Signaling is the brain of a any mobile network. It establishes reliable, secure connectivity to the network for end users and provides access to its services. 5G signaling like its predecessors 2G/3G/4G, handles a wide variety of critical functions in the mobile network, such as connectivity and mobility management, authentication and authorization, subscriber data management and policy management, among others. The new 5G Core network (5GC) is completely based on what is called a Service-Based Architecture (SBA), which implements IT network principles and a cloud-native design approach. Thus, 5G network functions (NFs) are agnostic to the underlying cloud infrastructure, enhancing the flexibility and efficiency of the network. However, these improvements come at a cost, mainly increasing the complexity of communications between NFs and connection management.
To overcome the challenges of the SBA approach, the 3GPP standardized in 5G Release 16 an optional entity called Service Communication Proxy (SCP). The SCP can be seen as a middleware for handling signaling communications among NF services in the 5GC. However, this component was missed in the first 5G release (3GPP Release 15); where NFs interact directly; raising the question of whether to deploy the SCP right at the start of the 5GC deployment or wait until later when it becomes necessary.
Signaling controller is a critical component of any cellular network and a topic of debate since the first digital network was deployed. Previous experiences, especially in 4G, have shown that signaling infrastructure should not be ignored. DSC/DRA/DEA were not specified in the official 3GPP specification. Nevertheless, practical deployments of 4G illustrated that these were indeed vital components to cope with Diameter signaling and its challenges.
Discussions on the necessity of the SCP took place in 3GPP between Release 15 and 16. In theory and according to the 3GPP, the NRF (Network Repository Function); a new centralized repository for service discovery and management; is the only network element needed for NFs to communicate. A solution that works for trials and small network deployments, but as the network grows in size it becomes unmanageable.
In this article, we will outline the benefits of using an SCP for indirect communication between NFs, and explain why operators should opt for it when deploying the 5GC.
Simplifying Network Topology
An obvious benefit from the SCP is that it simplifies the architecture from a mesh network to a star network (see figure 1). By being deployed, the SCP eliminates the need for 5G NFs to set up direct connections between each other. Connections can be optimized (connections reduced by 55% in our example: figure 1) so that each NF only needs to be integrated with the SCP. Resulting in off-loading the consumer NFs from handling complex connection management, reducing deployment effort and therefore lower integration cost.
Centralizing discovery/selection and routing
5G core networks has adopted the Service Based Architecture, a paradigm shift in the network architecture and on how network elements or Network Functions (NFs) communicate with each other. Traditional point-to-point architecture that was being used in 4G is now substituted by a “service bus” that connects the individual network functions (see figure 2). This bus will allow NFs (consumers and producers) to exchange information through service-based interface (Rest APIs) and exchange signaling messages through the HTTP/2 protocol.
The new 5G control plane allow network functions (finer-grained micro-services decoupled from the underlying infrastructure) advertise and provide services which can be consumed by other elements. Each NF can register itself and its supported services to the NRF, which is used by other NFs for the discovery of NF instances and their services. Thus, NFs must discover each other to find those that offer the required services and select the most adequate ones in terms of load, network topology, etc.
Without SCP, every NF consumer interacts with NRF for service discovery and has to support discovery result caching, and selection; which add a lot of common redundant work on every single NF. However, in indirect communication, discovery/selection/routing tasks are delegated to SCP; which offloads those tasks from NFs consumers so that they can become lighter and focus on the business logic.
Improving routing and Load Balancing
One of the functions that SCP can provide is load balancing. Given its position and status, the SCP acts as an intermediary between NFs. This avoids the need for NFs to communicate directly with each other. In this intermediary position, the SCP has a complete view of all the messages arriving for a given NF type; it knows the overall traffic volumes on the network level and how the traffic is distributed across different interfaces, enabling it to take work requests and balance loads across all NFs.
Load balancing and failover behaviors are not standardized in 3GPP, leading to different behaviors among NF consumer and NF producer implementations. When those tasks are delegated to the SCP, network configurations and behaviors can be harmonized. Additionally, Load balancing algorithms take a large number of parameters into account, such as NF priority/capacity/load, HTTP status codes, TCP connection statuses, rate limits, etc. and implementing all those mechanisms in every NF is a highly complex task. Nevertheless, when an SCP takes the responsibility, NFs will be relieved from remembering and interpreting all those complex routing rules allowing them to focus on the application.
In a Service Based Architecture, NFs are instantiated in a dynamic fashion that is; they can be added and removed quickly; which make it very difficult for the other network elements to manage these life cycle events. The SCP, however, understands which NFs are active, which NFs are not and can decide how traffic should be routed.
The “canary upgrade” is another example here, if a NF is upgraded, the SCP decides which requests should be routed to the NF instance running the stable version and which requests should be routed to the NF instance running the upgraded version. This approach cannot be done easily without an SCP.
