing infrastructure, provides full packet visibility, is scalable and extensible, and uses
existing packet broker APIs.

AMF SMF

Aspen Aspen
Mesh Mesh

Aspen Mesh
Control Plane

Figure 16: Aspen Mesh sidecar view

F5’s Cloud-Native Infrastructure solution is essential for all top tier service providers,
providing visibility, control, security, and scale for 5G network deployments. This solution is
pivotal in reducing cost and complexity when deploying and operating a 5G network from the
Core, edge, and far edge.

KUBERNETES CLUSTER

NODE

AMF-P1 AMF-P2 SMF-P1 NRF-P1

Aspen Aspen Aspen Aspen

Mesh Mesh Mesh Mesh
NORTH - SOUTH

WEST - EAST

Aspen Aspen
Mesh Mesh

BIG-IP
Next
AMF-P1 AMF-P1

SPK

Figure 17: BIG-IP Next Service Proxy

for Kubernetes and Aspen Mesh Cloud-Native
DC
implementation

THE PATH FROM 4G TO 5G 14

 Conclusion
As 5G keeps on gaining momentum, service providers need to adopt measures to protect
their exisiting 4G networks as they monetize new 5G investments. Proper migration and
interworking plans need to be executed as multi-cloud, hybrid networks emerge. Migrating
to 5G requires critical steps to be taken and F5 offers proven solutions that drive a migration
path while maintaining existing 4G network which include:

• Signaling interworking in the migration from 4G to 5G

• Transitioning to best of suite S/Gi-LAN/N6 service-based interface

• Implementing cloud-native 5G infrastructure

The transition journey is unique for every service provider and F5 is committed to
understanding and conquering challenges that may arise during the deployment of innovative
5G networks.

To learn more, contact your F5 representative, or visit F5.

©2022 F5, Inc. All rights reserved. F5, and the F5 logo are trademarks of F5, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, expressed or implied, claimed by F5, Inc.
300SP | 988234021