In addition to the preceding examples, the SCP can enhance routing by providing features like alternate routing, circuit breaking, outlier detection and can take re-routing decisions based on load conditions and health status of NF providers, which boosts network resiliency.
Providing Overload control
Telecom operators have already experienced overload issues in their existing EPC networks (4G) and this won’t be different for 5G, as overload situations can happen any time, in any network. 5G core networks will be subject to the very same challenges previous networks have faced, especially given the producer/consumer interface model and the increased number of network elements due to microservices.
The 3GPP has standardized the overload/load control information (OCI/LCI) mechanism. It consists of sharing the load status via the network repository function (NRF). But with this solution, every NF shall know what to do, and every NF shall do what it needs to do correctly which places a lot of burden on every single NF to do a lot of common redundant work. Another disadvantage is that the load reporting to the NRF is done in configurable intervals so this approach comes with some delay. However, when those tasks are centralized to the SCP, the behavior is always consistent and harmonized, and if even a consumer lacks the OCI/LCI support, the SCP can take a reacting role and start throttling based on the instructions coming from the producers.
Given its position, the SCP knows the overall traffic volumes on the network level and how the traffic is distributed across different interfaces, therefore it can identify and prioritize important messages over others and proxy them towards the overloaded producer NFs. The SCP can also protects the network from flooding by malicious consumer NFs and at the same time protects producer NFs from being overloaded.
Message mediation
Message mediation is another concern for 5GC signaling, because of incompatible implementations of the HTTP2 protocol between NFs. This may be needed when the NFs come from different vendors, or to fix some interaction issues even for NFs from the same vendor; for example-those caused by upgrades. An SCP in the middle can address such an issue without requiring software updates from the involved network functions. By manipulating HTTP messages, modifying HTTP headers/ JSON payload or by mapping HTTP statuses and reason codes; the SCP provide a quick and easy solution for protocol adaptation between NFs and therefore resolve all mismatches related to protocol incompatibility and interoperability between NFs.
Improving network security
Another area where the SCP plays a valuable role is in NFs security. 3GPP has decided to use the HTTP/2 protocol for signaling, taking advantage of the maturity of the protocol and the good understanding the Internet community has for it. Nevertheless, the choice of HTTP/2 does introduce new challenges despite the fact that standards have strongly emphasized security in 5GC architecture such as mandatory use of TLS (Transport Layer Security). HTTP/2 will likely introduce new vulnerabilities that have been well researched and documented in the web domain, where malicious attacks (like DoS : denial-of-service) are on a larger scale than in the telco domain.
With a star topology, the SCP uniforms the use of the security guidelines for communications between NFs and for their communications with the external world. This means authentication, authorization, and encryption need to be enforced for all intra-NFs communications. Moreover, the SCP enforces these security measures without affecting application code. The SCP can implement global access control lists that prevent unauthorized communications between network functions; it can also implement cryptographic verification using techniques such as mutual transport layer security (mTLS); which brings maximum security by preventing unsolicited interception. In addition, the communications security can be further improved by packet screening to deal with DOS attacks.
Centralizing operations
Indirect communication mode can help with day-to-day operational challenges. By having the SCP in the signaling path several tasks can be centralized, resulting in a dramatic reduction of operation effort and therefore lower cost. The complete network view, allows the SCP to enable end-to-end signaling visibility of communications (Traceability, Observability and centralized monitoring), which makes network-wide troubleshooting much easier.
For example, when something is not working correctly, we need probes to gain visibility of the signaling messages to find out why. Without an SCP, many probes are required, but with an SCP, the network gains complete observability through a single probe.
The use of Transport Layer Security (TLS) on all service-based interfaces further complicates data gathering, that’s why the industry is moving towards application-level tracing solutions where the SCP is the best candidate to provide such tracing.
Signaling metrics/KPI (Success Rates, Volume, Duration, Size, Latency and HTTP error codes etc.) are automatically collected from any NF and the SCP provides a consistent view of the network health by generating uniform metrics at any given time.
When centralizing operations to the SCP, the behavior is always consistent. Configuring the centralized SCP is easier than distributing and configuring all nodes. This dramatically reduces the potential for errors by eliminating per-NF configuration scripts and makes system-wide updates and upgrades much easier.
To conclude
Deploying a 5GC network is no easy task. With 5G, the core network architecture has evolved to a new Service Based Architecture, bringing some unprecedented benefits in terms of flexibility, agility, and scalability; but does not solve all the signaling related issues that service providers have already experienced with legacy networks. Past experiences indicate that signaling infrastructure is one of the most important and critical parts of any mobile network; and even though a 5GC may be deployed without an SCP, it is very likely that every operator will need one once large size deployments are reached.
Regardless of what 5GC network strategy an operator is following, deploying a signaling infrastructure right from the beginning allows the service provider to reap the benefits of superior performance, high network reliability, and business agility while reducing costs.
